1. Use Microsoft Graph to Reach Users on Hybrid Exchange 2016
8/6/2018 3:27 AM
BRK3045
Use Microsoft Graph to Reach Users on Hybrid Exchange 2016
Venkat Ayyadevara
Program Manager
Outlook Ecosystem
@VRAyyadevara
Deepak Singh
Program Manager
Outlook Ecosystem
@Deepaksinghlko
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2. Agenda Session objective Key takeaways Microsoft Graph Exchange Online
What is Microsoft Graph?
What are the benefits of Microsoft Graph supporting hybrid Exchange deployments?
Architecture overview
Developing an app that reaches online and on-premises users
Configuring/managing on-premises Exchange 2016 for Microsoft Graph
Sneak-peek into what is coming
Key takeaways
Simple: One API endpoint & one auth mechanism to reach online & on-premises mailboxes!
Secure: Industry standard OAuth 2 flow that respects your authentication policies.
Easier: REST APIs that are much easier than EWS SOAP APIs to build apps on your platform of choice.
Available: Now offered in Preview for you to use and give us feedback!
Microsoft Graph
Exchange Online
Exchange On-Premises

3. Microsoft Graph

4. What is Microsoft Graph?
8/6/2018
What is Microsoft Graph?
Single API for:
Accessing data
/me, /users, /groups, /messages, /drive, ….
Traversing data
/drive/items/<id>/lastmodifiedByUser
Accessing insights
/insights/trending
Work/School and Personal
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5. State of the world before Microsoft Graph
Work and school
Personal
Many different APIs to access data
Separate auth stacks for work and personal

6. Today’s world with Microsoft Graph(
Work and school
Personal …

7. Unified API style – single endpoint
Microsoft Ignite 2016
8/6/2018 3:27 AM
Unified API style – single endpoint
Operation
Service endpoint
GET my profile
GET my mail
GET my calendar
GET my contacts
GET my photo
GET my files
GET my manager
GET last user to modify file foo.txt
GET users in my organization
GET group conversations
GET people related to me
GET my tasks
GET my notes
GET files trending around me
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8. Demo: Microsoft Graph + Hybrid Exchange 2016 User
Deepak Singh

9. Why does this Matter?

10. Before Microsoft Graph Supported Hybrid Users
Step 1: User provides address
… And usually their credentials as well to sign in.
Step 2: App determines EWS endpoint
User signs into Autodiscover endpoint.
Autodiscovery is complicated if app isn’t built on .NET or Java!
Need to cache API endpoint, since Autodiscover can take time.
Step 3: App uses EWS to connect to mailbox
Using Exchange Web Services (EWS) SOAP API from platforms other than .NET and Java is hard!!
All-or-nothing read/write access to a mailbox.
Exchange Online
Exchange On-Premises

11. With Microsoft Graph Supporting Hybrid …
Step 1: User provides address
No need to provide app with user credentials.
Step 2: App calls Microsoft Graph
Microsoft Graph checks if user is in cloud or on-premises.
User signs in, grants consent and app gets a token.
App connects to mailbox with easy-to-use REST APIs!
Granular permission(s) ensure app has access to only what is approved!!
Microsoft Graph
Exchange Online
Exchange On-Premises
App doesn’t need to find out or remember user-specific API endpoints!

12. Benefits to Your Organization
OAuth required.
Unlike EWS, app has no access to user’s credentials.
Authentication respects your organization’s policies e.g. 2 factor auth.
Granular consent for on-premises users.
Unlike EWS, app can request consent for just the permission(s) it needs e.g. Calendars.Read or Contacts.ReadWrite or Mail.Send.
Leverage Graph’s intelligence & insights.
Enable your on-premises users to benefit from content, insights & intelligence unlocked by Microsoft Graph.
Leverage on-premises Exchange content + cloud-only content e.g. files
Graph knows which capabilities are cloud-only vs. cloud & on-premises.
Blend seams between cloud & on-premises.

