Join Kalyan Krishna for Part II on the introduction to Microsoft Graph for developers. Agenda topics include: -What is Microsoft Graph? -Why did we build Microsoft Graph? -Common Scenarios -Developing applications for Microsoft Graph -Code walkthrough – Manage Users -The Big Picture For more information, please visit https://graph.microsoft.com

1. An introduction to Microsoft Graph
for developers
PartII – AdvancedTopics
Identity Developer Advisors
November 21st, 2019 Kalyan Krishna
Sr Program Manager-Identity Division
kalyankrishna1

2. https://www.youtube.com/watch?v=EBbnpFdB92A

3.  What is Microsoft Graph?
 Why did we build Microsoft Graph?
 Common Scenarios
 Developing applications for Microsoft Graph
 The app topology
 Permissions & Consent
 SDKs
 The app patterns
 Code walkthrough – Manage Users
 The Big Picture
PAGE 3

4. Microsoft Graph: gateway to your data in the Microsoft cloud

5. Single API for:
1.Accessing data
/me, /users, /groups, /messages, /drive, ….
2.Traversing data
/drive/items/<id>/lastmodifiedByUser
3.Accessing insights
/insights/trending
4.Work/School and Personal
Accounts
What is Microsoft Graph?
https://graph.microsoft.com/

7. Try it now..
Microsoft Graph Explorer – https://aka.ms/ge

8. Microsoft Graph
https://graph.microsoft.com/
Insights and relationships
Calendar
Personal
Contacts
Files Notes
Org
Contacts
NotesPeopleUsers ExcelTasksMailGroups
Data
XCode
Eclipse or
Android Studio
Visual Studio REST
Development
Environment
YOUR APP
Your choice of technology (.NET, JS, HTML, Ruby, etc.)
Microsoft Azure
Other hosting
(IIS, LAMP, etc.)
Solution
Authentication
and Authorization OpenID Connect and OAuth 2.0

9. Users can consent for their data or admin can consent for all users Only admin can consent
Delegated
permissions
App
Permissions
App
permissions
Permission type: applicationPermission type: delegated
Get access on behalf of users Get access as a service
Effective permissionEffective permission
https://aka.ms/ConsentAndPermissions

10. scope
scope
scope

11. https://docs.microsoft.com/graph/sdks/sdks-overview

13. Microsoft Graph SDKs, samples and tooling

14. • Provides support for common tasks such
as
• Models and request builders for
entities
• Paging through collections.
• Creating batch requests.
• More..
• Embedded support for
• Retry handling
• Secure redirects
• Payload compression
• More..
Improve your application's interactions with
Microsoft Graph, without adding complexity
• Designed to simplify building high-
quality, efficient, and resilient
applications that access Microsoft
Graph
• Available to be included in your
projects via GitHub and popular
platform package managers
• The library contains models and
request builders that are generated
from Microsoft Graph metadata

15. Microsoft Graph SDKs
• For .NET, separate SDKs available for:
• /V1.0 - https://graph.microsoft.com/v1.0/$metadata
• /beta - https://graph.microsoft.com/beta/$metadata

16. Microsoft Graph .NET Authentication Provider Library
 Microsoft Graph .NET authentication library provides a set of
OAuth scenario-centric authentication providers that implement
Microsoft.Graph.IAuthenticationProvider
 Uses Microsoft Authentication Library (MSAL) under the hood to
handle access token acquisition and storage.
 Its still in prerelease, so , use the –prerelease flag in Nuget fetch
Install-Package Microsoft.Graph.Auth -PreRelease

19. Aboutthissession
Objectives
• Harness the power of Graph beyond the REST Api.
• Build more resilient, performant and fault-tolerant applications.
Topics
• Using the Graph SDK
• Pagination
• Optimizations
• Change Tracking
• Delta Queries
• Notifications
• Batching
• Throttling & Error Handling
• Extending Graph

