I'd like to administer different tenants remotely using the Connect-MicrosoftTeams -AccessTokens option. From what I read, one needs to retrieve the token for the tenant through Microsoft Graph. What I do not understand is how and which permission to request.
Is there anyone who has done this and could point me to some documentation or maybe provide an example request? Thanks!
Use Graph Explorer to determine what are the APIs you want to use. On the “Modify Permissions (Preview)” Tab you will be able to see what kind of permissions are needed for that particular API.
https://developer.microsoft.com/en-us/graph/graph-explorer
See Microsoft Graph permissions reference, Authentication and authorization basics for Microsoft Graph, Authorization and the Microsoft Graph Security API
Related
I'm using Microsoft Graph API to upload large files to sharepoint using createUploadSession endpoint.
Is there a way to give read permissions in upload process to a specific user or I have to use other endpoint for this?
Yes it is possible to manage and change permissions of SharePoint online using Microsoft Graph API EndPoints: link
Permissions are managed separately through MS Graph End Points designated for permissions: link
Another stackover article on the same with slight different issue: link
Microsoft Graph API has support to retrieve mail rules for individual mail boxes. Is there any API to get the list of rules configured by Admin for the organization?
https://graph.microsoft.com/v1.0/users/user-id/mailFolders/inbox/messagerules
Not that i am aware of using Microsoft Graph API. At this point Graph API supports only individual mailboxes. The closest one i can see is that you can application permission to query other mailboxes as well. But it won't tell or get you the list of rules configured by admin for the organization. Being said that you can consider filing an uservoice so that it can be considered to be implemented. As an alternate you can use from Exchange PowerShell (something like Get-Trasportrule).
I'm trying to access to O365 (Security & Compliance) eDiscovery with Microsoft Graph API ?.. as far as microsoft flow does not allow it either.. any idea how to execute search contents or use Data subject requests with API ?
thank you
Unfortunately we do not have this capability available on Microsoft Graph. Please vote on this feature request on https://microsoftgraph.uservoice.com/ . I don't believe anyone has requested this yet so may need to create not vote up.
I am currently using the old Outlook office REST API v2 to access outlook.com mail of users via oauth (as opposed to microsoft graph, due to a lack of certain desired features)
For authentication scopes, it needs values like
https://outlook.office.com/mail.readwrite
https://outlook.office.com/mail.readwrite.shared
vs microsoft graph's
Mail.ReadWrite
Mail.ReadWrite.Shared
Unfortunately, the documentation that supposedly provides a comprehensive list of supported scopes https://dev.outlook.com/restapi/getstarted has had its links changed to point to microsoft graph's documentation (which doesnt really help at all)
THE FOLLOWING IS FROM THE ABOVE LINK, AND REDIRECTS TO THE BELOW LINK
scope: a space-delimited list of access scopes that your app requires. For a full list of Outlook scopes, see Authenticate Office APIs using the "v2.0" endpoints [https://developer.microsoft.com/en-us/graph/docs/authorization/auth_overview]
I'm not aware of a global list of Outlook scopes but they should be documented along side each REST method under the Minimum Requires Scopes.
The reading I'm doing here seems to indicate that Microsoft Graph is for exposing Office 365 as an API.
The same link indicates its Office 365 and Azure AD. But you have to have an O365 account to interact with the graph.
That eliminates the use case of people who use only Azure AD, say for authentication and authorization in SaaS apps.
So, I've been asking about using Micrsoft Graph vs using Azure AD. Is it that as long as I'm not interested in the 0365 side of things that I should stick to the AD graph?
Update: Here's a blog from Microsoft on the matter. They said, "We strongly recommend that developers start using Microsoft Graph over Azure AD Graph, unless specific gaps prevent you from using Microsoft Graph right now."
Even if all you want to use are directory features, I would encourage you strongly to use Microsoft Graph. We are adding new directory features to Microsoft Graph that may not show up in AAD Graph and we are busy working to make sure that Microsoft Graph provides all the directory features that AAD Graph provides (and more).
You don't have to have an O365 subscription to use Microsoft Graph (just an AAD tenant) - it's just that Microsoft Graph exposes a lot of rich data that comes from Office 365, including calculated insights.
Please let me know if you are having any challenges with this.
Hope this helps,