Office 365 Admin : Audit MSGraph requests in Office365 Security & Compliance - microsoft-graph-api

As an exchange admin, I want to audit Graph API calls
Under Office 365 Security and Compliance section, Audit Log Search, I can find audit logs for other components such as Power BI but nothing for Graph.
I tried using Exchange Mailbox Activities but I don't see any audit logs when I access/update meeting items using Graph API.
Is there a way I can audit these calls?

To monitor the MSGraph app activities, you should check for 'Add OAuth2 Permission Grant' activity under Azure AD workload. But O365 Security & Compliance portal doesn't show the activities performed by Azure AD workload. 
As a workaround, you shall use the Search-UnifiedAuditLog cmdlet.
sample code snippet for getting last month data
Search-UnifiedAuditLog -StartDate 4/23/2019 -EndDate 5/23/2019 -Operations "AddOAuth2PermissionGrant"
If you would like to explore the activities using a GUI interface then you shall try the Office 365 auditing reports available in AdminDroid Office 365 Reporter.

Related

MS Teams - Allow attendees report using Graph API for the online meetings

Is there any way to allow the attendees to report using Graph API for the online meetings?
as nothing clear from Microsoft documentation here about the property needs to be sent in the request body.
I was able to enable it manually from the MS Team App in the meeting settings, but not able to do it using the Graph API.
As an admin, you control whether meeting organizers can download meeting attendance reports by setting a Teams meeting policy. By default, the ability to download the report is turned on.
Microsoft Graph API currently doesn't provide any way to allow attendees to report using Graph API for online meetings.

Connecting PowerBI to Microsoft Graph or Azure AD

My customer needs to connect their users and groups within Office 365 & Azure AD to Power BI, so they can show a report of the amount of users with certain licenties, the amount of RDS users and what type mailbox the users are using.
The whole proces needs to go automatically, so when PowerBI is opened the data is already ready for them and up to date.
My solution was the following:
Source,Office 365 & Azure AD), send the data to an API(Microsoft Graph)
Microsoft Graph exposes a webendpoint which another application can get the data from, IF they provide the correct OAuth2 bearer token-.
Access the webendpoint with Power BI and get the data when Power BI get's opened.
PROBLEM
I don't know how to refresh an OAuth2 token in Power BI, can someone help me?
Connecting to Microsoft Graph REST APIs from Power Query isn't recommended or supported.
Read more here: https://learn.microsoft.com/en-us/power-query/connecting-to-graph

Microsoft Office 365 Apps Usage

I am trying to collate information corresponding to Microsoft 365 Apps Usage of our employees as shown in some reports on Admin Portal(admin.microsoft.com). We are facing some challenges in getting report data corresponding to these in our code.
I need following information for integration in our web application:
Do we have any Graph API or PowerShell cmdlet(not deprecated) exposed which can be integrated in our code to get Microsoft Apps Usage Data(like ProPlusUsageUserDetail excel data downloaded from admin portal)?
Can we get Version Details of Microsoft 365 Apps and Services being used by users?
We have already used graph api GetOffice365ActiveUserDetail (adding link below for reference) which give usage for only Microsoft Services and not Apps:
https://learn.microsoft.com/en-us/graph/api/reportroot-getoffice365activeuserdetail?view=graph-rest-1.0
We need same kind of information for Microsoft 365 Apps (Word, Excel, PowerPoint etc.)as well .
You can try portal.office.com and check the reports to see if you have related report is available apart from that, at this point i am not aware such information you can request from Microsoft Graph APIs. Consider raising a feature request in User voice, so that Microsoft can consider it. Here's the link for it https://microsoftgraph.uservoice.com/forums/920506-microsoft-graph-feature-requests?query=report

Is there clear instruction on migrating to office graph from EWS Impersonation?

My company currently offer an Exchange Calendar integration to our customer by using EWS. Each customer's IT department will create an Admin Account that has the Impersonation right and provide it to us by entering into the UI tool. When we update the calendar event of their employee's calendar, we use that account login to Impersonate the employee.
With the deprecation of Basic Auth access for EWS in October 13th, 2020. https://developer.microsoft.com/en-us/graph/blogs/upcoming-changes-to-exchange-web-services-ews-api-for-office-365/
I can't get a clear answer on how we can migrate.
In general, do we register as an App (daemon), then each client company need to grant permission to us? How do we connect to their Exchange server? With what?
My company also has similar kind of app - booking using Outlook calender. We are currently working on a migration for our Office 365 customers.
The change in EWS is for Office 365/Exchange Online only.
If you are serving Exchange Online customers you can continue to use EWS for a while, but you will need to migrate from Basic Auth to OAuth. You can find a good description on how to implement OAuth with EWS here
To become "future-proof" you should also migrate from EWS to Microsoft Graph.

Office 365 Outlook Calendar : How to access multiple user's calendar in a single ASP.NET MVC application?

We are trying to implement a calendar portal (C# ASP.NET MVC) where one admin can see multiple outlook(or office 365) users calendar and see who is available. So multiple accounts should be accessed from one ASP.NET MVC application.
First question : Is it even possible? (may be because I had already seen post on stackoverflow : EWS - Access All Shared Calendars )
Second question : What would be the right approach?
Third question : Is there any project available from Microsoft or article? (I could find any good one)
I have had gone through Using Azure Multi-Tenant application without an Office 365 subscription to access users calendar information and https://www.youtube.com/watch?v=0kvDyl5HShA.
I have had also get connected with a single user's account via OAuth2. It was successful.
Currently, we have this subscription. If any more information required then please comment. Then I will add more description as per necessary.
Thank you.
You could try to build Daemon or Service Apps using client credential grant flow as described in this blog, the service app that requires admin consent, but is authorized to access any user's mailbox/calendar information in your Office 365 tenant. You could click here for sample web app that uses client credential flow to access Users, Mail, Calendar, Contacts in Office 365 via Rest APIs .
This link you provided needs to associate your Office 365 account with Azure AD to create and manage apps .If you can have an existing Microsoft Azure subscription, you can associate your Office 365 for business subscription with it. .Otherwise, you'll need to create a new Azure subscription and associate it with your Office 365 account in order to register and manage apps. For more details ,please read how to set up your Office 365 development environment.

Resources