20. Prerequisitesforcoding:
Get a free Azure AD tenant for development purposes
https://aka.ms/o365devprogram
The Code from previous session:
https://gist.github.com/kalyankrishna1/0a6ea6d00a09f7ae81c89960e1038d79
For Change notifications, we’d use the following sample, please download:
https://github.com/microsoftgraph/msgraph-training-changenotifications
We’d use ngrok to demo notifications. Register and download the free tool from :
https://ngrok.com/
The updated code for this session:
https://gist.github.com/kalyankrishna1/997f7ca1af1f73f8107c1c8cebfbaf3f

21. To build an app..
• Use Graph explorer and the Docs to:
• Locate all the Apis you’d need to call
• Locate all the permissions your app will be requesting
• Register your app with the identity platform
• Configure app permissions
• Use MSAL for sign-in and get a token for Graph
• Make calls using Graph SDK (preferred) or REST APIs
directly

23. profile
GET: /users/kkrishna
{
"displayName": "Kalyan Krishna",
"givenName": "Kalyan",
"jobTitle": "SENIOR PROGRAM MANAGER",
}
GET: /users/kkrishna/photo/$value
GET: /users/kkrishna/manager
{"displayName": “Beatriz…}
GET: /users/kkrishna/directReports
"value" : [
{"displayName": “Tiago…},
{"displayName": “Mani…}
]
GET: /me/memberOf/…
"value" : [
{"displayName": “Microsoft Graph…},
{"displayName": “Azure AD Identity Champs…}]
Beatriz
manager
Tiago Mani
directReports
Groups
memberOf

24. With the
SDK
// Initialize and prepare MSAL
[Redacted]
// Initialize the Graph SDK authentication provider
InteractiveAuthenticationProvider authenticationProvider =
new InteractiveAuthenticationProvider(app, scopes);
GraphServiceClient graphServiceClient =
new GraphServiceClient(authenticationProvider);
// Call the /me Api
var me = graphServiceClient.Me.Request().GetAsync().Result;
Console.WriteLine($"Display Name from /me-{me.DisplayName}");

26. Pagination
Graph uses server-side
page size limits
When querying
collections, Graph may
return the results in
many pages
Always expect an
@odata.nextLink
property in the response
Contains the URL to the next page

27. Request
1.
Always handle the
possibility that the
responses are paged
in nature
2.
Follow the
@odata.nextLink
to obtain the next
page of results
3.
Final page will not
contain an
@odata.nextLink
property
4.
Treat the entire URL
as an opaque string

28. Easier
with SDK
// call /me/memberOf Api
var mygroups = await graphServiceClient.Me.MemberOf.Request().GetAsync();
int pagenum = 1;
if (mygroups != null){
do
{
// Page through results
foreach (var directoryObject in mygroups.CurrentPage)
{
if (directoryObject is Group)
{
Group group = directoryObject as Group;
Console.WriteLine($"Page #-{pagenum}- Group:{group.DisplayName}");
}
}
// are there more pages (Has a @odata.nextLink ?)
if (mygroups.NextPageRequest != null)
{
mygroups = await mygroups.NextPageRequest.GetAsync();
pagenum++;
}
else
{
mygroups = null;
}
} while (mygroups != null);
}

30. Querying data | Use projections
GET https://graph.microsoft.com/v1.0/users?
$select=givenName,mail
Choose the properties your
app really needs and no
more
Don’t send
unnecessary data over
the wire
Tip
Use $select

31. Querying data | Use filters
GET https://graph.microsoft.com/v1.0/users?
$filter=department eq ‘Sales’ & $select=givenName,mail
Choose the records your
app really needs and no
more
Don’t send
unnecessary data over
the wire
Tip
Use $filter

32. POST/PATCH/PUT | no response required
If your code doesn’t need
to get a response, then opt
out
Don’t send
unnecessary data over
the wire
Tip
Use HTTP
Prefer return=minimal
request header

35. Track changes | Delta query
Scenario
Need to cache or store Microsoft
Graph data locally, and keep that
data up to date, or track changes to
data for any other reasons
Tip
Use delta query
Why
Stop retrieving data your application already has!
Minimizes network traffic
Reduces the likelihood of reaching a throttling
threshold
https://docs.microsoft.com/en-us/graph/delta-query-overview

