Systems Management
How to Start with Microsoft Graph
Topics: Systems Management
Microsoft Graph is more or less the engine for most Microsoft products. Everything that you can do in the UI you can also do with Graph. Gaining expertise in Microsoft Graph is a valuable skill, as it helps you automate tasks in your company or build custom solutions on top of Microsoft services. This post will show you how to start with Microsoft Graph.
What is Microsoft Graph?
Microsoft Graph is a powerful API that connects various services and features across the Microsoft ecosystem. It acts as a gateway, allowing developers to access and interact with data that flows through Microsoft products such as Microsoft 365, Intune Entra, and many more.
Key Features of Microsoft Graph
- Unified API Endpoint: Microsoft Graph consolidates APIs from different Microsoft cloud services into a single endpoint, making it easier for developers to access data with one unified interface instead of dealing with multiple APIs.
- Access to Data: It provides access to a wealth of information including user data (like emails, contacts, calendar events), organizational data (like the organizational structure, employee profiles), and device data (like security updates, device configuration profiles).
- Real-Time Changes: Microsoft Graph supports real-time notifications via webhooks. It allows applications to be notified when data changes, enabling more dynamic and responsive apps.
- Cross-Platform: Being RESTful, it can be used across various platforms and programming languages which support HTTP requests.
- Permissions and Security: It uses OAuth 2.0 for authorization, ensuring that applications request specific permissions in line with the data they need access to, thereby adhering to security best practices.
Developers can use Microsoft Graph to build apps and scripts that leverage data and functionalities from various services to automate tasks, gain new insights, build reports, and more.
How to Start with Microsoft Graph API Calls
A call has four components. First is the base URL, which is always https://graph.microsoft.com.
After this, there is the API version: the v1 API or the beta API. The beta often contains more information, but the structure can change later, whereas v1 is more stable with no major structural changes.
After this the endpoint follows like deviceManagement/auditEvents. This is the endpoint which keeps the data or the action. Lastly, we also have the query-parameters. You can use them to only get the top results or to filter/extend the results.
{BASE_URL}/{VERSION}/{ENDPOINT}?{QUERY_PARAMETERS}
How to Test Microsoft Graph API Calls
The best way when you want to craft commands and run them to test is to use the Microsoft Graph explorer. You can find them under the following link:
Graph Explorer | Try Microsoft Graph APIs
This is an easy way to test the calls and check the results.
How to Find the Correct Microsoft Graph API Call
Now we know how to test the call, but how can we find the correct endpoint. This is thankfully quite easy. As described above, most portals use the Graph API in the background. We can use this to our advantage.
There are two common ways. The first method is to use your browser’s network monitor to display the data in the portal you need or to run the action you’re searching for. In the Network monitor you can then Graph the call and the body (if it is a post).
The second way is to use the GraphXRay browser extension from Eunice, Dhruv, Clement, Monica & @merill. You do the same as done for the network monitor, but the extension directly generates code for you. This is very powerful.
How to Start with MS Graph in PowerShell
To run a call in PowerShell, you have two primary ways. Here, I will describe the recommended way.
Ultimately, you need two components. One is the authentication component. For this you can use the Graph SDK. To install this SDK, you have to run:
Install-Module Microsoft.Graph -Scope CurrentUser
Or
Install-Module Microsoft.Graph.Beta -Scope CurrentUser
To authenticate locally using your user with delegated access, you can run:
Connect-MgGraph -Scopes "User.Read.All", "Group.ReadWrite.All"
Once you deploy the code to an app service or Azure function, I recommend using managed identity auth. This must be activated on the service, and then you can authenticate using this command:
Connect-MgGraph -Identity
Next, check the authentication topic. How should we run a command? I recommend using the SDK here also. There is a way to use the predefined command from the SDK, but I would not recommend this way. Why? It is not consistent and very confusing due to the automatically generated code.
One example:
Get-MgDeviceManagementDeviceCompliancePolicyScheduledActionForRuleScheduledActionConfiguration
Here I will run ‘Invoke-MgGraphRequest’:
Invoke-MgGraphRequest -Method GET https://graph.microsoft.com/v1.0/me
To demonstrate with a very small script:
Connect-MgGraph -Scopes "User.Read.All", "Group.ReadWrite.All"
Invoke-MgGraphRequest -Method GET https://graph.microsoft.com/v1.0/me
Conclusion: The Power of Microsoft Graph
Microsoft Graph is a versatile tool that enables you to automate tasks, gather insights, and develop custom solutions within the Microsoft ecosystem. By learning and utilizing its API calls and integrating them into your workflows, you can significantly enhance your company’s efficiency and responsiveness. Whether you are testing calls with the Graph Explorer or implementing them in PowerShell, the knowledge of Microsoft Graph opens up endless possibilities for IT professionals.