We have a web application that uses the Microsoft Graph API and Outlook REST API. We implemented a code authorization flow. This means that its our web server that handles requests to Microsoft Graph and Office 365 APIs.
We are based in Europe (hosted within Azure). Now we would like to replicate our infrastructure overseas to serve a better end-user experience.
What would be the possible strategies regarding these MS APIs.
Is there a geographical affinity mechanism? Is it based on the geo localization of the requesting app (us) or the localization of the tenant (we have users everywhere)? Staying within Azure Data centers will provide better performance? What would be Microsoft recommendations?
I asked about this, and the answer was that yes, there is an affinity system based on the location of your app. It should hit the instance of Graph or Outlook that's closest to you.
Regarding running in Azure, we are continuously optimizing latencies for Microsoft-owned Azure-based apps & services to access the Graph and Outlook APIs. This work would accrue to all apps and services running in Azure.
Related
We have a working outlook app using version 1_1 on O365. We are testing this with an exchange on prem only setup but with azure AD hybrid. The graph API functions we need work within this environment thanks to testing on graph api exporer.
When we push the manifest to exchange either via the exchange admin portal or via powershell we receive an error relating to webapplicationinfo being invalid. We have this within versionoverride 1.1 and that within versionoverride 1.0
If I remove the webapplicationinfo section which includes the scope, this will import ok, but when the app performs the function to get the auth token it fails, for which I am sure because the scope wasnt authorised.
No where i can find that says on prem is not supported. I find a lot of reference to 2016 CU3 but nothing specific to on prem. Can someone assist?
Exchange 2016 Cumulative Update 3 (CU3), released in September 2016 for Exchange on-premises servers, adds support for REST API integration with Microsoft 365. If your app uses v1.0 of the Mail, Calendar, or Contacts API, you will now also find a seamless authentication and application experience in hybrid deployments, regardless of whether the mailbox is on-premises or in the cloud, provided that the deployment meets specific requirements.
See Use REST APIs to access mailboxes in Exchange hybrid deployments (preview) for more information.
I'm trying to help someone to ingest Office 365 Alerts with the Graph Security API. This requires SecurityEvents.ReadAll as minimum permission. The docs mention that the permission setting is done in the Microsoft Graph API Explorer (see e.g. this blog). However, the account admin insists on setting the permissions using Azure AD. The question is how that is actually done. Azure AD / Enterprise Applications / Graph Explorer apparently doesn’t list any permissions. Would anyone know how to achieve this?
Many thanks!
If you want to test Graph Security API in Microsoft Graph Explorer, your just need to set SecurityEvents.Read.All in Microsoft Graph Explorer.
If you want to call Graph Security API in your app, you should set SecurityEvents.Read.All in the app registered on Azure portal.
You could refer to Authentication and authorization basics for Microsoft Graph to learn more about how to handle the permissions and authorization to call Microsoft Graph API.
I am having 404 issues trying to get an inbox of a user through microsoft graph. I think I might recall reading somehwere that Graph API can only access emails stored on 365. Is this the case?
There is currently a preview capability that allows you to access mailboxes, calendars and contacts for on premise data if your exchange infrastructure has configured in an hybrid mode. This takes a few pre-requisites on the infrastructure side and you can learn more about it here
This question already has an answer here:
Does "Outlook Mail REST API" include access to corporate MS exchange server email?
(1 answer)
Closed 5 years ago.
Can the MicrosoftGraph API, specifically the WebHooks, be used for accounts on an enterprise / on-premise Exchange server as opposed to Office 365.
All the documentation I have seen for setting up the app required for OAuth authentication use Azure.
There is a "hybrid deployment" model currently in preview that allows you to traverse both on-prem and online mailboxes using Microsoft Graph. You can read about the infrastructure requirements at On-Premises Architectural Requirements for the REST API.
One note on authentication, Microsoft Graph uses OAUTH tokens to handle authentication. These tokens are issued by Azure AD but this does not mean that your entire infrastructure needs to be hosted on Azure, only that your AD be synced with an Azure AD instance using Azure AD Connect. Depending on the size of the organization you may even be able to use the Free trier of Azure AD. I highly recommend taking a look into this configuration as Azure AD is quickly becoming an assumed prerequisite for new APIs and services.
We are developing an Android Application using MS Graph API to access Exchange Online Calendar info.
I know several enterprises are strict about how the exchange data is shared and may restrict access for our app using MDM or other exchange controls.
I need to understand what changes IT Administrators could do to block access to an app that uses MS Graph and OAuth2? I need this info so that we can test our setup and be better prepared for it.
Thanks