36. Allows retrieving changes since you last requested them
Check the Delta query overview page for supported resources
Use the /delta function to request changes
Store returned the deltaLink for subsequent requests
Use $select to narrow what you want changes for
Track changes | Delta query

39. Track changes | Webhooks
Scenario
Client apps use notifications to
update their state upon changes
Tip
Use webhook
notifications as the
trigger to make
delta query calls
Why
Difficult to figure out optimal polling interval

40. • Translate an email when it arrives
• Start a Flow when a document is X many months old
• Create new user accounts in your application when a user joins an
organization
Track changes | Webhooks
Example
Scenarios

41. Microsoft Graph webhook subscriptions – high level overview
Groups
FilesCalendar
Messages
Meetings
User
People
Devices
Coworkers
Insights
Chats
Teams
Tasks
Microsoft
Graph
Subscription request1
Subscription response – HTTP 201 Created2
Notifications3

42. Supported
resources
• Outlook message
• Outlook event
• Outlook personal contact
• user
• group
• Office 365 group conversation
• Content within the hierarchy of any folder driveItem on a user's
personal OneDrive
• Content within the hierarchy of the root folder driveItem on
OneDrive for Business
• Security alert
Check the webhooks docs for the latest list of supported resources.

43. Token validation and notification responses
Application https://graph.microsoft.com/v1.0https://contoso.com/api
HTTP POST /subscriptions + subscription in body
HTTP POST ?validationToken=XYZ
HTTP 200 OK + token in body
HTTP 201 CREATED + subscription in body
HTTP POST + notifications in body
HTTP 202 ACCEPTED
HTTP GET resource
HTTP 200 OK + resource

44. WebHooks create request example
GET https://graph.microsoft.com/v1.0/me?$select=id,displayName,mail&$expand=extensions
POST https://graph.microsoft.com/v1.0/subscriptions
Content-Type: application/json
{
"resource": "/users",
"changeType": "updated",
"clientState": "SecretClientState",
"notificationUrl": "https://dfa2c56c.ngrok.io/api/notifications",
"expirationDateTime": "2019-22-23T15:41:22.3774877+00:00"
}

45. GET https://graph.microsoft.com/v1.0/me?$select=id,displayName,mail&$expand=extensions
POST https://68c75850.ngrok.io/api/notifications
{
"value": [
{
"changeType": "updated",
"clientState": "SecretClientState",
"resource": "Users/695a3e1d-2e9f-4d24-aa3c-ac795c16f25c",
"resourceData": {
"@odata.type": "#Microsoft.Graph.User",
"@odata.id": "Users/695a3e1d-2e9f-4d24-aa3c-ac795c16f25c",
"id": "695a3e1d-2e9f-4d24-aa3c-ac795c16f25c",
"organizationId": "979f4440-75dc-4664-b2e1-2cafa0ac67d1",
"sequenceNumber": 637048551305855700
},
"subscriptionExpirationDateTime": "2019-09-23T17:09:24.8176341+00:00",
"subscriptionId": "9697c441-8375-4651-9c5a-bb85b9da005a",
"tenantId": "979f4440-75dc-4664-b2e1-2cafa0ac67d1"
}
]
}
WebHooks notification

46. https://github.com/microsoftgraph/msgraph-training-changenotifications
https://ngrok.com/

48. https://docs.microsoft.com/en-us/graph/throttling

49. • You should expect throttling and
handle it with retries.
• Microsoft Graph returns status code
429 and a retry-after value.
• Limits on read operations are much
higher than on write.
• When using /$batch, errors are
returned for individual requests
Throttling HTTP/1.1 200 OK <- the batch request was successful, however
some requests may have failed
{"responses": [ {
"id": “myRequest1",
"status":429, <-this request was throttled and should be
retried
"headers" : {"Retry-After":"9"},
“body”: {
"error": {
"code": "TooManyRequests",
} } },
{
"id": “myRequest2",
"status":204, <-this request succeeded
“body": {
…
} }
]}

