1. 11/8/ :11 AM
BRK3388
Build applications to secure and manage your enterprise using Microsoft Graph
Dan Kershaw & Jeff Sakowicz
Program Managers – Identity Developer Experience
#MicrosoftGraph
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2. Agenda What Graph can do for you Microsoft Graph 101 App scenarios
Microsoft Build 2017
11/8/ :11 AM
What Graph can do for you
Microsoft Graph 101
Agenda
App scenarios
Next steps
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3. Microsoft Graph a unified REST API
Microsoft Build 2017
11/8/ :11 AM
Microsoft Graph
a unified REST API
and comprehensive developer experience
for integrating with the data and intelligence
exposed by Microsoft services
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4. Microsoft Graph SECURITY ALERTS PARTNER DEVICES THREAT INTELLIGENCE
Microsoft Build 2017
11/8/ :11 AM
Microsoft Graph
SECURITY ALERTS
DEVICES
PARTNER
THREAT INTELLIGENCE
ORGANIZATION
INSIGHTS ME
ROLES
CONTENT
ORGANIZATION
ADMIN UNITS
REPORTS
GROUPS
USERS
USERS
APPS
CONTACTS
PEOPLE
TEAMS
SITES
DOCUMENTS
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5. Protect users, apps, data, and devices
Microsoft Consumer Channels and Central Marketing Group
11/8/2018
Protect users, apps, data, and devices
Secure and protect against new threats
Apps
Data
Maximum productivity experience
Users
Devices
Employees
Business partners
Customers
Comprehensive and integrated
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6. Agenda What Graph can do for you Microsoft Graph 101 App scenarios
Microsoft Build 2017
11/8/ :11 AM
What Graph can do for you
Microsoft Graph 101
Agenda
App scenarios
Next steps
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7. Microsoft Graph API All users
Access user, group and organizational data
One endpoint
One token
All users
Your app
Users
Groups
Outlook
OneNote
more…
SharePoint
Intune
Teams
Azure AD
Planner
Excel

8. Calling the API https://graph.microsoft.com /{version} /{resource}
Build 2015
11/8/ :11 AM
Calling the API
HTTP verbs dictate the request intent: GET | POST | PATCH | PUT | DELETE
Version: /v1.0 or /beta
Resource: /users, /groups, /sites, /drives, /devices, more…
Member from collection: /users/dan
Property: /users/dan/department
Traverse to related resources via navigations: /users/dan/events
Query parameters: /users/dan/events?$top=5
Format results: $select | $orderby
Control results: $filter | $expand
Paging: $top | $skip | $skiptoken
/{version}
/{resource}
/{id}
/{property}
?{query-parameters}
© 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9. App types and permission types
Microsoft Build 2017
11/8/ :11 AM
App types and permission types
App type
Permission type
Who can consent
Effective
Permissions
Get access on behalf of users
Get access as a service
Mobile, Web and Single page app
Service and Daemon
Delegated permission (user permission)
Application permission
Users can consent
for their data
Admin can consent
for them or for all users
Only admin can consent
App permissions
User permissions
App permissions
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10. Demo Docs and Graph Explorer
Microsoft Build 2017
11/8/ :11 AM
Demo Docs and Graph Explorer
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11. Microsoft Graph Data Active Directory SharePoint OneDrive Outlook
Microsoft Build 2017
11/8/ :11 AM
Microsoft Graph Data
Active Directory
Users
profile
photo
direct reports
Groups
members
conversations
SharePoint
Sites
Lists
OneDrive
Files
upload
download
copy
versions
Outlook
Mail
messages
folders
send message
Calendar
events
find times
Excel
OneNote
Planner
Contacts
Directory
Beta
Teams
Insights
Project Rome
Devices
Activities
Intune
Reports
…and much more
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12. With Microsoft Graph Get the user profile Dan Agnieszka Groups Jeff
Microsoft Build 2017
11/8/ :11 AM
GET: /users/dan {
"displayName": "Dan",
"jobTitle": "PRINCIPAL PM MANAGER" }
GET: /users/dan/photo/$value
Stream image/jpeg
GET: /users/dan/manager
{"displayName": “Agnieszka", …}
GET: /users/dan/directReports
"value" : [
{"displayName": "Jeff", …},
{"displayName": "Suresh", …}, ]
GET: /me/memberOf
{"displayName": "Brits at Microsoft", …},
{"displayName": "Graph PM team", …}
With Microsoft Graph
Get the user profile
Agnieszka
manager
Groups
memberOf
Dan
directReports
Jeff
Suresh
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13. With Microsoft Graph Get insights based on activities Out of office
Microsoft Build 2017
11/8/ :11 AM
GET /me/insights/trending
"value" : [
{"name": "presentation.pptx", …},
{"name": "forecast.xlsx", …} ]
GET /me/drive/recent
{"name": "guidelines.pptx", …},
{"name": "budget.xlsx", …}
GET /me/people/?$search="topic: planning"
{"displayName": “Yina", …},
{"displayName": “Dmitry", …},
POST /me/findMeetingTimes {
"attendees": [
"type": "required",
" Address": {
"address": } ],
"meetingDuration": "2h"
With Microsoft Graph
Get insights based on activities
Out of office
Trending Documents
Find me the best time to meet Ana
Search people based on topics
People I’m working with
Recent Documents
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14. Microsoft Graph Capabilities
Microsoft Build 2017
11/8/ :11 AM
Microsoft Graph Capabilities
Auth
Credentials
Work/School
Personal
OAuth scopes
Delegated (User)
App
OData
Filter
Order
Pagination
Compliance
Conditional access
National clouds
Query patterns
Web hooks
Delta
Extensions
Batching
SDKs & tools
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15. Extending Microsoft Graph
Open Extensions
GET /me/message/<id>/?$expand=extensions {
"displayName": “Dan",
"extensions": [
"extensionName": "Com.Contoso.Referral",
"companyName": "Wingtip Toys",
"expirationDate": " T11",
"dealValue": 10,000 } ]
Schema extensions
POST /schemaExtensions
"id": "graph_courses",
"targetTypes": [ "Group" ],
"properties": [
"name": "name",
"type": "String" }…
GET /groups?$filter=courses/name eq Math101
Extending Microsoft Graph
Add extensions to user, group, mail & more
Customer referral
Group: Math 101
PMP Certified
Favorite color: blue

16. With Microsoft Graph Get notifications & track changes Edited a file
GET/me/mailFolders/{id}/messages/delta
"value" : […]
POST /subscriptions {
"changeType": "created,updated",
"notificationUrl": "
"resource": "/me/mailfolders('AA')/messages", }
GET/me/mailFolders/{id}/messages/delta ?$deltatoken=BB"
With Microsoft Graph
Get notifications & track changes
Edited a file
Scheduled a new meeting
Got a new hire
Added a new member to a group
Got high important

17. Microsoft Build 2017
11/8/ :11 AM
POST /$batch {
"requests": [{
"id": "1",
"url": "/me/drive/root/children",
   "method": "POST",
   "body": {
    "name": "folder1",
    "folder": {}
   },
   "headers": {
    "content-type": "application/json"
   }
  }, {
   "id": "2",
   "url": "/me/drive/root/children/folder1",
   "method": "GET",
   "dependsOn": ["1"]
}, {
"id": "3",
"method": "GET",
"url": "/me/planner/tasks"
"id": "4",
"url": "/groups/{id}/events" }  ]
With Microsoft Graph
Use $batch to combine multiple requests in one call
Documents
Calendar
Sites
Tasks
Meetings
Contacts
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18. SDKs, samples and tooling
Microsoft Tech Summit FY17
11/8/ :11 AM
SDKs, samples and tooling
PREVIEW
GA* GA GA GA
ASP.NET MVC
JavaScript
Angular
PHP
Python
PREVIEW
PREVIEW
GA*
GA*
GA*
Xamarin
UWP
Android
iOS
Ruby
UPDATED
PREVIEW
VS integration
Bindings
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19. Agenda What Graph can do for you Microsoft Graph 101 App scenarios
Microsoft Build 2017
11/8/ :11 AM
What Graph can do for you
Microsoft Graph 101
Agenda
App scenarios
Next steps
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20. Imagine what you can build
11/8/2018
Imagine what you can build
Intelligent workflows & processes
Group management & compliance
B2B relationships
Secure transactions using conditional access
Smart meetings
… and MORE
© 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21. Provisioning workflows – user onboarding
New hire created
Set profile
Assign licenses
Set manager
Assign devices
Provision mobile devices
Authorize access
Assign to groups
Assign to roles
POST /users
POST /groups/{id}/members/$ref
POST /users/{id}/assignLicense
POST /groups/{id}/directoryRoles/$ref
POST /users/{id}/manager/$ref

22. Demo: New hire Using Azure functions to process a new hire
11/8/ :11 AM
Demo: New hire
Using Azure functions to process a new hire
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23. Provisioning workflows – team change
Department update
Change dept.
Current manager
Set new manager
Re-authorize
Remove from groups
Add to groups/roles
Work in progress?
Working on?
Tasks
Notify manager
/users/delta?$select=department
Track department changes
PATCH /users/{id}
DELETE /groups/{id}/members/$ref
/users/{id}/insights/trending
/users/{id}/manager
/users/{id}/tasks
POST /groups/{id}/members/$ref
POST /users/{id}/manager/$ref
POST /users/{id}/sendMail
POST
/directoryRoles/{id}/members/$ref

24. Provisioning workflows - enhancement
11/8/ :11 AM
Provisioning workflows - enhancement
POST /directoryRoles/{id}/members/$ref
Privileged Identity Management can help
POST /privilegedRoleAssignment
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25. Automated Support Ticket Assignment
Set up Group
Create Schema Extension
Create Group tagged w/ Support Topic
Add Members
Find an Engineer
Search for Group based on Support Topic
Find Engineer
Perform Smart Routing
Check for OOF
Find an Expert to Help
GET /users/{id|userPrincipalName}/mailboxSettings/automaticRepliesSetting
POST /schemaExtension
GET eq ‘Developer Tools’
POST /groups
GET
POST /groups/{id}/
members/$ref
GET /groups/{id}/
members

26. Secure Transactions using Conditional Access
11/8/ :11 AM
Secure Transactions using Conditional Access
Scenario: ensure that users using apps that access data and services through Microsoft Graph are doing so securely
Update coming:
Moving Conditional Access Policy evaluation from the token endpoint to Microsoft Graph (for Microsoft Graph calls)
HTTP 403; Forbidden  
error=insufficient_claims 
Developer guidance:
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27. Agenda What Graph can do for you Microsoft Graph 101 App scenarios
Microsoft Build 2017
11/8/ :11 AM
What Graph can do for you
Microsoft Graph 101
Agenda
App scenarios
Next steps
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28. Microsoft Graph a unified REST API
Microsoft Build 2017
11/8/ :11 AM
Microsoft Graph
a unified REST API
and comprehensive developer experience
for integrating with the data and intelligence
exposed by Microsoft services
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29. Get started today https://graph.microsoft.com #MicrosoftGraph
11/8/ :11 AM
Get started today
Twitter
#MicrosoftGraph
GitHub
/MicrosoftGraph
StackOverflow
[MicrosoftGraph]
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30. Related sessions Code Time Slot Location Title BRK3202 THR3072 BRK3340
11/8/ :11 AM
Related sessions
Code
Time Slot
Location
Title
BRK3202
Thursday 2:15
OCC W206
Modern business processes with Microsoft Graph and Azure Functions
THR3072
Thursday 10:00
OCC S Expo
Controlling and leveraging the power of Microsoft Graph
BRK3340
Friday 10:45
OCC W221
Build intelligent LoB apps leveraging Outlook/Exchange data, using Microsoft Graph 
BRK3267
Thursday 12:30
OCC W224
Let’s build with SharePoint (webparts, extensions and much more)
BRK3200
Thursday 10:45
OCC S330
Build smarter bots and devices by connecting to the Microsoft Graph
BRK3119
OCC W311
Learn how to use Microsoft Intune with the new admin console and Microsoft Graph
BRK2314
Thursday 4:30
OCC S210
Improve productivity for cross plat cross device apps with Project Rome
BRK3221
Friday 9:00
OCC W304
Developing enterprise bots with Office 365
BRK2018
Thu 9:00
OCCC W230
Share corporate resources with your partners using Azure Active Directory B2B collaboration
BRK3207
Thu 10:45
OCCC S310
The keys to the cloud: Use Microsoft identities to sign in and access API from your mobile+web apps
BRK3012
OCCC W311
Secure access to Office 365, SaaS and on-premises apps with Microsoft Enterprise Mobility + Security
BRK3013
Thu 12:30
OCCC Valencia W415 AB
Ensure users have the right access with Azure Active Directory
BRK3015
Thu 2:15
OCCC West Hall E1
Deep-dive: Azure Active Directory Authentication and Single-Sign-On
BRK3014
Thu 4:00
Azure Active Directory best practices from around the world
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

31. Attend related sessions Try the quick start challenges
11/8/ :11 AM
Attend related sessions
Try the quick start challenges
Connect with us at the booth
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

32. Please evaluate this session
Tech Ready 15
11/8/2018
Please evaluate this session
From your
Please expand notes window at bottom of slide and read. Then Delete this text box.
PC or tablet: visit MyIgnite
Phone: download and use the Microsoft Ignite mobile app
Your input is important!
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

33. 11/8/ :11 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.