Microsoft Graph – Intune API’s David Randall
Microsoft Graph a unified REST API Microsoft Build 2017 4/23/2019 4:26 PM Microsoft Graph a unified REST API and comprehensive developer experience for integrating the data and intelligence exposed by Microsoft services. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
All users Microsoft Graph Access user, group and organizational data One endpoint One token All users Your app https://graph.microsoft.com Users Groups Outlook OneNote more… SharePoint Intune Teams Azure AD Planner Excel
Microsoft Graph – Calling the API Build 2015 4/23/2019 4:26 PM Microsoft Graph – Calling the API Version: /v1.0 or /beta Resource / Route: /users, /groups, /sites, /drives, /devices, more… Member from collection: /users/dave Property: /users/david/department Traverse to related resources via navigations: /users/david/memberof Query parameters: /users/david/memberof?$top=5 Format results: $select | $orderby Control results: $filter | $expand https://graph.microsoft.com /{version} /{resource} /{id} /{property} ?{query-parameters} https://graph.microsoft.com/v1.0/users?$filter=userPrincipalName eq ‘david@thundercreek.onmicrosoft.com' © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Microsoft Graph – Query Format 4/23/2019 4:26 PM Microsoft Graph – Query Format REST requests use Standard HTTP methods GET POST PUT PATCH DELETE Pull data from Microsoft Graph Add data to Microsoft Graph Assign data into Microsoft Graph Update resources with new data Delete individual resources from Microsoft Graph Data returned in JSON format Data sent to the service in JSON format © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
A few key “need-to-knows”… Azure AD Global Administrator must consent your app in their tenant Appropriate permission scopes for your app must be used Graph API supports (and often requires) paging – 1000 obj’s / page Graph API supports batching – and it’s usually faster Watch the Changelog for monthly updates to API’s For Intune … All Intune API’s require delegated permissions (App+User) All Intune API’s support Intune Roles (e.g. Intune specific RBAC) All Intune API’s natively support auditing for change events Many API’s are now supported in v1.0; beta will always be ongoing
Demo Graph Explorer 4/23/2019 4:26 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Other common resource API’s App Related Device Related /deviceAppManagement/mobileApp /deviceManagement/managedDevices /deviceAppManagement/managedApp /deviceManagement/termsAndConditions /deviceAppManagement/managedAppPolicy /deviceManagement/enrollmentProfiles /deviceAppManagement/managedAppStatus /deviceManagement/deviceEnrollmentConfigurations /deviceAppManagement/mdmWindowsInformationProtectionPolicy /deviceManagement/deviceConfigurationDeviceStateSummaries /deviceAppManagement/vppTokens /deviceManagement/deviceConfigurations /deviceAppManagement/managedEBooks /deviceManagement/roleDefinitions