50. Easier
with SDK
var messages = await graphServiceClient.Me.Messages.Request()
.WithMaxRetry(5)
.WithScopes(new string[] { "Mail.Read" })
.GetAsync();
Throttling

51. Error Best practice
403 How did this happen? My application got consent!
The signed-in user does not have privileges to access the resource requested.
Tip: Provide a generic "Access denied" error back to the signed-in user.
404 How did this happen? I just got this resource!
Resource not yet provisioned (like a user's photo)
Resource has been deleted
Tip: Watch for restore - your application should also take this into account.
429 Your app should always be prepared to be throttled.
Tip: Honor the HTTP Retry-After response header to recover
Tip: Rate limit to stay below throttle limits
503 Service is busy
Tip: Retry – but employ a back-off strategy similar to 429
Tip: Additionally, always make new retry requests over a new HTTP connection
Handle expected errors

52. https://docs.microsoft.com/en-us/graph/json-batching

53. Batching
Scenario
Mobile client app needs to get
signed-in user’s profile AND avatar
Tip
Use JSON batching
Why
Performance gains through multiplexing
Save the application significant network latency
Conserves connection resources
Lower bandwidth consumption
https://aka.ms/gb

55. https://docs.microsoft.com/en-us/graph/extensibility-overview

56. Extending Microsoft Graph
Add app specific user
profile data
Your app
Data
Your app

57. Open extensions - a flexible way to add untyped app data directly to a resource instance.
extensionName is the only pre-defined, writeable property, must be unique within the tenant
Schema extensions - Define schema extension definition and extend resource instances with
strongly-typed custom data.
The schema discoverable and shareable, can be used in filtering.
https://docs.microsoft.com/en-us/graph/extensibility-overview
Adding custom data to resources in Microsoft-Graph

58. https://docs.microsoft.com/en-us/graph/extensibility-open-users

59. Open
Extensions
• Open extensions, are accessible through the extensions
navigation property of the resource instance
• The extensionName property is the only pre-defined, writable
property in an open extension
• When creating an open extension, you must assign the
extensionName property a name that is unique within the
tenant.

60. GET https://graph.microsoft.com/v1.0/me?$select=id,displayName,mail&$expand=extensions
Create Request
POST https://graph.microsoft.com/v1.0/me/extensions
Content-type: application/json
{
"@odata.type":"microsoft.graph.openTypeExtension",
"extensionName":"com.contoso.roamingSettings",
"theme":"dark",
"color":"purple",
"lang":"Japanese"
}
Open extensions example

61. GET https://graph.microsoft.com/v1.0/me?$select=id,displayName,mail&$expand=extensions
Creation Response
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.type": "#microsoft.graph.openTypeExtension",
"extensionName": "com.contoso.roamingSettings",
"id": "com.contoso.roamingSettings",
"theme": "dark",
"color": "purple",
"lang": "Japanese"
}
Open extensions example

62. GET https://graph.microsoft.com/v1.0/me?$select=id,displayName,mail&$expand=extensions
Update the data in the open extension
Request
PATCH https://graph.microsoft.com/v1.0/me/extensions/com.contoso.roamingSettings
Content-type: application/json
{
"theme": "light",
"color": "yellow",
"lang": "Swahili"
}
Response
HTTP/1.1 204 No content
Open extensions example

63. GET https://graph.microsoft.com/v1.0/me?$select=id,displayName,mail&$expand=extensions
Retrieve roaming profile information
Request
GET https://graph.microsoft.com/v1.0/me?$select=id,displayName,mail,mobilePhone&$expand=extensions
Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-length: 420
{
"id": "84b80893-8749-40a3-97b7-68513b600544",
"displayName": "John Smith",
"mail": "john@contoso.com",
"mobilePhone": "1-555-6589",
"extensions": [
{
"@odata.type": "#microsoft.graph.openTypeExtension",
"extensionName": "com.contoso.roamingSettings",
"id": "com.contoso.roamingSettings",
"theme": "dark",
"color": "purple",
"lang": "Japanese"
}
]
}
Open extensions example

