Agenda this month included Ignite announcement recap, overview and updates for both the Security API and Adaptive Cards.

1. Microsoft Graph
Community call
October 2, 2018
8:00 AM PST
https://aka.ms/microsoftgraphcall

2. • https://aka.ms/microsoftgraphcall
• Monthly cadence
• Next call: November 6 , 2018
• What’s new & how you can use it
• Meet the product teams behind Microsoft Graph
• Technical deep dives
• Q&A

3. Call agenda

4. David ClauxJeremy Thake
@jthake
Preeti Krishna
@preetikr007

5. Microsoft Graph updates

6. https://techcommunity.microsoft.com/t5/Microsoft-
Ignite/ct-p/MicrosoftIgnite

7. http://www.m365devpodcast.com/

8. Focus Topics

9. Microsoft Graph Security
Microsoft Ignite 2018 Updates
Preeti Krishna
Senior Program Manager

10. Develop investigation and remediation
playbooks that call Graph Security to
take actions
Automate security policy checks enforce
rules, and orchestrate actions across
security solutions.
Integrate insights about users, hosts,
apps
Add organizational context from other
Microsoft Graph providers (Identity,
Intune, Office, etc.)
Improve visibility into Secure Score for
proactive risk management
Write code once to get alerts from any
Microsoft Graph Security provider
Correlate alerts across security
solutions more easily with a common
alert schema
Keep alert status and assignments in
sync across all solutions
Unified gateway to security insights and actions across Microsoft products, services, and partners
Streamline alert correlation
and management
Simplify orchestration and
automation
Unlock context to inform
security operations

11.  Alerts entity is now generally available!
 An expanded set of Microsoft plus third-party alert providers
 Support for alert updates - alerts can be tagged with additional context or threat intelligence to inform
response and remediation, comments and feedback can be captured for visibility to other workflows, and alert
status and assignments can be kept in sync
 More alerts can be streamed to SIEM solutions, like Splunk and IBM QRadar, through Azure Monitor
 Microsoft Secure Score is now available in beta – helping customers proactively manage security risk by
providing visibility into their security posture and guidance on how to improve it
 New and updated developer resources:
 Microsoft Graph SDKs now include support for security alerts.
 Updated documentation and code samples in multiple languages help developers get started.
 An open source repository with guidelines enables developers to contribute to code samples.
 A new whitepaper introduces Microsoft Graph Security.

12. Alerts
Security Profiles
Host | User | File | App | IP
Actions Configurations
MICROSOFT GRAPH SECURITY API
Federates queries, Aggregates Results, Applies Common Schema
Ecosystem
Partners
Threat
Intelligence
Secure Score

13. 13
 Onboarding additional Microsoft and ecosystem products
 Unlock new security context through Security Profiles
 Add automation through Actions and Configuration
 Enable customers to bring their own Threat Intelligence to Microsoft
 Additional client SDKs and sample code through Microsoft Graph

15. Documentation
Read the documentation
https://aka.ms/graphsecuritydocs
Learn how to stream alerts to your SIEM
https://aka.ms/graphsecuritySIEM
Read the whitepaper:
https://aka.ms/graphsecuritywhitepaper
Code and Contribute
Get started with samples and contribute
https://aka.ms/graphsecurityapicodecontribute
Download the SDKs
https://aka.ms/graphsecuritysdk
Explore in Microsoft Graph
https://developer.microsoft.com/en-
us/graph/graph-explorer
Communities
Join the Tech Community
https://aka.ms/graphsecuritycommunity
Follow the discussion on Stack Overflow
https://stackoverflow.com/questions/tagged/mic
rosoft-graph-security

16. Adaptive Cards
David Claux
Principal Program Manager

19. your content
a host experience

20. Articles Videos
Cards trace their roots to social media

21. Reservations Weather
Reminders
And then…

22. Airline Itinerary
Airline Flight Update
Airline Check-in Reminder
Receipts
Restaurants

23. ? ?
??
?
?
?
?
?
? ?

25. <meta name="twitter:card"
content="summary_large_image"/>
<meta name="twitter:site"
content="www.nationalgeographic.com"/>
<meta name="twitter:creator"
content="@NatGeo"/>
<meta name="twitter:title"
content="Your Shot: Nepal Trekking Pictures"/>
<meta name="twitter:description"
content="See Nepal Trekking Adventure Photos
from
Adventurers Like You"/>
<meta name="twitter:image"
content="http://something.com/image.jpg"/>

26. <meta property="og:type" content="article" />
<meta property="og:url" content="some-story.html" />
<meta property="og:title"
content="When Great Minds Don’t Think Alike" />
<meta property="og:description"
content="How much does culture influence creative
thinking?" />
<meta property="og:image"
content="http://nyt.com/summary-image.jpg" />

