Office 365 – Microsoft Graph – Part 2 – Granting permission to Azure Apps to use Microsoft Graph APIs using CSOM

Office 365 - Microsoft Graph – Select an API - “Microsoft Graph” to give permission for reading all groups
Office 365 - Microsoft Graph – Select an API - “Microsoft Graph” to give permission for reading all groups

Hi All,

In this article we will discuss detailed steps required to use Graph API using CSOM. We will start with one simple use case and explore in more details.

In last two articles

Office 365 – Microsoft Graph and Graph Explorer

Office 365 – Microsoft Graph beginning – Part 1

We discussed about Microsoft Graph, Introduction, REST APIs and SDKs provided by Microsoft Graph for M365 services.

We will start with Office 365 services from M365 suite.

Note – I am feeling blessed by looking response to last article. I got very positive response and got excited for writing next article and dig into more details 😊

Let’s begin the show, in this article and next couple of articles we will discuss one use case and use GRAPH APIs using CSOM to achieve the result. We will explore each and every step in detail.

Use Case: In one of our requirement, our customer want to list out all the Office 365 groups on weekly basis. So that admin can track newly created groups / deleted groups etc. This is very simple use case but will be very good to understand the while concept.

Approach:

  1. We will use GRAPH APIs CSOM SDK.
  2. We will write one simple console application using CSOM SDK which will fetch the Office 365 groups, and will write in one CSV file and email to admin. We will schedule this program weekly basis on any server.
  3. One more option here is rather writing console application we can write Azure web job as well.

Let’s discuss the steps in details.   

  1. Choose development environment – Here in case we are using Visual Studio 2017 + CSOM SDK
  2. Register App in Azure AD
  3. Get APPID and generate Client Secret key
  4. Configure permission scope – Give the permission to above created Azure App to use Microsoft Graph APIs for fetching all Office 365 groups
  5. Install require packages using NuGet manager
  6. Get Azure Access Token – To call GRAPH APIs from CSOM, first important thing we require “Azure Access Token”
  7. Call the respective Graph API

In one of the previous article – “Office 365 – Azure Active Directory – Registering/Creating new Azure App – detailed steps” we already discussed step 2 and step 3 – Registering App in Azure AD.

In this article we will discuss how to give permissions to Azure App to use Graph APIs to access the Office 365 groups. Microsoft Graph allows granular permissions that control the access to our azure app to resources like Groups, Users etc. Here our resource is Groups. Our azure app requires permissions to read all groups.

Microsoft Graph has two types of permissions:

  1. Application Permissions
    • These permissions are used by apps that run without signed-in user present
    • Example: Apps those run as a background process or jobs
  2. Delegated Permissions – These permissions are used by apps that have a signed-in user present

Following are the steps:

Once we have “Azure App” created we need to give permission to app for Graph APIs as

Figure 1: Office 365 – Microsoft Graph – KnowledgeJunctionAzureApp created in last article

To give permission to our app in settings pane click on “Required permissions” as

Figure 2: Office 365 – Microsoft Graph – Giving permission to KnowledgeJunction app to use Microsoft Graph APIs to fetch Office 365 groups

Once we clicked on “Required permissions”, “Required permissions” pane will open as

Figure 3: Office 365 – Microsoft Graph – Giving permission to KnowledgeJunction app to use Microsoft Graph APIs to fetch Office 365 groups

Click on “+ Add” icon in “Required permissions” pane as shown in above figure 3, “Add API access” pane will open as shown in figure 4

Figure 4: Office 365 – Microsoft Graph – Select an API – “Microsoft Graph” to give permission

From “Add API access” pane click on “Select an API” as shown in above figure 4. “Select an API” pane will open, from this pane select “Microsoft Graph” API

Once we selected “Microsoft Graph”, we need to enable the access for Graph APIs as shown in below figure 5.

There is list of permissions here we need to select for reading all groups as selected in below figure 5.

Figure 5: Office 365 – Microsoft Graph – Select an API – “Microsoft Graph” to give permission for reading all groups

Figure 6: Office 365 – Microsoft Graph – Granting permissions to Microsoft Graph for reading all O365 groups

Once permissions are granted and got the successful message, we are done with the permissions as

Figure 7: Office 365 – Microsoft Graph – “Grant permissions” successful message

In next article, we will discuss in detail about step 5 and 6 – Install require packages using NuGet manager and Get Azure Access Token.

References:

  1. Office 365 – Azure Active Directory – Registering/Creating new Azure App – detailed steps
  2. Microsoft Graph permissions reference

Thanks for reading 🙂

Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more.

If you have any suggestion / feedback / doubt, you are most welcome. Stay tuned on Knowledge-Junction, will come up with more such articles

Prasham Sabadra

LIFE IS VERY BEAUTIFUL :) ENJOY THE WHOLE JOURNEY :) Founder of Knowledge Junction and live-beautiful-life.com, Author, Learner, Passionate Techie, avid reader. Certified Professional Workshop Facilitator / Public Speaker. Scrum Foundation Professional certificated. Motivational, Behavioral , Technical speaker. Speaks in various events including SharePoint Saturdays, Boot camps, Collages / Schools, local chapter. Can reach me for Microsoft 365, Azure, DevOps, SharePoint, Teams, Power Platform, JavaScript.

You may also like...

1 Response

  1. January 12, 2019

    […] new Azure App – detailed stepsOffice 365 – Microsoft Graph beginning – Part 1Office 365 – Microsoft Graph – Part 2 – Granting permission to Azure Apps to use Microsoft Gra…Office 365 – Microsoft Graph – Part 3 – Azure Access Token: to call Graph APIs from CSOMOffice […]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: