Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
#SPFestSEA Introduction to #MicrosoftGraph
1. Introduction to the Microsoft
Graph : Getting Started Quickly
& Getting the Most Out of It
SharePoint Fest Seattle 2019
Vincent Biret
2. Passionate about technologies, development and community
Vincent Biret
@baywet
bit.ly/vince365
Microsoft Office Dev MVP
Azure and Office 365 developer @ 2toLead
7. Regardless of your development model, the Microsoft Graph grants access to a wealth of
data
Your gateway to Microsoft 365
Your
app
Gateway
Your data or
your
customer’s
Office 365 Windows 10 Enterprise Mobility and Security
1Microsoft Graph
8. The Microsoft Graph provides a unified auth model and set of API’s for both pro and
personal accounts/data
Personal and professional accounts
(lucy)
9. The Microsoft Graph is the fastest growing API at Microsoft
Some numbers
18TNodes
181Countries
1BMonthly active apps
90%F500 companies have data
available via Microsoft
Graph
180MMonthly active users in
Microsoft 365
100BRequests each month
10. https://graph.microsoft.com
Microsoft Graph started with Office 365 and became THE API for enterprise and personal
data
What data is available?
Users, Groups, Organizations
Outlook
SharePoint
OneDrive
Teams
Planner
Excel
OneNote
Activities
Devices relays
Commands
Notifications
Azure AD
Intune
Identity Manager
Advanced Threat Analytics
Advanced Threat Protection
Email, Calendar,
Contacts and Tasks
Sites and Lists
Disks and Files
Channels, Messages
Tasks and Plans
Worksheets
Notes, and more…
Identity management
Access control
Synchronization
Domains
Organizational units
Applications and Devices
Threats analysis
Threats protection
Alerts
Policies
And more…
Office 365 Windows 10 Enterprise mobility and security
Dynamics 365
Finances
11. One of the key points of the Microsoft Graph is providing a unified data model
Wide and transversal API
SITES
GROUPS
USERSINSIGHTS
CONTACTS
PEOPLE
ORGANIZATION
EMAIL
CONTENT
DOCUMENTS
DEVICES
TEAMS
REPORTS
ME
ADMIN UNITS
ROLES
APPS
SECURITY DATA &
AUTOMATION
ORGANIZATION
USERS
BUSINESS
PARTNER
12. Microsoft provides a consistent approach to the API
Basics
• HTTP verbs represent the intent: GET | POST | PATCH | PUT | DELETE
• Version: /v1.0 or /beta
• Resource: /users, /groups, /sites, /drives, /devices, …
• Collection item: /users/john
• Property: /users/john/department
• Linked data via navigation: /users/john/events
• Query parameters: /users/john/events?$top=5
o Format: $select | $orderby
o Filter/Navigate: $filter | $expand
o Pagination: $top | $skip | $skiptoken
/{version} ?{parameters}/{resource}/{id}/{property}
16. Resources provided by the Graph are always secured. Depending on the authentication
flow, you might need multiple tokens.
Base principles
access_token
MSAL or
ADAL
Your APP
Microsoft
Graph
id_token
access_token refresh_token
Microsoft
Identity
17. It is crucial to think through your auth scenario before starting development as it has a
deep impact.
Contexts types
Users can consent for their data, admins for the whole tenant Only admins can consent
Delegated
permissions
User’s
privileges
App
permissions
Permission Type: applicationPermission Type: Delegated
Access as a user Access as a service
Effective PermissionsEffective Permissions
18. Permissions follow a description model. Tip: always request the least permissions
Permissions/scopes structure
specific: .All,
.Shared, etc
Read,
ReadWrite,
etc.
Target Entity:
files, mail,
groups,
calendars,
etc…
Ex: User.Read Directory.ReadWrite.All
Resource Action Scope
19. Microsoft has been working really hard to improve the situation. This is why it’s important
to think your auth.
Complex situation
Your target
audience
ADALSDK Client
App Reg.
MSAL
Endpoint
28. Microsoft is trying to improve your Graph dev experience
$whatif
• Simply add $whatif at the end of a request to know where the data is coming from
• Useful when debugging
• /me/?$whatif
{
"Description": "Execute HTTP request",
"Uri": "https://graph.windows.net/v2/c03a026e-335e-458c-bad2-
3309fe59663b/users('c9452811-4b6e-4073-b7cf-
3f681f55539b')?$select=businessPhones,displayName,givenName,jobTitle,mail,mobi
lePhone,officeLocation,preferredLanguage,surname,userPrincipalName,id",
"HttpMethod": "GET"
}
29. A good knowledge of OData is key to build applications properly, even when using SDKs
Know your OData!
• Sets
• $count
• $filter
• $expand
• $orderby
• $select
• $skip/$skipToken
• $top
• Search
• $search
• Values
• $ref
• $value
30. Microsoft must define boundaries to keep the service up and running. This sandbox is
defined at multiple levels and revolves around multiple concepts which makes the
problem more complex.
Throttling – the problem
• Microsoft 365 is a set of services, usage always limited
• Relies on limited and costly resources (CPU, mmory, storage…)
• These limits can be dynamic or fixed
• API usage is dynamic
• Site collection storage is fixed
• You can expand the boundaries: type and/or number of licenses
• API usage limitation is defined per user (to start with)
• This limits impact on the service, users and revenue
31. The idea is to limit resource usage, spread out pic activity, allow key features to survive by
stopping minor features using the same resource or even tell users to slow down before
everything stops.
Throttling – what can you do?
• Implement read cache (if possible)
• In proc, in memory, distributed cache (Redis)
• Pay attention to Rate-Limit Limit, Remaining, and Reset headers
• Pay attention to 429’s or 503’s and impl. « exponential back-off retry policies»*
• Or better, retry after the delay provided by retry-after header
• Implement “Circuit Breaker” design pattern
• Limit incoming traffic using telemetry
33. All these developer productivity improvements translate to savings in development
investments and better productivity for end users which means better ROI!
Conclusion
•Great potential
•Consistent API
•Auth design is key
•Functions are here to help
•Shorter delivery time
•Better apps integration
•Better user experience
34. Check out these sessions to learn more about the Microsoft Graph
To go further
• 6 demos to impress your boss/customers with Microsoft Graph
• Jeremy Take AZR104 room 604 3PM
• Automating Provisioning for Your digital workplace : With Graph and
Azure Durable Functions
• Vincent Biret AZR303 room 604 Friday 3PM
Mostly for devs and architects, as it’s intro level it might interest nontechnical people whom want to get a grasp
Gestion des questions, interaction, ok avec ce programme?
Parler des insights aussi grâce à l’abondance des données
https://github.com/microsoftgraph
+ Stack overflow, github…
Client credential flow: service can identify itself without impersonation (service account scenario)
On behalf flow: an app, in a given context, can relay its authentication to a trusted API in order to represent the app and the user, not only the application.
On behalf flow will help office add-ins accessing secured APIs
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-limitations
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-compare
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-on-behalf-of
https://myignite.microsoft.com/sessions/55110?source=sessions
Show aad.portal.azure.com, explain it’s the latest and greatest and Microsoft has almost updated all the samples. People should use it moving forward