13. Benefits to Your Developers
One auth for cloud & hybrid on-premises users.
Single registration portal for commercial (cloud, on-premises) & consumer.
Single auth endpoint.
One API endpoint
No need to autodiscover the API endpoint for a user & remember it.
Build compelling views for a user joining on-prem & cloud content.
Microsoft Graph returns meaningful error for capabilities not available on on-premises server.
Easy to developer on your platform of choice
Industry standards: REST, JSON, OAuth 2.0
Microsoft Graph client libraries for multiple platforms once we exit preview
UWP
iOS
.NET
Android
Python
Ruby

14. Architecture Overview

15. Cloud User Flow Cloud User On-Premises User Exchange Online6
On-Premises User 1 4 5 2 3
AAD
Exchange Online
Azure Active Directory
On-Premises Exchange 2016

16. On-Premises User Flow Cloud User On-Premises User Exchange Online8
On-Premises User 1 7 2 3 4 5 6
AAD
Exchange Online
Azure Active Directory
On-Premises Exchange 2016

17. New Services Added to On-Premises Exchange
Exchange 2016 Cumulative Update 3 (CU3) & later
REST API endpoint (Preview)
Exchange 2016 namespace>/api/v2.0/ where v2.0 is currently supported version.
Receives and processes requests from Microsoft Graph for on-premises users.
Requires OAuth 2.0
/api must be accessible via public internet.
Autodiscover JSON endpoint (Preview)
Exchange 2016 namespace>/autodiscover/autodiscover.json/
New RESTful service to discover REST API endpoint for an SMTP address
No auth required. Returns only REST API endpoint URL.
Intended to support OAuth 2.0 while avoiding multiple auth prompts for a user
/autodiscover/autodiscover.json must be accessible via public internet

18. Building an App or Service for Hybrid Users

19. Build a Clear & Coherent Experience for All Users
Cloud-only and cloud-first capabilities
Some Microsoft Graph capabilities are cloud-only or cloud-first.
User distribution across cloud and on-premises varies across organizations, over time (0-100%).
Users may be moved by an organization from on-premises to cloud or vice-versa
Direct users to organization-configurable support channels for feature questions.
Same API version doesn’t imply identical feature set
New entities, actions & nullable properties can be added to an existing version.
GET response may include new properties that you don’t recognize.
Different users are most likely on different builds
Exchange Online upgraded multiple times a month
Exchange 2016 CU shipped quarterly.

20. Special Considerations during Preview & Beyond
Use
is cloud-only.
Use for entities and actions supported by Graph.
Go to to learn more.
Preview limitations
User graph.microsoft.com/v1.0/users/<id>/ instead of graph.microsoft.com/v1.0/me/
Notifications for on-premises users not yet supported.
Error message returned from supported on-premises server is appended with “REST APIs for this mailbox are currently in preview …".
During preview, don’t use Microsoft Graph to support on-premises users in production apps or services

21. Graph Entities Available for On-Premises Users
Mail
Mail folders
Messages
Item & file attachments
Calendar
Calendar groups & Calendars
Events & Calendar view
Reminders & Reminder view
Contacts
Contact folders
Profile
User profile per AAD
Profile picture
Mailbox Settings
Automatic replies
Language & Time zone
Data extensibility
Extended properties

22. Demo: Add Send Message Feature to Demo App
Deepak Singh

23. Configuration & Management

24. Setting up Exchange 2016 for Graph
Upgrade to Exchange 2016 Cumulative Update 3 (CU3).
Run /PrepareAD explicitly.
Registers Microsoft Graph as a trusted partner application.
Admins can disable Graph support by removing it from trusted partner list
On-premises Active Directory must be fully synced w/ AAD

25. Network Infrastructure Requirements
Internet DNS records required for:
On-premises Exchange namespace
Autodiscover namespace for all accepted domains
Firewall or application gateway must allow access to:
/api virtual directory for REST API requests
/autodiscovery/autodiscover.json virtual directory for API endpoint discovery
Only Exchange 2016 (CU3 or later) servers allowed in load balanced array for Exchange namespace

26. Run Hybrid Configuration Wizard (HCW)
HCW update coming soon.
Manual Steps to unblock development.
From Exchange Online shell, get the initial domain of your tenant.
Get-AcceptedDomain | fl Domainname,InitialDomain
From on-premises Exchange shell, add a new authentication provider.
New-AuthServer -Name EvoSts -Type AzureAD –AuthMetadataUrl domain>/federationmetadata/ /federationmetadata.xml
From AAD shell, register hostname with the AAD security token service.
$x = get-MSOLServicePrincipal - -AppPrincipalId ff1-ce
$x.ServicePrincipalnames.Add(" namespace>/")
Set-MSOLServicePrincipal -AppPrincipalId ff1-ce ServicePrincipalNames $x.ServicePrincipalNames

27. Demo: State of Exchange 2016 Server when Ready for Graph
Microsoft 2016
8/6/2018 3:27 AM
Demo: State of Exchange 2016 Server when Ready for Graph
Deepak Singh
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28. What’s Next

29. We Need Your Feedback & Suggestions!
Management
What user experience or service challenges are you facing?
How hard is this to set up and maintain?
What additional points of friction are you discovering?
Are you ok with only Exchange 2016 servers in your load balanced array?
Development
Are you able to register your app and make auth work?
Any feedback on the errors you receive for unsupported APIs?
Are you happy with latencies, perf in general, and reliability?
Are there specific code samples or guidance you would like to see?
What more is needed to blend cloud/on-premises seams?
We need your help to make this work great for you!

