Now, Microsoft Graph API is the buzzword. How to use Microsoft Graph API to fetch the details from Azure Active Directory (Azure AD/AAD) and Microsoft Intune? And a list of Intune PowerShell Scripts samples. I’m not going to provide any Graph API scripts to fetch details in this post.
APIs have always been an alien term for me. Rest API was everywhere and now it’s Graph API. Have you ever tried Facebook Graph API? So the entire industry is taking the path of Graph API!
A more detailed and latest explanation -> Intune Graph Query Samples Starters Guide
NOTE! – Intune PowerShell Script Samples with Microsoft Graph – https://github.com/microsoftgraph/powershell-intune-samples
In this post, I would like to help by providing basic details of the Microsoft Graph API. How to start using Graph API graphically (Not programmatically) and how Graph API would be helpful for IT Pros in their day-to-day life. Microsoft Intune admins can analyze the details of a device or user from Graph API.
We can get only limited details of objects from the Azure AD portal, however, loads of details can be fetched from Graph API via Web browsers. You can perform all the GET and other supported operations from the following URL. Remember to sign in to the tenant.
Latest video on Intune Graph
Launch Microsoft Graph – URL –->
When you sign in for the first time you need to agree to provide the following permissions to Graph explorer. Click on Agree button to proceed further.
There are two versions of Graph explorer available at the moment. Version 1.0 and Beta. I was having a hard time connecting to Graph API. It was ok when I wanted to retrieve my user information. But when I tried to fetch the details for the entire tenant, it was asked to agree or accept new Admin consent as you can see in the following paragraph.
This query requires additional permissions. If you are an administrator, you can click here to grant them on behalf of your entire organization. Or, you can try the same request against your own tenant by creating a free Office 365 developer account.
When I tried to click on the “HERE” button to accept the consent, it was giving me an odd error as follows:- “AADSTS90002: No service namespace named ‘organizations’ was found in the data store.” Ryan and Panu helped me to get rid of this error mentioned above. To accept this admin consent, you don’t have to create any manual applications or run any PowerShell scripts! It’s out of the box set now in your enterprise applications blade in the Azure console.
Following are some of the samples of graph API GET queries to retrieve details from Intune and Azure Active Directory (AAD). The other 3 types of actions are possible with Graph API and those are POST, PATCH, and DELETE.
https://graph.microsoft.com/beta/users/[email protected]/ownedDeviceshttps://graph.microsoft.com/beta/deviceAppManagement/mobileAppshttps://graph.microsoft.com/beta/users/https://graph.microsoft.com/beta/applications Following is some of the extracts of device management mobile app.
WhatsApp is one of the applications “https://graph.microsoft.com/beta/deviceAppManagement/mobileApps“. Similarly, we can retrieve the owned devices of a user and the status of a device through Graph API GET commands. Some of these details are only available ONLY through Graph API. This will great help for Intune admins at the time of troubleshooting issues.
Status Code: 200
“displayName”: “WhatsApp Messenger”,
“description”: “WhatsApp Messenger is a FREE messaging app available for iPhone and other smartphones. WhatsApp uses your phone’s Internet connection (4G/3G/2G/EDGE or Wi-Fi, as available) to let you message and call friends and family. Switch from SMS to WhatsApp to send and receive messages, calls, photos, videos, and Voice Messages. \n\nWHY USE WHATSAPP: \n\n• NO FEES: WhatsApp uses your phone’s
“publisher”: “WhatsApp Inc.”,
Reference Links Intune PowerShell Scripts sample
- Intune Graph API Reference – here
- Azure AD Graph API reference – here
- Quickstart for the Azure AD Graph API – here
Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…