64. https://docs.microsoft.com/en-us/graph/extensibility-schema-groups

65. Schema
Extensions
Versatility
Define schema extension definition and extend resource instances with strongly-typed custom data.
Discoverable by other apps via status property
Schema extensions are complex types, enabling use of HTTP verbs:
• POST to specify custom data when creating a new resource instance
• GET to read the custom data
• PATCH to add or update in an existing resource instance
• PATCH to set the complex type to null, deleting the custom data

66. GET https://graph.microsoft.com/v1.0/me?$select=id,displayName,mail&$expand=extensions
View existing schema extensions
POST GET https://graph.microsoft.com/v1.0/schemaExtensions?$filter=id eq
'graphlearn_test’
Content-type: application/json
{
"value": [
{
"id": "graphlearn_test",
"description": "Yet another test schema",
"targetTypes": [
"User",
"Group"
],
"status": "Available",
"owner": "24d3b144-21ae-4080-943f-7067b395b913",
"properties": [
{
"name": "testName",
"type": "String"
}
]
}
]
}
Schema extensions example

67. GET https://graph.microsoft.com/v1.0/me?$select=id,displayName,mail&$expand=extensions
Register a new schema extension - Request
POST https://graph.microsoft.com/v1.0/schemaExtensions
Content-type: application/json
{
"id": "graphlearn_courses",
"description": "Graph Learn training courses extensions",
"targetTypes": [
"Group"
],
"properties": [
{
"name": "courseId",
"type": "Integer"
},
{
"name": "courseName",
"type": "String"
},
{
"name": "courseType",
"type": "String"
}
]
}
Schema extensions example

68. GET https://graph.microsoft.com/v1.0/me?$select=id,displayName,mail&$expand=extensions
Register a new schema extension – Response
HTTP/1.1 201 Created
Content-length: 420
Content-type: application/json
{
"id": "graphlearn_courses",
"description": "Graph Learn training courses extensions",
"targetTypes": [
"Group"
],
"status": "InDevelopment",
"owner": "24d3b144-21ae-4080-943f-7067b395b913",
"properties": [
{
"name": "courseId",
"type": "Integer"
},
{
"name": "courseName",
"type": "String"
},
{
"name": "courseType",
"type": "String"
}
]
}
Schema extensions example

69. GET https://graph.microsoft.com/v1.0/me?$select=id,displayName,mail&$expand=extensions
Populate a schema extension (a group)
Request
POST https://graph.microsoft.com/v1.0/groups
Content-Type: application/json
{
"displayName": "New Managers March 2017",
"description": "New Managers training course for March 2017",
"groupTypes": [ "Unified" ],
"mailEnabled": true,
"mailNickname": "newMan201703",
"securityEnabled": false,
"graphlearn_courses": {
"courseId": "123",
"courseName": "New Managers",
"courseType": "Online"
}
}
Schema extensions example

70. GET https://graph.microsoft.com/v1.0/me?$select=id,displayName,mail&$expand=extensions
Populate a schema extension (a group)
Response
POST https://graph.microsoft.com/v1.0/groups
HTTP/1.1 201 Created
Content-length: 420
Content-Type: application/json
{
"id": "dfc8016f-db97-4c47-a582-49cb8f849355",
"createdDateTime": "2017-02-09T00:17:05Z",
"description": "New Managers training course for March 2017",
"displayName": "New Managers March 2017",
"groupTypes": [
"Unified"
],
"mail": "newMan201703@graphlearn.com",
"mailEnabled": true,
"mailNickname": "newMan201703",
"securityEnabled": false,
"theme": null,
"visibility": "Public"
}
Schema extensions example

71. GET https://graph.microsoft.com/v1.0/me?$select=id,displayName,mail&$expand=extensions
Add update and remove data in a schema extension (a group)
Request
PATCH https://graph.microsoft.com/v1.0/groups/dfc8016f-db97-4c47-a582-49cb8f849355
Content-length: 230
Content-Type: application/json
{
"graphlearn_courses": {
"courseId": "123",
"courseName": "New Managers",
"courseType": "Online"
}
}
Response
HTTP/1.1 204 No Content
Schema extensions example

