Slides supporting the session at SPS toronto 2018. Talking about Azure Active directory, azure functions, microsoft graph and the SharePoint Framework

1. Microsoft Graph And
SharePoint Framework under
steroids with Azure functions
SharePoint Saturday Toronto 2018
By: Vincent Biret

2. GOLD
Thank You Sponsors!
BRONZESILVER

3. 3
SharePint
SharePint
The Drake & Firkin
6982 Financial Dr, Mississauga, ON L5N 8J4

4. Passionate about technologies, development and community
Vincent Biret
@baywet
bit.ly/vince365
Microsoft Office Dev MVP
Azure and Office 365 developer @ 2toLead

5. Devs, devops, deciders. Endless possibilities, faster time to market, focus on business
value
For whom this session is?

6. Agenda
The new stack for SharePoint Framework
What are azure functions?
Azure Active Directory
The Microsoft Graph
Better together! + Demo
Conclusion

7. Ready?

8. How to make everybody’s life better?
Demo

9. The Customer: CIA
Immersion Agency

10. The “be nice, eh” solution
The need
We want to encourage people to have better interactions
For that we’re going to “scan” their emails
Score the sentiment
Display average score per user on the company portal

11. Demo time

12. The solution requires a minimal development effort thanks to the integration between
the services provides by Office 365 and the infrastructure provided by Azure.
The architecture
MS
Graph
1
4
1. Users send/receive emails
2. Exchange communicates with
Graph
3. Graph triggers our function for
analysis
4. Users log into SP Portal
5. SPFX webpart contacts Azure
function for data

13. The new
stack
A modern tooling for developers

14. Have you already seen these slides?
Question!
Who has never heard about the
SharePoint Framework before this
talk?

15. The open source mindset shift also brings community support and samples and opens
SharePoint Dev to a bigger community
The Short Version
• New Tools!
• Front End only! (smaller footprint)
• Local And Remote WorkBench
• Closed source relying on open source
• First and third party

16. Microsoft has a desire to enable SPFX devs to build complex LOB applications backed by
MS or custom API’s
Custom API & Graph Access from SPFX
• SPFx components access custom Web APIs or MS Graph
• Additional permission scopes can be requested
• Bakes in the auth for you and provides a ready to use client
• Web APIs and Permission Scopes managed by Microsoft still available
• Admins can control additional access through per tenant AAD Service Principal
• Managed by SharePoint Online infrastructure
{
"WebApiPermissionRequest": {
"ResourceId": “GUID goes here",
"Scope": “GUID goes here",
}
"WebApiPermissionRequest": {
"ResourceId": “GUID goes here",
"Scope": “GUID goes here",
}
"WebApiPermissionRequest": {
"ResourceId": “GUID goes here",
"Scope": “GUID goes here",
}

17. Demo
Call to custom API

18. Azure
Functions
Serverless?

19. Improving the « pay for what you use » and the elasticity principles, it also provides a
total abstraction of servers
Serverless definition

20. Enable your team to deliver solutions faster, in a more structured way moving the focus
on the business logic
Benefits

21. From zero to productions in 7 steps! Microsoft’s answer to serverless
Azure functions
1. Pick a language
2. Pick a trigger
3. Add some inputs/outputs
4. Write the business logic code
5. (test/deploy)
6. Scale your service
7. Ship to production!!!

22. Dozens of bindings/triggers available, no more need to build the boiler plate code!
Connectors
MS Graph

23. 10 languages supported in Azure Functions and more to come
Languages

24. Comsuption plan is cheap if you don’t have a lot of executions. Beware of warm up time.
SKU’s & scale
Leverage App Service plan
Tiers: Free, Shared, Basic, Standard, Prenium
Cost based on reserved VMs
You have to manage scale
Comsuption based Plan
Cost Based # of Executions, Duration and Memory (GB.s)

25. Besides the browser, you can use VS2017 + Azure SDK or VSCode + Azure F CLI
Tooling

26. Custom API Body
Demo

27. Identity &
Membership
Azure Active Directory

28. AAD has become the key central identity service for Microsoft and provides a seamless
experience to end users.
Microsoft’s Central Identity Service
Leveraged by all Office 365 workloads
Stores Users, Groups, Applications…
Provides many capabilities
Hybrid: SSO, Federation, Synchronisation
Enforced security: MFA, geo-fencing,
Increased Productivity: SSPR, B2C, B2B

