4. Passionate about technologies, development and community
Vincent Biret
@baywet
bit.ly/vince365
Microsoft Office Dev MVP
Azure and Office 365 developer @ 2toLead
5. Devs, devops, deciders. Endless possibilities, faster time to market, focus on business
value
For whom this session is?
6. Agenda
The new stack for SharePoint Framework
What are azure functions?
Azure Active Directory
The Microsoft Graph
Better together! + Demo
Conclusion
10. The “be nice, eh” solution
The need
We want to encourage people to have better interactions
For that we’re going to “scan” their emails
Score the sentiment
Display average score per user on the company portal
12. The solution requires a minimal development effort thanks to the integration between
the services provides by Office 365 and the infrastructure provided by Azure.
The architecture
MS
Graph
1
4
1. Users send/receive emails
2. Exchange communicates with
Graph
3. Graph triggers our function for
analysis
4. Users log into SP Portal
5. SPFX webpart contacts Azure
function for data
14. Have you already seen these slides?
Question!
Who has never heard about the
SharePoint Framework before this
talk?
15. The open source mindset shift also brings community support and samples and opens
SharePoint Dev to a bigger community
The Short Version
• New Tools!
• Front End only! (smaller footprint)
• Local And Remote WorkBench
• Closed source relying on open source
• First and third party
16. Microsoft has a desire to enable SPFX devs to build complex LOB applications backed by
MS or custom API’s
Custom API & Graph Access from SPFX
• SPFx components access custom Web APIs or MS Graph
• Additional permission scopes can be requested
• Bakes in the auth for you and provides a ready to use client
• Web APIs and Permission Scopes managed by Microsoft still available
• Admins can control additional access through per tenant AAD Service Principal
• Managed by SharePoint Online infrastructure
{
"WebApiPermissionRequest": {
"ResourceId": “GUID goes here",
"Scope": “GUID goes here",
}
"WebApiPermissionRequest": {
"ResourceId": “GUID goes here",
"Scope": “GUID goes here",
}
"WebApiPermissionRequest": {
"ResourceId": “GUID goes here",
"Scope": “GUID goes here",
}
19. Improving the « pay for what you use » and the elasticity principles, it also provides a
total abstraction of servers
Serverless definition
20. Enable your team to deliver solutions faster, in a more structured way moving the focus
on the business logic
Benefits
21. From zero to productions in 7 steps! Microsoft’s answer to serverless
Azure functions
1. Pick a language
2. Pick a trigger
3. Add some inputs/outputs
4. Write the business logic code
5. (test/deploy)
6. Scale your service
7. Ship to production!!!
24. Comsuption plan is cheap if you don’t have a lot of executions. Beware of warm up time.
SKU’s & scale
Leverage App Service plan
Tiers: Free, Shared, Basic, Standard, Prenium
Cost based on reserved VMs
You have to manage scale
Comsuption based Plan
Cost Based # of Executions, Duration and Memory (GB.s)
25. Besides the browser, you can use VS2017 + Azure SDK or VSCode + Azure F CLI
Tooling
28. AAD has become the key central identity service for Microsoft and provides a seamless
experience to end users.
Microsoft’s Central Identity Service
Leveraged by all Office 365 workloads
Stores Users, Groups, Applications…
Provides many capabilities
Hybrid: SSO, Federation, Synchronisation
Enforced security: MFA, geo-fencing,
Increased Productivity: SSPR, B2C, B2B
29. Resources provided by the Graph are always secured. Depending on the auth context,
you get/need different tokens.
Basics
access_tokenMSAL or
ADAL
Your APP
Microsoft
Graph
id_token
access_token refresh_token
Microsoft
Identity
30. It is crucial to carefuly pan your auth flow before starting developing because the impact
is major!