27. {
"type": "template",
"payload": {
"template_type": "airline_itinerary",
"passenger_info": [
{
"name": "Sarah Hum"
}
],
"flight_info": [
{
"flight_number": "KL9123",
"departure_airport": { "airport_code": "SFO" },
"arrival_airport": { "airport_code": "AMS" }
}
],
"base_price": "12206",
"tax": "200",
"total_price": "4032.45"
}
}

28. Facebook
looks like
Facebook
All 3rd party
content is
tightly
controlled
Only have to
decorate their
content once
For Users For Content AuthorsFor Host Apps

29. Every template
must be designed,
implemented, and
documented on
every platform
Limited types of
content (articles,
video, airline, etc.)
For Content AuthorsFor Host Apps

30. Complete
freedom to draw
anything
For Host Apps For Content Authors
No more
treadmill
Get the
content
they expect
For Users

31. Performance
and security
Consistency
No
restrictions
Every card must
be painstakingly
styled to match
host UX
For Host Apps For Content Authors

32. Fixed templates
Complete control
No flexibility
Update treadmill
HTML Canvas
No consistency
No control
Security concerns
????

33. Fixed templates
Complete control
No flexibility
Update treadmill
HTML Canvas
No consistency
No control
Security concerns
Adaptive Cards

35. Yes No Maybe

36. Native
rendering
on any
platform
Automatically
adapt to the
Host UX
Low cost,
targeted at
the long tail
Purely
declarative,
no code

37. Extensible
schema to
describe your
content
Actions to
open URLs,
show other
cards, etc
Input to
gather
information
from users
Speech
enabled from
day-one

38. Interactive
Visualizer
Schema
Explorer
VS Code
Previewer
Designer
(preview)

40. http://adaptivecards.io
https://github.com/Microsoft/AdaptiveCards
http://dev.botframework.com
https://github.com/matthidinger/ContosoScubaBot
https://acdesignerstaging.azurewebsites.net
https://github.com/justinwilaby/babel-plugin-jsx-adaptive-cards
https://github.com/tomlm/Razorback
https://docs.microsoft.com/en-us/outlook/actionable-messages
https://messagecardplayground.azurewebsites.net

41. Community contributions

42. Generally Available ( /v1.0 ) Preview ( /beta )
Office 365
Exchange (Get MailTips)
OneDrive (Preview, Followed docs)
AAD (Device Configuration)
EMS
Security (Alerts)
Office 365
Exchange (Get free/busy data, Add custom internet headers to
message)
SharePoint (Sharing Links, Followed content, Pages and List Views
API’s)
Dynamics
Business Central (Financials)
EMS
AAD (Risky users, Sign-in, Access review, B2x ext user state)
Teams (Tab creation, Calling, App Context, Provisioning, Classroom
creation)
Security (Secure Score)
Coming by EOY CY18
AAD (Applications)
Exchange (Get MIME content of messages)
Data sets

43. Generally Available ( /v1.0 ) Preview ( /beta )
Delta – return only changed properties for delta query on
Azure AD objects (user and groups)
Webhooks – notifications on user/group is
created/modified/deleted
Microsoft Graph data connect
Delta – query for new entities: apps, servicePrinicipals,
directoryRoles
Ability to delta query base type /directoryObjects and use isOf
filter to select 1 or more derrived types. E.g. use a single DQ to
sync user and group objects
Project Rome (User Notifications)
Coming by EOY CY18
Webhooks – "Rich webhooks" for Microsoft Team "messages" -
the app can now subscribe to receive notifications with the actual
content
Capabilities

44. Generally Available ( /v1.0 ) Preview ( /beta )
.NET – 1.11.0 Nuget package update
PHP – 1.3.3 Composer update
Java – General Availability
Javascript – Core library as a npm package
Typescript Types – npm package. Soon to be available on
DefinitelyTyped also.
Objective C (preview)– Support for core Graph
functionailty
PHP
Typescript Types
.Net – Coming soon
Java – Coming soon
SDKs
SDKs are all OSS on https://github.com/microsoftgraph

45. Responsiveness Flexibility Coverage
Monthly Releases Use only the parts you want
Graph Content
Batch, Multipart, Notifications, Paging,
Delta
Self-serve SDKs Access native HTTP objects
Middleware Pipeline
Auth, Redirect, Retry, Long Running
Operations, Caching
Common Feature Architecture Support more use-cases
Workflow Scenarios
Large File Upload, Mail with Attachment

46. https://aka.ms/OfficeDevYouTube
https://aka.ms/GraphCallQuestions
https://aka.ms/MicrosoftGraphCall

47. Q&A