30. Exit Preview for Hybrid Exchange Deployment
Hybrid Configuration Wizard (HCW) update
Querying per-user version & capabilities
API improvements
Ability to use /me instead of /users/<id>/
Support for notifications
Additional entities for on-premises users e.g. Extensions
Microsoft Graph SDK support
End user Graph explorer support for on-premises
Incorporate your feedback and suggestions!

31. Beyond Hybrid Exchange Deployments
How do we extend hybrid support to other Office 365 workloads
How can we enable an on-premises Exchange 2016 deployment to leverage Microsoft Graph?
Microsoft Graph
Exchange Online
SharePoint Online
Microsoft Graph
Exchange On-Premises

32. Resources IT administration Development for hybrid deployments
On-premises architectural requirements for REST API:
Development for hybrid deployments
Overview:
Microsoft Graph documentation:

33. Related Sessions Session Title Time Location BRK2157
Get the Office developer platform roadmap
Mon, Sep 26 2:15 PM - 3:30 PM
A311-A312
BRK4016
Access SharePoint files and lists using SharePoint API in Microsoft Graph API
Tue, Sep 27 2:15 PM - 3:30 PM
A411-A412
BRK3199
Access intelligence in the Microsoft Graph and API
Tue, Sep 27 4:00 PM - 5:15 PM
BRK3113
Exploit the Microsoft Graph API to supercharge your Line of Business Applications
Tue, Sep. 27 9:00 AM - 10:15 AM
A313-A314
BRK3306
Power your applications with Excel Workbooks as a Service
Wed, Sep 28 9:00 AM - 10:15 AM
A402-A403
BRK4012
Dive Deep on Skype Web SDK & Skype for Business App SDK: Build apps across Web, IOS & Android
Wed, Sep :30 PM - 1:45 PM
B304-B305
BRK2054
Empower teams with actionable mail using Office 365 Connectors in Outlook
Wed, Sep. 28 2:00 PM - 2:45 PM
A305
BRK3044
Integrate line of business services and processes with Outlook on Windows, Mac and web
Wed, Sep. 28 2:15 PM - 3:30 PM
BRK3046
Build intelligent line-of-business applications leveraging the Outlook REST APIs
Wed, Sep. 28 4:00 PM - 5:15 PM
BRK2028
Manage and deploy Office add-ins and Office 365 apps
Thu, Sep :30 PM - 1:45 PM
A302
BRK2160
Build business applications with Power Apps, Microsoft Flow, and Office 365
BRK3114
Create cross-platform mobile apps with Xamarin that connect to Office Services
Thu, Sep. 29 4:00 PM - 5:15 PM
BRK1019
Vote and celebrate at the Microsoft Office App Awards A
BRK2259
Build custom applications with Microsoft OneNote
Fri, Sep. 30 9:00 AM - 10:15 AM

34. Wrap Up

35. Microsoft Graph / Hybrid Exchange Preview
Key Takeaways
Simple: Use Microsoft Graph + OAuth 2.0 to reach online & on-premises users!
Secure: Industry standard OAuth 2 flow that respects your authentication policies.
Easier: REST APIs that are easier than EWS to build apps on your chosen platform.
Available: Now offered in Preview for you to use and give us feedback!
Please try out the preview and give us feedback!
Dev how-to questions or issues:
API doc issues:
User Voice for everything else:

36. Deploy, ramp-up on new services and onboard new users with Microsoft FastTrack:

37. Join the Microsoft Tech Community to collaborate, share, and learn from the experts:

38. Please evaluate this session
8/6/2018 3:27 AM
Please evaluate this session
Your feedback is important to us!
From your PC or Tablet visit MyIgnite at
From your phone download and use the Ignite Mobile App by scanning the QR code above or visiting
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

39. 8/6/2018 3:27 AM
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.