How does one get a domain into a healthy state using the Microsoft Graph Api?
Domains that are created and verified using the Graph Api always show with an exclamation mark and "Incomplete Setup" in the Office 365 management portal.
The steps performed by the GraphApi are as follows:
Create a domain using the graph api in tenancy. POST /domains
Get the domain txt records from graph api. GET /domains/{domainName}/verificationDnsRecords
Add TXT records to DNS zone on Cpanel (external)
Verify domain using Graph Api. POST /domains/{domainName}/verify
Set Services. PATCH /domains/{domainName}
However after performing all the above steps the domain still shows as in an incomplete state. The only way to get it to Healthy state is by using the portal.
Including step 5 or leaving it out doesn't make a difference at all.
How does one get a domain into a Healthy state using the Graph Api?
I'm afraid that it's not supported to get a domain into a Healthy state using Microsoft Graph API.
As you know, we cannot update DNS settings via Microsoft Graph API.
Although we can verify the domain, but the domain status which is visible in portal is not exposed in Microsoft Graph domain properties.
And the O365 admin portal is calling another kind of API: https://admin.microsoft.com/admin/api/Domains which is not exposed to update the domain data.
Related
How does one get a domain into a healthy state using the Microsoft Graph Api?
Domains that are created and verified using the Graph Api always show with an exclamation mark and "Incomplete Setup" in the Office 365 management portal.
The steps performed by the GraphApi are as follows:
Create a domain using the graph api in tenancy. POST /domains
Get the domain txt records from graph api. GET /domains/{domainName}/verificationDnsRecords
Add TXT records to DNS zone on Cpanel (external)
Verify domain using Graph Api. POST /domains/{domainName}/verify
Set Services. PATCH /domains/{domainName}
However after performing all the above steps the domain still shows as in an incomplete state. The only way to get it to Healthy state is by using the portal.
Including step 5 or leaving it out doesn't make a difference at all.
How does one get a domain into a Healthy state using the Graph Api?
Office365 Domain section
I'm afraid that it's not supported to get a domain into a Healthy
state using Microsoft Graph API.
As you know, we cannot update DNS settings via Microsoft Graph API.
Although we can verify the domain, but the domain status which is
visible in portal is not exposed in Microsoft Graph domain properties.
And the O365 admin portal is calling another kind of API:
https://admin.microsoft.com/admin/api/Domains which is not exposed to
update the domain data.
Has this changed?
I think that it's not supported to get a domain into a Healthy state using Microsoft Graph API.
As you know, we cannot update DNS settings via Microsoft Graph API.
Although we can verify the domain, but the domain status which is visible in portal is not exposed in Microsoft Graph domain properties.
Microsoft has the tutorial showing how to use Data Factory to extract Office 365 data, but that seems to only extract Outlook email information?
Is there a way to use Data Factory (and a tutorial hopefully) to connect to Azure AD and extract all the Active Directory users? Microsoft Graph API has the commands to do that, but I wasn't clear if that was the only way or if Data Factory can connect to it directly (like the O365 connector it has)?
Microsoft has the tutorial showing how to use Data Factory to extract Office 365 data, but that seems to only extract Outlook email information?
According to the Microsoft documentation,not only email information,there are many other information such as address book contacts, calendar events, user information, mailbox settings, and so on.
So you can get user information which contains aboutMe,companyName,etc. when you choose BasicDataSet_v0.User_v1 in dataset.(All properties you can get,please refer to this documentation)
By the way,your tenant admin need to opt-in to Microsoft Graph data connect if you do this.And there is no AAD connector.
Hope this can help you.
I used Azure Logic Apps and got through Azure AD group (get members) then used Office 365 Connector to Get Manager there is also another option get direct reports. If you are using Logic apps please make sure to turn the pagination on so you get all users.
This is were I started but once I get going I was able to figure it out myself
https://eax360.com/query-azure-active-directory-using-graph-api-logic-apps/
Is possible to query the Microsoft Graph API using an application to collect audit log information for events such as logon/logoff, User creations/deletions, Group membership changes, etc.? I have been looking through the Graph API reference and it does not seem straight forward to me.
