How to Fetch Intune and Azure AD details from Microsoft Graph API

Intune Graph API provides ability to access to Intune information programmatically from your tenant. This Graph API could perform the same Intune operations which are available in the Azure Portal.  

0
Advertisement

Now, Microsoft Graph API is the buzz word. How to use Microsoft Graph API to fetch the details from Azure Active Directory (Azure AD/AAD) and Microsoft Intune? I’m not going to provide any Graph API scripts to fetch details in this post. APIs are always been an alien term for me. Rest API was everywhere and now it’s Graph API. What is the different between Rest API and Graph API? Here is the details. Have your ever tried to Facebook Graph API? So entire industry is taking the path of Graph API!

More detailed explanation in the above video or you can click here

In this post, I would like to help by providing basic details of Microsoft Graph API. How to start using Graph API graphically (Not programmatically) and how Graph API would be helpful for IT Pros in their day to day life. Microsoft Intune admins can analyse the details of a device or user from Graph API. We can get only limited details of objects from Azure AD portal, however loads of details can be fetched from Graph API via Web browsers. You can perform all the GET and other supported operations from the following URL. Remember to sign in to tenant.

URL –> https://graph.microsoft.io/en-us/graph-explorer

When you sign in for the first time you need to agree to provide the following permissions to Graph explorer. Click on Agree button to proceed further.

There are two versions of Graph explorer available at the moment. The version 1.0 and Beta. I was having hard time to connect to Graph API. It was ok when I wanted to retrieve my user information. But when I tried to fetch the details for entire tenant, it was asking to agree or accept new Admin consent as you can see in the following paragraph.

This query requires additional permissions. If you are an administrator, you can click here to grant them on behalf of your entire organization. Or, you can try the same request against your own tenant by creating a free Office 365 developer account.

When I tried to click on “HERE” button to accept the consent, it was giving me odd error as follows :- “AADSTS90002: No service namespace named ‘organizations’ was found in the data store.” Ryan and Panu helped me to get rid of this error mentioned above. To accept this admin consent, you don’t have to create any manual applications or run any PowerShell scripts! It’s out of box setting now in your enterprise applications blade in Azure console.

Following are the some of the samples of graph API GET queries to retrieve details from Intune and Azure Active Directory (AAD). Other 3 types of actions are possible with Graph API and those are POST, PATCH and DELETE.
https://graph.microsoft.com/beta/users/anp@SCZ.onmicrosoft.com/ownedDevices
https://graph.microsoft.com/beta/deviceAppManagement/mobileApps
https://graph.microsoft.com/beta/users/
https://graph.microsoft.com/beta/applications
Following is the some of the extracts of device management mobile app. WhatsApp is one of the application “https://graph.microsoft.com/beta/deviceAppManagement/mobileApps“. Similarly, we can retrieve the owned devices of a user and the status of a device through Graph API GET commands. Some of these details are only available ONLY through Graph API. This will great help for Intune admins at the time of troubleshooting issues.
cache-control: private
content-type: application/json;odata.metadata=minimal;odata.streaming=true;
request-id: 604557b1-409b-4749-8w32d-d754844b2181
client-request-id: 6se357b1-409b-4349-864d-d754844b2181
Status Code: 200
{
“@odata.context”: “https://graph.microsoft.com/beta/$metadata#deviceAppManagement/mobileApps”,
“value”: [
{
“@odata.type”: “#microsoft.graph.iosStoreApp”,
“id”: “ab8a5364-887d-44e7-a6cd-9684d2f279c3”,
“displayName”: “WhatsApp Messenger”,
“description”: “WhatsApp Messenger is a FREE messaging app available for iPhone and other smartphones. WhatsApp uses your phone’s Internet connection (4G/3G/2G/EDGE or Wi-Fi, as available) to let you message and call friends and family. Switch from SMS to WhatsApp to send and receive messages, calls, photos, videos, and Voice Messages. \n\nWHY USE WHATSAPP:  \n\n• NO FEES: WhatsApp uses your phone’s
“publisher”: “WhatsApp Inc.”,
“largeIcon”: null,
“createdDateTime”: “2017-01-22T06:40:24.696692Z”,
“lastModifiedDateTime”: “2017-01-22T06:40:24.696692Z”,
“isFeatured”: false,
“privacyInformationUrl”: null,
“informationUrl”: null,
“owner”: “”,
“developer”: “”,
“notes”: “”,
“uploadState”: 1,
“installSummary”: null,
“bundleId”: “net.whatsapp.WhatsApp”,
“appStoreUrl”: “https://itunes.apple.com/us/app/whatsapp-messenger/id310633997?mt=8&uo=4”,
“applicableDeviceType”: {
“iPad”: false,
“iPhoneAndIPod”: true
},
“minimumSupportedOperatingSystem”: {
“v8_0”: true,
“v9_0”: false,
“v10_0”: false
}
}, 

Reference Links :-

Intune Graph API Reference – here

Azure AD Graph API reference – here

Quickstart for the Azure AD Graph API – here

LEAVE A REPLY

Please enter your comment!
Please enter your name here