How to get and update Directory Schema Extension Attributes with the Microsoft Graph .Net SDK

Microsoft Graph Directory Schema Extensions are a convenient way to store additional data on certain objects such as users or groups. You can read about them here. This blog post is assuming you have already registered an extension and now you’re looking to be able to retrieve the extension and values for a user ( I will use a user object as an example ) or update the value using…

Read More

How to enable MSAL for Java (MSAL4J) logging in a Spring Boot application

In this blog, I’ll show how to enable MSAL4J logging using the logback framework in a spring boot web application. I’ll use our Azure AD B2C web sample here. The complete code for this blog is on github. Refer to the MSAL for Java logging documentation for more info. There are 3 main things you need to do for logging to work 1) Include the logback package in the pom.xml…

Read More

Use the Microsoft.Graph PowerShell SDK to get a list of Devices that do not have BitLocker Recovery Keys

As you may be aware, the AzureAD powershell module is being deprecated at the end of the year along with the AD Graph endpoint. As a result, all customers need to migrate their code to the Microsoft Graph endpoint. This blog post will show you how to use the Microsoft.Graph PowerShell module to get a list of devices that do not have a BitLocker Recovery key in Azure. This would…

Read More

Using AdditionalData property in Microsoft Graph SDK for .Net

The AAD Directory Object classes in Microsoft Graph SDK for .Net have a generic property called ‘AdditionalData’ that can be used to send and receive data in the json payload. In certain scenarios where the regular class members are not available in the SDK we can still set their values via AdditionalData property. An example of this is to create a group that has resourceBehaviorOptions attribute (array of strings) populated…

Read More

Python Scripts may be detected as web-crawler when making Microsoft Graph requests.

Sometimes, a python script that is making Microsoft Graph requests may be detected by the gateway as a web-crawler if you are using a pool manager and block the request. The error will look similar to this: {‘error’: {‘code’: ‘UnknownError’, ‘message’: ‘\r\n403 Forbidden\r\n\r\n 403 Forbidden \r\n Microsoft-Azure-Application-Gateway/v2 \r\n\r\n\r\n’, ‘innerError’: {‘date’: ‘{UTC Date/Time}’, ‘request-id’: ‘{guid}’, ‘client-request-id’: ‘{guid}’}}} To overcome this issue the easiest way is to use the MS Graph SDK…

Read More

Download the user signInActivity from the beta endpoint using Microsoft Graph Powershell module.

You can use the Microsoft Graph Powershell module to download last sign in date / time for users from the Beta endpoint ( the signInActivity is currently not available in v1.0 ) and save the list to a .csv file. You must have the Microsoft Graph powershell module installed. This document will help you get started. My powershell script:

Read More

Using Microsoft.Identity.Web to request multiple different Azure AD Access Tokens

There are times a web application may need to log in a user and call different backend Azure AD protected web APIs. The web application would need to obtain different Access Tokens, one for each web API. In this post I will attempt to demonstrate how this can be done using MIcrosoft.Identity.Web nuget package. This sample shows how to get tokens for Microsoft Graph resource and a custom web API…

Read More

Package Inspector for MSAL Android Native Guide

Package Inspector for MSAL Android Native Guide The Microsoft Authentication Library (MSAL) for Android Native contains a tool called Package Inspector. This tool presents a list of packages installed on an Android device and allows the user to view, copy, and paste the signature hash used to sign the application’s package. It can be very useful in troubleshooting and verifying the signature hash for applications installed on an Android device.…

Read More

Users unable to lookup other users in the MS Graph Users endpoint

The Microsoft Graph endpoint is how you can interact programmatically with your tenant data. One of the most common scenarios is a MS Graph request to look up a user or users in the tenant. If you’re using delegated permissions in your access token, for a user to look up another user, the access token will need the delegated permission of User.Read.All However, there are ways to prevent users from…

Read More

How to logout of an OAuth2 application without getting prompted to select a user

By default, when you sign out of Azure Active Directory when using a Open ID Connect/OAuth2 application, you will be prompted to select a user account to sign out of, even if there is only one user account to select. To work around this behavior, there are 3 requirements: Step (1): Add the optional claim for the login_hint Add the login_hint optional claim to the id token in the App…

Read More