Using PowerShell to configure a signing certificate for a SAML-based SSO Enterprise Application

In my last blog post I talked about how to use PowerShell to instantiate an MSAL Confidential Client Application to acquire an access token using Client Credentials Grant flow. In this post we will use PowerShell to instantiate an MSAL Public Client Application to perform an Authorization Code Grant flow to obtain a delegated permission Access Token for Microsoft Graph. We will then use that access token to call Microsoft…

Read More

Some notes regarding the Microsoft Graph Subscription and webhook

For certain Azure AD resources or Directory Objects you can use Microsoft Graph to create Subscriptions to receive change notifications event. Below are some notes to be aware of: Subscription object Lifetime Each subscription object (except for Security alerts) is only valid for 3 days maximum, so make sure you renew the subscription before it expires to keep receiving change notifications. See https://docs.microsoft.com/en-us/graph/api/resources/subscription?view=graph-rest-1.0 for more detail on maximum subscription length…

Read More

Graph Query to get B2B user using User Principal Name (UPN)

If you are using Microsoft Graph API Query to fetch B2B user using UPN, and experiencing below shown error: Query: https://graph.microsoft.com/v1.0/users/example_gmail.com#EXT#@example.onmicrosoft.com Response: Well, here is the fix: You will need to encode the URL request. Reason, you are experiencing the error is because, ‘#‘ sign is treated as a special character in the URL. So ‘#‘ must be URL-encoded otherwise everything after it will be treated as a fragment and…

Read More

Using filter query on mail-related attributes in Microsoft Graph

The user object has email addresses stored in a couple of properties: the mail and otherMails properties. Both of these properties can be used to search for certain users having the desired email addresses. Here is an example of how to use the filter query to search for user using mail property: beta endpoint: GET https://graph.microsoft.com/beta/users?$filter=mail eq ‘john@contoso.com’ v1.0 endpoint: GET https://graph.microsoft.com/v1.0/users?$filter=mail eq ‘john@contoso.com’ Unlike the mail attribute (string-type property),…

Read More

Azure Active Directory reporting API with MS Graph

Introduction As documented here, the Microsoft Graph Reporting API can be used to get the audit logs (https://graph.microsoft.com/beta/auditLogs/directoryAudits) and the sign-ins reports (https://graph.microsoft.com/beta/auditLogs/signIns). The old reports endpoint using Azure AD Graph is now deprecated and attempting to use that legacy end point to get the auditEvents can result in the following error: GET https://graph.windows.net/<tenant>.onmicrosoft.com/reports/auditEvents?api-version=beta {   “error”:{     “code”:”Deprecated_ActivityReports”,”message”:”This API is deprecated as part of old azure classic portal, please…

Read More

How to add an owner to an Azure AD Application

Introduction: This post will go over a three different ways to add owner to Azure AD Application using Azure Powershell, Azure AD Graph, and Microsoft Graph endpoint.  The Microsoft Graph documentation on this may not be clear to point out that an Application owner can be either a User object or a Service Principal object. Various technique to add Application Owner: Azure AD Powershell: Use the Azure AD Powershell command…

Read More

How to Use the .Net Microsoft Graph SDK to Get Users and Get Next Page of Results

Introduction This post will explain how to use the .Net Microsoft Graph SDK in order to get users. This article is assuming that you have already gotten an Access Token using ADAL .NET. In order to learn more on how to get the Adal .NET token, please reference : How to Use the ADAL .NET library to Acquire a Token Interactively in a Console Application (Authorization Code Flow) Link Warning…

Read More

How to Create a New Schema Extension Using the Microsoft Graph Explorer

Introduction This post is to provide a tutorial on how to create a schema extension utilizing the Microsoft Graph Explorer. In this post we will, login to Microsoft Graph Explorer, create the V1 AAD Application, and make the Microsoft Graph Schema Extension call.   Getting the Access Token Please navigate to the Microsoft Graph Explorer at : https://developer.microsoft.com/en-us/graph/graph-explorer Once the page loads, on the left, below authentication you will see…

Read More