Graph Query to get B2B user using User Principal Name (UPN)

If you are using Microsoft Graph API Query to fetch B2B user using UPN, and experiencing below shown error: Query: https://graph.microsoft.com/v1.0/users/example_gmail.com#EXT#@example.onmicrosoft.com Response: Well, here is the fix: You will need to encode the URL request. Reason, you are experiencing the error is because, ‘#‘ sign is treated as a special character in the URL. So ‘#‘ must be URL-encoded otherwise everything after it will be treated as a fragment and…

Read More

Using filter query on mail-related attributes in Microsoft Graph

The user object has email addresses stored in a couple of properties: the mail and otherMails properties. Both of these properties can be used to search for certain users having the desired email addresses. Here is an example of how to use the filter query to search for user using mail property: beta endpoint: GET https://graph.microsoft.com/beta/users?$filter=mail eq ‘john@contoso.com’ v1.0 endpoint: GET https://graph.microsoft.com/v1.0/users?$filter=mail eq ‘john@contoso.com’ Unlike the mail attribute (string-type property),…

Read More

Segment Users in Azure AD

If you have been using Microsoft Graph API to add or modify users in Azure Active Directory (Azure AD) you may have noticed that when you create a new user it lives with all the other users, some of which may have nothing to do with your application. Ideally, you may want a sub-directory or business unit of sorts. Fortunately, there are ways to segment these users in a more…

Read More

Setup POSTMAN to get Azure access tokens automatically for you

Introduction Postman is an HTTP request tool that is very handy for developing and testing your Azure requests. This is the Postman website: https://learning.getpostman.com/ Postman does make it easy to setup authentication and acquire access tokens but it normally is a multi-step process. The purpose of this blog post is to show you how you can setup Postman to automatically handle authentication for you so you don’t have to go…

Read More

Azure Active Directory reporting API with MS Graph

Introduction As documented here, the Microsoft Graph Reporting API can be used to get the audit logs (https://graph.microsoft.com/beta/auditLogs/directoryAudits) and the sign-ins reports (https://graph.microsoft.com/beta/auditLogs/signIns). The old reports endpoint using Azure AD Graph is now deprecated and attempting to use that legacy end point to get the auditEvents can result in the following error: GET https://graph.windows.net/<tenant>.onmicrosoft.com/reports/auditEvents?api-version=beta {   “error”:{     “code”:”Deprecated_ActivityReports”,”message”:”This API is deprecated as part of old azure classic portal, please…

Read More

Certain User Attributes may not show up in Graph Query

The Problem Azure AD Connect Sync Tool is often used to sync on prem Active Directory users and their attributes to Azure Active Directory. To query for these user and other directory objects, the Graph REST endpoint (Azure AD Graph or Microsoft Graph) can be used. An example Microsoft Graph query to get a User is the following: https://graph.microsoft.com/beta/users/john@contoso.com In certain scenario, some attributes, whether they are synced as Directory…

Read More

Microsoft Graph Explorer – How come I only see one user in my directory?

Problem: Customer uses the Microsoft Graph Explorer tool and clicks the “Sign in with Microsoft” button to log in. After logging in, he tries the following query to get all the users in his directory. There is only one user returned. Expected result is that there should be a lot more than one user in this directory being returned by MS Graph. Resolution: This is because the customer logs in…

Read More

How to add an owner to an Azure AD Application

Introduction: This post will go over a three different ways to add owner to Azure AD Application using Azure Powershell, Azure AD Graph, and Microsoft Graph endpoint.  The Microsoft Graph documentation on this may not be clear to point out that an Application owner can be either a User object or a Service Principal object. Various technique to add Application Owner: Azure AD Powershell: Use the Azure AD Powershell command…

Read More

How to Use the .Net Microsoft Graph SDK to Get Users and Get Next Page of Results

Introduction This post will explain how to use the .Net Microsoft Graph SDK in order to get users. This article is assuming that you have already gotten an Access Token using ADAL .NET. In order to learn more on how to get the Adal .NET token, please reference : How to Use the ADAL .NET library to Acquire a Token Interactively in a Console Application (Authorization Code Flow) Link Warning…

Read More

Unable to Modify User Email, Phone Number, Password or Other Personal Information for Azure Active Directory Users

Introduction This post is in regards to the issues in regards to users having issues modifying Azure Active Directory User attributes such as mail, phone number, resetting passwords, or other personal attributes in user accounts. This will review the reason behind these changes and how to resolve the issue. For many users this was something that was working before and only recently stopped working properly.   Reason Behind Change There…

Read More