Now, Microsoft Graph API is the buzzword. How to use Microsoft Graph API to fetch the details from Azure Active Directory (Azure AD/AAD) and Microsoft Intune? And a list of Intune PowerShell Scripts samples. I’m not going to provide any Graph API scripts to fetch details in this post.
NOTE! – Intune PowerShell Script Samples with Microsoft Graph – https://github.com/microsoftgraph/powershell-intune-samples
APIs have always been an alien term for me. Rest API was everywhere and now it’s Graph API. What is the difference between Rest API and Graph API? Here are the details. Have your ever tried to Facebook Graph API? So the entire industry is taking the path of Graph API!
More detailed explanation in the above video or you can click here
In this post, I would like to help by providing basic details of Microsoft Graph API. How to start using Graph API graphically (Not programmatically) and how Graph API would be helpful for IT Pros in their day to day life. Microsoft Intune admins can analyse the details of a device or user from Graph API. We can get only limited details of objects from Azure AD portal, however loads of details can be fetched from Graph API via Web browsers. You can perform all the GET and other supported operations from the following URL. Remember to sign in to tenant.
Launch Microsoft Graph – URL –->
When you sign in for the first time you need to agree to provide the following permissions to Graph explorer. Click on Agree button to proceed further.
There are two versions of Graph explorer available at the moment. The version 1.0 and Beta. I was having hard time to connect to Graph API. It was ok when I wanted to retrieve my user information. But when I tried to fetch the details for entire tenant, it was asking to agree or accept new Admin consent as you can see in the following paragraph.
This query requires additional permissions. If you are an administrator, you can click here to grant them on behalf of your entire organization. Or, you can try the same request against your own tenant by creating a free Office 365 developer account.
When I tried to click on “HERE” button to accept the consent, it was giving me odd error as follows :- “AADSTS90002: No service namespace named ‘organizations’ was found in the data store.” Ryan and Panu helped me to get rid of this error mentioned above. To accept this admin consent, you don’t have to create any manual applications or run any PowerShell scripts! It’s out of box setting now in your enterprise applications blade in Azure console.
Following are the some of the samples of graph API GET queries to retrieve details from Intune and Azure Active Directory (AAD). Other 3 types of actions are possible with Graph API and those are POST, PATCH and DELETE.
https://graph.microsoft.com/beta/users/[email protected]/ownedDeviceshttps://graph.microsoft.com/beta/deviceAppManagement/mobileAppshttps://graph.microsoft.com/beta/users/https://graph.microsoft.com/beta/applications Following is some of the extracts of device management mobile app.
WhatsApp is one of the applications “https://graph.microsoft.com/beta/deviceAppManagement/mobileApps“. Similarly, we can retrieve the owned devices of a user and the status of a device through Graph API GET commands. Some of these details are only available ONLY through Graph API. This will great help for Intune admins at the time of troubleshooting issues.
Status Code: 200
“displayName”: “WhatsApp Messenger”,
“description”: “WhatsApp Messenger is a FREE messaging app available for iPhone and other smartphones. WhatsApp uses your phone’s Internet connection (4G/3G/2G/EDGE or Wi-Fi, as available) to let you message and call friends and family. Switch from SMS to WhatsApp to send and receive messages, calls, photos, videos, and Voice Messages. \n\nWHY USE WHATSAPP: \n\n• NO FEES: WhatsApp uses your phone’s
“publisher”: “WhatsApp Inc.”,
Reference Links Intune PowerShell Scripts sample
- Intune Graph API Reference – here
- Azure AD Graph API reference – here
- Quickstart for the Azure AD Graph API – here