My customer needs to connect their users and groups within Office 365 & Azure AD to Power BI, so they can show a report of the amount of users with certain licenties, the amount of RDS users and what type mailbox the users are using.
The whole proces needs to go automatically, so when PowerBI is opened the data is already ready for them and up to date.
My solution was the following:
Source,Office 365 & Azure AD), send the data to an API(Microsoft Graph)
Microsoft Graph exposes a webendpoint which another application can get the data from, IF they provide the correct OAuth2 bearer token-.
Access the webendpoint with Power BI and get the data when Power BI get's opened.
PROBLEM
I don't know how to refresh an OAuth2 token in Power BI, can someone help me?
Connecting to Microsoft Graph REST APIs from Power Query isn't recommended or supported.
Read more here: https://learn.microsoft.com/en-us/power-query/connecting-to-graph
Related
I am trying to collate information corresponding to Microsoft 365 Apps Usage of our employees as shown in some reports on Admin Portal(admin.microsoft.com). We are facing some challenges in getting report data corresponding to these in our code.
I need following information for integration in our web application:
Do we have any Graph API or PowerShell cmdlet(not deprecated) exposed which can be integrated in our code to get Microsoft Apps Usage Data(like ProPlusUsageUserDetail excel data downloaded from admin portal)?
Can we get Version Details of Microsoft 365 Apps and Services being used by users?
We have already used graph api GetOffice365ActiveUserDetail (adding link below for reference) which give usage for only Microsoft Services and not Apps:
https://learn.microsoft.com/en-us/graph/api/reportroot-getoffice365activeuserdetail?view=graph-rest-1.0
We need same kind of information for Microsoft 365 Apps (Word, Excel, PowerPoint etc.)as well .
You can try portal.office.com and check the reports to see if you have related report is available apart from that, at this point i am not aware such information you can request from Microsoft Graph APIs. Consider raising a feature request in User voice, so that Microsoft can consider it. Here's the link for it https://microsoftgraph.uservoice.com/forums/920506-microsoft-graph-feature-requests?query=report
I'm building a Logic App to list all users from MS Graph.
I can get the list of all users by calling MS Graph API using OAuth authentication in my Logic App but I'm struggling to apply a filter in my custom request in MS Graph.
i.e. I have below structure in my OnPremiseAD:
OU=Site1,OU=Users,OU=TEST,DC=xyz,DC=com
OU=Site2,OU=Users,OU=TEST,DC=xyz,DC=com
OU=Site3,OU=Users,OU=TEST,DC=xyz,DC=com
OU=Site4,OU=Users,OU=TEST,DC=xyz,DC=com
...and I want to list users from OU=Site4 only.
Can someone please help?
https://graph.microsoft.com/beta/users?$filter...???
Based on Custom OU considerations and limitations:
User accounts, groups, service accounts, and computer objects that
you create under custom OUs aren't available in your Azure AD tenant.
These objects don't show up using the Microsoft Graph API or in the
Azure AD UI; they're only available in your managed domain.
So I'm afraid that it's not supported to list the users under an OU via Microsoft Graph API.
See a similar post here.
I am building an Excel Web Addin. I'll need to authenticate the user against Office 365 and publish the addin to AppSource / Office Store. What is the ideal authentication method to use?
I found tutorials for SSO authentication, but then I read on https://learn.microsoft.com/en-us/office/dev/add-ins/develop/sso-in-office-add-ins : "The Single Sign-on API is currently supported in preview only. It is available to developers for experimentation; but it should not be used in a production add-in. In addition, add-ins that use SSO are not accepted in AppSource."
Does this mean SSO applications will still not be accepted to the Store? What authentication flow should I use then? I only need the user to sign in a access my Web API via this identity. If possible, the user shouldn't need to reenter their credentials. Is there a code sample I could follow to get this done?
AppSource is not accepting add-ins that use the preview SSO system at this time.
To authenticate a user with a Microsoft Account or a Work or School (Office 365) account without SSO, the user will need to sign in again even if she or he is already logged into Office. Without the SSO system, the add-in has no way of knowing who is logged into Office, just as an web app open in a browser wouldn't know if Office is running on the machine or who is logged into it.
(Your choice of flow might be affected by whether you have a single page app (SPA) or a server-generated UI. Since you mentioned you have a Web API, I'll assume this is not a SPA.)
I don't know of any sample Office Add-ins that only authenticate the user; but there are a couple that log in the user and then use the Auth Code Flow to get an access token to Microsoft Graph.
PowerPoint Add-in Microsoft Graph ASPNET InsertChart. The Office app is PowerPoint, but the auth-related code would be the same for Excel.
Office Add-in Microsoft Graph ASPNET. This is nearly the same, but has Excel as the Office app. It's not polished. (See the Known Issues in the readme.)
But please keep in mind that an Office add-in is just a web app and -- with one exception -- authorizing a user is the same in an add-in as it would be in any other web app. So, you should be able to use the samples in Azure AD Quickstarts.
The one exception is that you have to open the AAD sign-in page in a special dialog window that is invoked with the Office.js displayDialogAsync API. The 2 samples I linked to above do this. You can get detailed guidance about using the Dialog for auth in the article Dialog API in Office Add-ins.
BTW, Microsoft is in the process of improving its documentation and samples for non-SSO auth. We hope to get these improvements published over the next few weeks.
As an exchange admin, I want to audit Graph API calls
Under Office 365 Security and Compliance section, Audit Log Search, I can find audit logs for other components such as Power BI but nothing for Graph.
I tried using Exchange Mailbox Activities but I don't see any audit logs when I access/update meeting items using Graph API.
Is there a way I can audit these calls?
To monitor the MSGraph app activities, you should check for 'Add OAuth2 Permission Grant' activity under Azure AD workload. But O365 Security & Compliance portal doesn't show the activities performed by Azure AD workload.
As a workaround, you shall use the Search-UnifiedAuditLog cmdlet.
sample code snippet for getting last month data
Search-UnifiedAuditLog -StartDate 4/23/2019 -EndDate 5/23/2019 -Operations "AddOAuth2PermissionGrant"
If you would like to explore the activities using a GUI interface then you shall try the Office 365 auditing reports available in AdminDroid Office 365 Reporter.
I'm trying to determine the user's time zone in the BOT that I created. This Bot can be user worldwide and the only way for me to determine the user's timezone is to determine his country (because the channel that i user is skype and there isn't any information about the user's TZ unlike other channel's).
So is there a way to determine the client's country code in azure AD ?
Assuming you are having your users login to your bot with AAD, you could use the same token to access the user's profile via the Microsoft Graph API. The profile will give the users office location which you could then map to for a possible location. It won't account for a user who might be traveling but, it's an option.
You can read the Microsoft Graph docs to learn more and experiment using the Graph Explorer.
As I don't know which SDK or version you are using, if you visit the BotBuilder repo you can find links to samples on how to build a bot that uses OAuth and makes calls to Microsoft Graph.