I was recently building an api to match active directory and fetch their "users//licenseDetails" and service plans from azure ad via graph api.
I just recently discovered that some of their endpoints are paid per request.
How big of a trouble am I in?
I was testing data from 800 domain accounts.
Here are the details:
For more information regarding the pricing please check here: https://azure.microsoft.com/en-us/pricing/details/graph-data-connect/
Related
How does one get a domain into a healthy state using the Microsoft Graph Api?
Domains that are created and verified using the Graph Api always show with an exclamation mark and "Incomplete Setup" in the Office 365 management portal.
The steps performed by the GraphApi are as follows:
Create a domain using the graph api in tenancy. POST /domains
Get the domain txt records from graph api. GET /domains/{domainName}/verificationDnsRecords
Add TXT records to DNS zone on Cpanel (external)
Verify domain using Graph Api. POST /domains/{domainName}/verify
Set Services. PATCH /domains/{domainName}
However after performing all the above steps the domain still shows as in an incomplete state. The only way to get it to Healthy state is by using the portal.
Including step 5 or leaving it out doesn't make a difference at all.
How does one get a domain into a Healthy state using the Graph Api?
Office365 Domain section
I'm afraid that it's not supported to get a domain into a Healthy
state using Microsoft Graph API.
As you know, we cannot update DNS settings via Microsoft Graph API.
Although we can verify the domain, but the domain status which is
visible in portal is not exposed in Microsoft Graph domain properties.
And the O365 admin portal is calling another kind of API:
https://admin.microsoft.com/admin/api/Domains which is not exposed to
update the domain data.
Has this changed?
I think that it's not supported to get a domain into a Healthy state using Microsoft Graph API.
As you know, we cannot update DNS settings via Microsoft Graph API.
Although we can verify the domain, but the domain status which is visible in portal is not exposed in Microsoft Graph domain properties.
We are using Azure AD as well as Slack today. For most services we are using SCIM o provision users. All users have a profile image in Azure AD. As far as I understand it Slack does not support profile image when using SCIM as they only have scim 1.1. So is there some way or have anyone solved this in another way? My knowledge of writing advanced script and using apis is limited. I want my Azure user imaged replicated to Slack.
It isn't supported or possible to transmit pictures using Azure AD's SCIM provisioning service today. It's a feature we've seen requested before and we're working on solving the problem.
If you are going to attempt to populate the picture in Slack today, it will have to be done via some form of scripting/automation on your end calling an API endpoint of Slack's that allows for upload of profile pictures.
In our Azure active directory, we have 3 different office 365 subscriptions, each with some 20 odd users. And my license is part of one of those subscriptions. I've created an application under "App registrations" and given Microsoft Graph API permissions. When I call any Graph API, it returns only the data for the subscription that I am part of. How the API determines this, since there is no email account related info in the API requests. I would assume an app in the Azure AD can access all the subscriptions in the same tenant. Is there a way to fetch data across all the office 365 subscriptions?
as per your response on what you meant by subscription, you should have no issue accessing user data through regular graph calls, for example if you call the https://graph.microsoft.com/v1.0/users endpoint you should see all 60ish users,
make sure your app api permissions are correct. it sounds like under api permissions of your application registration, you may have given it delegated permissions instead of than applications permissions. if you are using delegated permissions, then you have to make sure that your user has the correct role assignment in azure ad. otherwise just switch to application permissions
if you have them set correctly, then as Allen Wu stated, please specify an example graph endpoint you are trying to get information from and maybe a screenshot of your api permissions page of your app registration.
How does one get a domain into a healthy state using the Microsoft Graph Api?
Domains that are created and verified using the Graph Api always show with an exclamation mark and "Incomplete Setup" in the Office 365 management portal.
The steps performed by the GraphApi are as follows:
Create a domain using the graph api in tenancy. POST /domains
Get the domain txt records from graph api. GET /domains/{domainName}/verificationDnsRecords
Add TXT records to DNS zone on Cpanel (external)
Verify domain using Graph Api. POST /domains/{domainName}/verify
Set Services. PATCH /domains/{domainName}
However after performing all the above steps the domain still shows as in an incomplete state. The only way to get it to Healthy state is by using the portal.
Including step 5 or leaving it out doesn't make a difference at all.
How does one get a domain into a Healthy state using the Graph Api?
I'm afraid that it's not supported to get a domain into a Healthy state using Microsoft Graph API.
As you know, we cannot update DNS settings via Microsoft Graph API.
Although we can verify the domain, but the domain status which is visible in portal is not exposed in Microsoft Graph domain properties.
And the O365 admin portal is calling another kind of API: https://admin.microsoft.com/admin/api/Domains which is not exposed to update the domain data.
Is possible to query the Microsoft Graph API using an application to collect audit log information for events such as logon/logoff, User creations/deletions, Group membership changes, etc.? I have been looking through the Graph API reference and it does not seem straight forward to me.
Or should we be continuing to use the Azure AD Graph API? We are trying to get data from Office 365 AAD and Azure Government AAD. We are already pulling data from the Office 365 Management API which has an Active Directory feed but not sure that will include everything we are looking for.
You can use Azure AD Audit Log API provided by Microsoft Graph to access the audit and sign-in logs to track user sign-in activities. However, this API is currently in Beta so take care with where and how you use it.
In order to work with user accounts, you can use the User API's which provide the capability to create, update, and delete users.
For Group management, take a look at Working with groups in Microsoft Graph.
Also, I would suggest looking through the Get access tokens to call Microsoft Graph documentation for acquiring access tokens in order to call Microsoft Graph API's and refer to GitHub repo for various Graph samples.