What is the maximum duration for which data for a user will be available using Microsoft Graph API? Is this endpoint specific?
Related
Is there a way we can differentiate between a user mailbox and a shared mailbox using Microsoft graph API or EWS API?
I'm trying to help someone to ingest Office 365 Alerts with the Graph Security API. This requires SecurityEvents.ReadAll as minimum permission. The docs mention that the permission setting is done in the Microsoft Graph API Explorer (see e.g. this blog). However, the account admin insists on setting the permissions using Azure AD. The question is how that is actually done. Azure AD / Enterprise Applications / Graph Explorer apparently doesn’t list any permissions. Would anyone know how to achieve this?
Many thanks!
If you want to test Graph Security API in Microsoft Graph Explorer, your just need to set SecurityEvents.Read.All in Microsoft Graph Explorer.
If you want to call Graph Security API in your app, you should set SecurityEvents.Read.All in the app registered on Azure portal.
You could refer to Authentication and authorization basics for Microsoft Graph to learn more about how to handle the permissions and authorization to call Microsoft Graph API.
On a project, I'm using app-only tokens and Graph API to perform various operations on data in Office 365 (this is how the app is registered). When it comes to SharePoint, certain operations are not available through the Graph API but are available through SharePoint REST API.
My question is: is there a way to use Graph API tokens with SharePoint REST API?
The closest answer I could find is this:
To access the http:///site/_api/lists endpoint, Graph API token wont work.
Taken from here.
However, the answer is about a specific endpoint and is pretty old, so I wonder whether this is (still) true.
Update
Here's how I'm calling the various endpoints.
The token you are using to access the graph is in fact an azure active directory token. Lots of other APIs accept those in office 365.
The procedure is more or less the same expect instead of selecting the Microsoft graph API when requesting the scopes, you have to select the SharePoint API.
Also note that some actions (mostly the tenant related things) do require you to present a token generated with a client id + certificate and not client id +secret.
EDIT: if you are using AAD v2 endpoints the requested scope has to be https://tenantName.sharepoint.com/.default when requesting an access token for SharePoint REST API
I am having 404 issues trying to get an inbox of a user through microsoft graph. I think I might recall reading somehwere that Graph API can only access emails stored on 365. Is this the case?
There is currently a preview capability that allows you to access mailboxes, calendars and contacts for on premise data if your exchange infrastructure has configured in an hybrid mode. This takes a few pre-requisites on the infrastructure side and you can learn more about it here
We've implemented Authentication in a .Net Core 2.0 app using Microsoft Graph to authenticate against Azure AD.
That works fine and we were aiming to use Microsoft Graph for accessing Office 365 data.
Unfortunately, on deeper review, we've found that Tasks are currently unsupported via Microsoft Graph and must be instead accessed via the Outlook REST API.
Important: APIs under the /beta version in Microsoft Graph are in preview and are subject to change. Use of these APIs in production applications is not supported.
I tried passing the Bearer Token retrieved via Microsoft Graph in the Outlook REST API headers but I get back an invalid token error.
I'm hoping that I'm simply doing something wrong and this is a valid approach.
Since MS Graph is the "unified" replacement for the Outlook REST API and others, can a Microsoft Graph token be used to access the Outlook REST API?
Yes, this is correct behavior. Tokens are only valid for a particular "audience", which is indicated by the aud claim inside the token.
If you obtained a token for the Microsoft Graph API, then the aud parameter would be set to https://graph.microsoft.com. This doesn't match the Office 365 API endpoint (https://outlook.office.com or https://outlook.office365.com), so the token validation fails. You have two options here.
Use the tasks APIs in Graph even though they are in beta.
Make sure that you obtain a refresh token when you request your Graph token (by including the offline_access scope in your auth/token requests). Then use that refresh token to obtain a second token with the proper audience.
You can use the refresh token to request an Office 365 API-compatible token by qualifying your scopes in the refresh request. For example, if you requested a Graph token with Tasks.Read, you would qualify Tasks.Read in your refresh request as https://outlook.office.com/Tasks.Read.
Just want to share how you can exchange Graph RefreshToken to a Outlook AccessToken using postman. (You can do this in whatever code language you wish)
First lets show how you use a RefreshToken to get a new Graph AccessToken:
Then use the Graph RefreshToken to get the new Outlook AccessToken:
Hope this might help some other people :)