29. Resources provided by the Graph are always secured. Depending on the auth context,
you get/need different tokens.
Basics
access_tokenMSAL or
ADAL
Your APP
Microsoft
Graph
id_token
access_token refresh_token
Microsoft
Identity

30. It is crucial to carefuly pan your auth flow before starting developing because the impact
is major!
Different contexts
Users consent for their own data, admins can consent on behalf of all users Only admins can consent
Delegated
Permissions
User
Privileges
App
permissions
Permission type: applicationPermission Type : delegated
Access as a user Access as a service
Effective permissionsEffective permissions

31. Permissions follow a pattern. Tip: always ask for the least permission your need!
Scopes/permissions structure
specific: .All,
.Shared, etc
Read,
ReadWrite,
etc.
Target entity:
files, mail,
groups,
calendars,
etc…
Ex: User.Read Directory.ReadWrite.All
Resource Action Range

32. Microsoft is working on simplifying the story. But for now it is important to understand
the nuances
Complex situation
Your target
audience
ADALSDK Client
Reg. App
MSAL
Endpoint

33. App Registration & Security setup
Demo

34. The
Microsoft
Graph
One Endpoint to Rule them all #FellowshipOfTheGraph

35. Microsoft made a subsequent investment for a few years to unify it’s API’s, authentication
modes and data formats as well as deliver a converging model.
Why the Microsoft Graph?
1B+Meetings scheduled each
month with Office 365
181Countries with Knowledge
Workers using Office 365
65M+Enterprise Mobility seat
install base (+55% YoY)
90%Fortune 500 companies
have data in
Microsoft Graph
135M+Monthly active users in
Office 365
1.1BIdentities authenticated
each month

36. The Microsoft provides your application access to a wealth of data
Your gateway to Microsoft
Your app
Gateway
Your or your
customer’s
data
Office 365 Windows 10 Enterprise Mobility + Security
1Microsoft Graph

37. The Graph provides a unified API and authentication model for professional and personal
services.
Personal and professional accounts

38. A key point of the Microsoft Graph is unified data and models
Transversal and wide API
SITES
GROUPS
USERS
INSIGHTS
CONTACTS
PEOPLE
ORGANIZATION
EMAIL
CONTENT
DOCUMENTS
DEVICES
TEAMS
REPORTS
ME
ADMIN UNITS
ROLES
APPS
SECURITY DATA &
AUTOMATION
ORGANIZATION
USERS
BUSINESS
PARTNER

39. Microsoft has a uniform semantic for all of it’s API’s
Basics
• HTTP verbs dictate the request intent: GET | POST | PATCH | PUT | DELETE
• Version: /v1.0 or /beta
• Resource: /users, /groups, /sites, /drives, /devices, more…
• Member from collection: /users/jeff
• Property: /users/jeff/department
• Traverse to related resources via navigations: /users/jeff/events
• Query parameters: /users/jeff/events?$top=5
o Format results: $select | $orderby
o Control results: $filter | $expand
o Paging: $top | $skip | $skiptoken
/{version} ?{query-parameters}/{resource}/{id}/{property}

40. Microsoft has made it’s API available to a lot of different eco-system removing the pain of
having to write the boiler plate code. Java, Android and IOS still in preview
SDKs
Generally Available ( /v1.0 ) Preview ( /beta )
(in preview)
Soon

41. Call to the Graph
Demo

42. Better Together

43. Only with functions v2, still in preview. Most important ones being webhooks + auth that
allow you to do anything. You can also leverage flow as a relay.
Azure Functions + Microsoft Graph
Excel table input/output bindings
OneDrive File input/output bindings
Outlook output binding
Auth token input binding
WebHook triggers/binding

44. All the new SPFX capabilities came out with 1.4.1. It’s becoming seamless to integrate
those technologies together.
SharePoint Framework + Azure Functions
• SPFX helps “linking” AAD app + SPFX solution
• SPFX helps “getting the tokens”
• SPFX helps “talking to the graph/secure API” (preview)
• Azure functions can be “secured” via bearer token (AAD)

45. Conclusion

46. Conclusion
Endless possibilities
Lower development/integration costs
Focus on the business value
Better productivity
Money saved

47. Bit.ly/vince365 @baywet slideshare.net/VincentBIRET
Thanks!/Questions?
Vincent Biret
Office 365 and Azure
Developer