Introduction
MSFT Graph API is the unified programmability model developed by MSFT that can be used to build apps that interact with the data of millions of users. It implements many of the OData query parameters. This graph API is program independent, which means this service can be consumed in applications programmed in any language (C#, Java, PHP, JavaScript, etc..). You can also sign up for a developer tenant from MSFT if you do not have access to a tenant to configure the Azure AD app. Please go to the references section for signing up for developer tenant.
To start working with graph API, I am dividing the article into 2 series.
- Creating Azure AD application and configuring with right API permissions (this article)
- Consuming the Graph API from a console application using .net core
The Graph API can be used to get the data from the tenant, such as user's data, user's contacts, users' groups, Tenant data such as O365 groups, O365 sites, etc. to consume that data in your applications.
Creating Azure AD application and configuring with right permission role
For this article, I have taken developer tenant and performed the below steps. The same steps can be done in PROD tenant. This requires Global Admin rights to create an application and configure it with the right permissions.
Step 1
Log in to the Azure AD portal at https://portal.azure.com with global admin rights.
Step 2
Click on ‘Azure AD’
Step 3
Under manage look for ‘App Registration’.
Step 4
Click on ‘New Registration’
Step 5
Name your application as ‘graph console app’ and select the account types as ‘Accounts in this organization directory only. Leave rest all default and click on ‘Register’
Step 6
After the application is created, go to ‘Graph Console App’ and click on ‘Certificates & secrets’ under ‘Manage’. Click on ‘New client secret’ under the ‘Client secrets’ section.
Step 7
Enter the description as ‘graphconsoleappsecret’ and you can leave the default option as ‘Recommended: 6 months’. Click on ‘Add’. Please note that the secret expires and the graph application will get 401 unauthorized error. Follow your organization's recommendation.
Step 8
You will have the value populated and make sure to copy it by clicking on the little copy symbol. Please note that once you go outside and come back to this application, the secret value gets hidden. so make sure to copy a safe place.
At the end of this section, you should have the following values. These values are needed in the .net console app to consume the Graph API services.
- Tenant ID: This can be found from the home page of the azure portal or from the application overview
- Application ID: can be found from the application
- App Secret: got from the client secrets section after the secret is created.
Step 9
Configure API Permissions and click on ‘Add a permission’ and select ‘Microsoft Graph’
Step 10
In the ‘Request API Permissions’ select ‘Application permissions’.
Step 11
In the select permissions look for ‘User.R’ and click enter. Select under user ‘User.Read.All’
Step 12
Grant Admin Consent. After configuring permission, it requires admin consent. you should be seeing a warning yellow symbol, ‘Not granted for Contoso’ (this is your company name. in this case I was referring to Contoso).
Once clicked on Grant admin consent, you should be getting a pop-up, do you want to grant consent for the requested permissions for all the accounts in your tenant? select ‘Yes. you should be getting a ‘Grant Consent’ successful message.
Step 13
Validate that now for the Azure AD application ‘Graph console app’ that is created you should see the API configured permissions Users.Read.All and the admin consent status is set as ‘Green check mark’.
These steps confirm the Azure AD application is successfully created and the right API permissions or configured.
Conclusion
Thus in this article, we have seen how to create an Azure AD app and configure the API permissions for the App. In the next article, we will see how can we get the data in your console applications using the Graph API.
References
- https://developer.microsoft.com/en-us/microsoft-365/dev-program
- https://docs.microsoft.com/en-us/graph/use-the-api