Or should we be continuing to use the Azure AD Graph API? We are trying to get data from Office 365 AAD and Azure Government AAD. We are already pulling data from the Office 365 Management API which has an Active Directory feed but not sure that will include everything we are looking for.
You can use Azure AD Audit Log API provided by Microsoft Graph to access the audit and sign-in logs to track user sign-in activities. However, this API is currently in Beta so take care with where and how you use it.
In order to work with user accounts, you can use the User API's which provide the capability to create, update, and delete users.
For Group management, take a look at Working with groups in Microsoft Graph.
Also, I would suggest looking through the Get access tokens to call Microsoft Graph documentation for acquiring access tokens in order to call Microsoft Graph API's and refer to GitHub repo for various Graph samples.
I'm building a service where each user has a calendar, I want to sync users 365 calendar events into their calendar, the tricky part seems to be, that this should be done repeatable by background job on the server, to keep them in sync.
I feel like I've read a bible of documentation from Microsoft, but still gotten nowhere. I eventually stumbled upon this article https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-client-creds which allows a server to query the graph api, on behalf of users. This is exactly what I want.
Having created a Azure account, and Active Directory service, I found that only users within the tenant can use this, which makes it rather useless, requiring to add users manually from azure panel.
AADSTS50020: User account 'm#****.com' from identity provider 'live.com' does not exist in tenant 'Default Directory' and cannot access the application 'c0193dea-5145-430a-9c90-325f1229a1fc' in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.
So I'm back at square one, how can I achieve what I described?
I'm not looking for a code implementation, merely a description of how to navigate the monstrosity of Microsoft.
Thank you
Update: Accordingly to Marc link. I tried to flick the multi tenant option, and change the endpoint to use common instead of tenant id. Sadly i'm still getting the same error.
You cannot sign-in to AAD with a non-AAD account using the v1 Endpoint. If you want to use a consumer Microsoft Account (#outlook.com, #hotmail.com, #live.com) then you need to use the Converged Auth model provided by the v2 Endpoint.
I have a walkthrough for the v2 Endpoint that you might find helpful: Microsoft v2 Endpoint Primer. It is similar to the v1 Endpoint but you'll need to register via https://apps.dev.microsoft.com rather than the Azure Portal. Also, v2 apps use Scopes instead of Resources and are multi-tenant out of the box.
This is a broad a question for Stack Overflow. That said, you're incorrect about Azure AD. It is absolutely not limited to a single-tenant. You do however need to register it as a multi-tenant application:
How to sign in any Azure Active Directory (AD) user using the multi-tenant application pattern
I have a website that uses OpenID Connect authentication/ADAL to authenticate users with an Azure AD. The application also uses the Microsoft Graph API to retreive user data from the AD.
Authentication has been working well from all kinds of devices ever since it was implemented a couple of months ago.
But a few weeks ago (on august 23rd, to be exact), authentication from mobile devices stopped working all of a sudden, although no changes was made in the code or (to my knowledge) in the company infrastucture.
In the AuthorizationCodeReceived event handler of my ConfigureAuth method, i aquire an authentication result in this manner:
var authenticationContext = new AuthenticationContext(settings.Authority);
var authenticationResult = authenticationContext.AcquireTokenByAuthorizationCode(context.Code, new Uri(settings.RedirectUri), new ClientCredential(settings.ClientId, settings.ClientSecret), resource);
where resource is the Microsoft Graph API URL.
However, ever since august 23rd, the AcquireTokenByAuthorizationCode throws an AdalServiceException with the message:
AADSTS50097: Device authentication is required.
If I omit the resource parameter in my AcquireTokenByAuthorizationCode call or change it to "https://graph.windows.net", for example, authentication from mobile devices works like a charm. But then I obviously cannot access the MS Graph API.
Is there a way to solve this so that i can access the MS Graph API and have users log on with mobile devices?
Sriram's answer is correct.
The company administrator has enabled conditional access policy for Exchange Online, which at present applies to Microsoft Graph as well. We are aware that this affects applications that use Microsoft Graph for artifacts other than mail/calendar, and are working on decoupling them. The change should roll out in the next few months. Please check with your company administrator if the policy can be relaxed. If not feasible, contact our support channel to request exclusion of Microsoft Graph from policy enforcement