Office 365 – Microsoft Graph – Part 2 – Granting permission to Azure Apps to use Microsoft Graph APIs using CSOM

Hi All,
In this article we will discuss detailed steps required to use Graph API using CSOM. We will start with one simple use case and explore in more details.
In last two articles
Office 365 – Microsoft Graph and Graph Explorer
Office 365 – Microsoft Graph beginning – Part 1
We discussed about Microsoft Graph, Introduction, REST APIs and SDKs provided by Microsoft Graph for M365 services.
We will start with Office 365 services from M365 suite.
Note – I am feeling blessed by looking response to last article. I got very positive response and got excited for writing next article and dig into more details 😊
Let’s begin the show, in this article and next couple of articles we will discuss one use case and use GRAPH APIs using CSOM to achieve the result. We will explore each and every step in detail.
Use Case: In one of our requirement, our customer want to list out all the Office 365 groups on weekly basis. So that admin can track newly created groups / deleted groups etc. This is very simple use case but will be very good to understand the while concept.
Approach:
- We will use GRAPH APIs CSOM SDK.
- We will write one simple console application using CSOM SDK which will fetch the Office 365 groups, and will write in one CSV file and email to admin. We will schedule this program weekly basis on any server.
- One more option here is rather writing console application we can write Azure web job as well.
Let’s discuss the steps in details.
- Choose development environment – Here in case we are using Visual Studio 2017 + CSOM SDK
- Register App in Azure AD
- Get APPID and generate Client Secret key
- Configure permission scope – Give the permission to above created Azure App to use Microsoft Graph APIs for fetching all Office 365 groups
- Install require packages using NuGet manager
- Get Azure Access Token – To call GRAPH APIs from CSOM, first important thing we require “Azure Access Token”
- Call the respective Graph API
In one of the previous article – “Office 365 – Azure Active Directory – Registering/Creating new Azure App – detailed steps” we already discussed step 2 and step 3 – Registering App in Azure AD.
In this article we will discuss how to give permissions to Azure App to use Graph APIs to access the Office 365 groups. Microsoft Graph allows granular permissions that control the access to our azure app to resources like Groups, Users etc. Here our resource is Groups. Our azure app requires permissions to read all groups.
Microsoft Graph has two types of permissions:
- Application Permissions
- These permissions are used by apps that run without signed-in user present
- Example: Apps those run as a background process or jobs
- Delegated Permissions – These permissions are used by apps that have a signed-in user present
Following are the steps:
Once we have “Azure App” created we need to give permission to app for Graph APIs as

Figure 1: Office 365 – Microsoft Graph – KnowledgeJunctionAzureApp created in last article
To give permission to our app in settings pane click on “Required permissions” as

Figure 2: Office 365 – Microsoft Graph – Giving permission to KnowledgeJunction app to use Microsoft Graph APIs to fetch Office 365 groups
Once we clicked on “Required permissions”, “Required permissions” pane will open as

Figure 3: Office 365 – Microsoft Graph – Giving permission to KnowledgeJunction app to use Microsoft Graph APIs to fetch Office 365 groups
Click on “+ Add” icon in “Required permissions” pane as shown in above figure 3, “Add API access” pane will open as shown in figure 4

Figure 4: Office 365 – Microsoft Graph – Select an API – “Microsoft Graph” to give permission
From “Add API access” pane click on “Select an API” as shown in above figure 4. “Select an API” pane will open, from this pane select “Microsoft Graph” API
Once we selected “Microsoft Graph”, we need to enable the access for Graph APIs as shown in below figure 5.
There is list of permissions here we need to select for reading all groups as selected in below figure 5.

Figure 5: Office 365 – Microsoft Graph – Select an API – “Microsoft Graph” to give permission for reading all groups

Figure 6: Office 365 – Microsoft Graph – Granting permissions to Microsoft Graph for reading all O365 groups
Once permissions are granted and got the successful message, we are done with the permissions as

Figure 7: Office 365 – Microsoft Graph – “Grant permissions” successful message
In next article, we will discuss in detail about step 5 and 6 – Install require packages using NuGet manager and Get Azure Access Token.
References:
- Office 365 – Azure Active Directory – Registering/Creating new Azure App – detailed steps
- Microsoft Graph permissions reference
Thanks for reading 🙂
Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more.
If you have any suggestion / feedback / doubt, you are most welcome. Stay tuned on Knowledge-Junction, will come up with more such articles
1 Response
[…] new Azure App – detailed stepsOffice 365 – Microsoft Graph beginning – Part 1Office 365 – Microsoft Graph – Part 2 – Granting permission to Azure Apps to use Microsoft Gra…Office 365 – Microsoft Graph – Part 3 – Azure Access Token: to call Graph APIs from CSOMOffice […]