73. Microsoft NDA Confidential
Identity and Security Collaborative Engineering
Next Steps
• Visit our docs @ https://aka.ms/graph
• Connect with us via:
• Ask questions to the team:
https://stackoverflow.com/questions/tagged/microsoft-graph
• Submit new feature and service requests @ https://feedback.azure.com

74. Microsoft Confidential
Engage with us!
Topic Feedback type Forum URL Who supports
All identity developer
topics (Auth libraries, MS
Graph, App Registration
portals)
Community-driven
developer Support for
Questions and Answers
Stack Overflow
https://stackoverflow.com/questions/tagged/azu
re-active-directory+or+microsoft-
graph+or+azure-ad-conditional-access
Supported by Microsoft and
community
Authentication Libraries –
ADAL, MSAL, Auth
Middleware
Library issues, bugs, open
source contributions
GitHub
https://docs.microsoft.com/azure/active-
directory/develop/active-directory-
authentication-libraries
Azure AD teams manage issues, bugs
and review/ approve contribution
Azure AD, MS
Graph, Libraries, App
Registration – Developer
Experiences
Feature requests,
suggestions for product
improvements
Azure Feedback
Azure Feedback for Authentication and also
AppRegFeedback@microsoft.com for portal
specific feedback. User Voice for Microsoft
Graph
Azure AD teams triage feature
requests
All identity developer
topics (Auth libraries, MS
Graph, App Registration
portals)
Discussion with other
MVPs and NDA
community
Yammer Identity
Developer Advisors
https://www.yammer.com/azureadvisors/#/threa
ds/inGroup?type=in_group&feedId=5800064
Engagement with Identity Advisors
and Microsoft product groups
Identity developer topics
for Auth
Delve deep into complex
identity related
development topics live Community Office Hours
azuread Twitter handle and the
Microsoft Tech community
Opportunity to make questions and
answers in real time to product teams
via live conference
All developer topics Assisted support for
developers
Customer Service and
Support
More information on support options:
https://aka.ms/devexhelpsupport
Direct 1:1 help from our support
engineering teams

75. References
and Samples
• Install the Microsoft Graph SDKs
• Authentication Providers for Microsoft Graph .NET SDK
• Graph SDK design
• Microsoft Graph Uservoice
• Best practices for working with Microsoft Graph
• Use query parameters to customize responses
• Combine multiple requests in one HTTP call using JSON batching
• BatchRequestContent
• Add custom data to resources using extensions
• Configuring directory extension optional claims
• Microsoft Graph resources
• Microsoft Graph SDK beta
• Office 365 Developer Program
• Paging Microsoft Graph data in your app

76. Join the Developer Program
Benefits
Free renewable Office 365 E3 subscription
Be your own admin
Dev sandbox creation tools
Preload sample users and data for Microsoft Graph, and more
Access to Microsoft 365 experts
Join bootcamps and monthly community calls
Tools, training and documentation
Learn, discover and explore about Office 365 development
Blogs, newsletters and social
Stay up to date with the community
https://aka.ms/o365devprogram

77. Microsoft Graph
Gateway to your data in the Microsoft cloud
Users, Groups, Organizations
Outlook
SharePoint
OneDrive
Teams
Planner
Excel
OneNote
Activities
Device Relay
Commands
Notifications
Azure AD
Intune
Identity Manager
Advanced Threat Analytics
Advanced Threat Protection
Mail, Calendar,
Contacts and Tasks
Sites and Lists
Drives and Files
Channels, Messages
Tasks and Plans
Spreadsheets
Notes, and more…
Identity Management
Access Control
Synchronization
Domains
Administrative Units
Applications and Devices
Advanced Threat Analytics
Advanced Threat Protection
Alerts
Policies
and more…
Office 365 Windows 10 Enterprise Mobility + Security
https://graph.microsoft.com
Dynamics 365
Business Central