Different contexts
Users consent for their own data, admins can consent on behalf of all users Only admins can consent
Delegated
Permissions
User
Privileges
App
permissions
Permission type: applicationPermission Type : delegated
Access as a user Access as a service
Effective permissionsEffective permissions
31. Permissions follow a pattern. Tip: always ask for the least permission your need!
Scopes/permissions structure
specific: .All,
.Shared, etc
Read,
ReadWrite,
etc.
Target entity:
files, mail,
groups,
calendars,
etc…
Ex: User.Read Directory.ReadWrite.All
Resource Action Range
32. Microsoft is working on simplifying the story. But for now it is important to understand
the nuances
Complex situation
Your target
audience
ADALSDK Client
Reg. App
MSAL
Endpoint
35. Microsoft made a subsequent investment for a few years to unify it’s API’s, authentication
modes and data formats as well as deliver a converging model.
Why the Microsoft Graph?
1B+Meetings scheduled each
month with Office 365
181Countries with Knowledge
Workers using Office 365
65M+Enterprise Mobility seat
install base (+55% YoY)
90%Fortune 500 companies
have data in
Microsoft Graph
135M+Monthly active users in
Office 365
1.1BIdentities authenticated
each month
36. The Microsoft provides your application access to a wealth of data
Your gateway to Microsoft
Your app
Gateway
Your or your
customer’s
data
Office 365 Windows 10 Enterprise Mobility + Security
1Microsoft Graph
37. The Graph provides a unified API and authentication model for professional and personal
services.
Personal and professional accounts
38. A key point of the Microsoft Graph is unified data and models
Transversal and wide API
SITES
GROUPS
USERS
INSIGHTS
CONTACTS
PEOPLE
ORGANIZATION
EMAIL
CONTENT
DOCUMENTS
DEVICES
TEAMS
REPORTS
ME
ADMIN UNITS
ROLES
APPS
SECURITY DATA &
AUTOMATION
ORGANIZATION
USERS
BUSINESS
PARTNER
39. Microsoft has a uniform semantic for all of it’s API’s
Basics
• HTTP verbs dictate the request intent: GET | POST | PATCH | PUT | DELETE
• Version: /v1.0 or /beta
• Resource: /users, /groups, /sites, /drives, /devices, more…
• Member from collection: /users/jeff
• Property: /users/jeff/department
• Traverse to related resources via navigations: /users/jeff/events
• Query parameters: /users/jeff/events?$top=5
o Format results: $select | $orderby
o Control results: $filter | $expand
o Paging: $top | $skip | $skiptoken
/{version} ?{query-parameters}/{resource}/{id}/{property}
40. Microsoft has made it’s API available to a lot of different eco-system removing the pain of
having to write the boiler plate code. Java, Android and IOS still in preview
SDKs
Generally Available ( /v1.0 ) Preview ( /beta )
(in preview)
Soon
43. Only with functions v2, still in preview. Most important ones being webhooks + auth that
allow you to do anything. You can also leverage flow as a relay.
Azure Functions + Microsoft Graph
Excel table input/output bindings
OneDrive File input/output bindings
Outlook output binding
Auth token input binding
WebHook triggers/binding
44. All the new SPFX capabilities came out with 1.4.1. It’s becoming seamless to integrate
those technologies together.
SharePoint Framework + Azure Functions
• SPFX helps “linking” AAD app + SPFX solution
• SPFX helps “getting the tokens”
• SPFX helps “talking to the graph/secure API” (preview)
• Azure functions can be “secured” via bearer token (AAD)
Client credential flow: service can id alone without impersonification (service account)
On behalf flow: in a certain context an app can relay authentifcation via API to present APP + user and not only user (in excel for eg)
On behalf flow will help a lot office add-ins to access custom APIs
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-limitations
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-compare
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-on-behalf-of
https://myignite.microsoft.com/sessions/55110?source=sessions
It’s a tremendous opportunity for developers whether you’re ISV, consultants or at a customers to provide rich and inovative applications.Doesn’t add any cost to office 365.
Also provide some form of intelligence