Download
1 / 43
430 likes | 719 Vues
Streamlining your business processes using Microsoft Graph. Jeff Sakowicz Elisabeth Olson Mark Wahl. BRK2266. Overview. Using Microsoft Graph. Agenda. Deep Dives. Next Steps. Gateway to your data in the Microsoft cloud. Your app. Web Apps. Device & Native Apps. Bots. Background
E N D
Streamlining your business processes using Microsoft Graph Jeff Sakowicz Elisabeth Olson Mark Wahl BRK2266
Overview Using Microsoft Graph Agenda Deep Dives Next Steps
Gateway to yourdata in the Microsoft cloud Yourapp Web Apps Device & Native Apps Bots Background processes Gateway Office 365 Windows 10 Enterprise Mobility + Security Your or your customer’s data 1 Microsoft Graph Microsoft identity Rich content Deep insights Real-time updates
SECURITY DATA & AUTOMATION Microsoft Graph BUSINESS PARTNER DEVICES ORGANIZATION INSIGHTS USERS ROLES CONTENT ADMIN UNITS ORGANIZATION REPORTS GROUPS USERS ME APPS CONTACTS EMAIL PEOPLE DOCUMENTS TEAMS SITES
Holistic and innovative solutions for protection across users, devices, apps and data Microsoft Enterprise Mobility + Security Mobile device & app management Information protection Threat protection Identity and access management Protect at thefront door Protect yourdata anywhere Detect &remediate attacks
Secure & Compliant Productivity Facilitate collaboration across org. boundaries Automate compliance and address IT governance goals Apps Data Users Devices Protect sensitive data and stay secure
Overview Using Microsoft Graph Agenda Deep Dives Next Steps
HTTP verbs dictate the request intent: GET | POST | PATCH | PUT | DELETE Version: /v1.0 or /beta Resource: /users, /groups, /sites, /drives, /devices, more… Member from collection: /users/jeff Property: /users/jeff/department Traverse to related resources via navigations: /users/jeff/events Query parameters: /users/jeff/events?$top=5 Format results: $select | $orderby Control results: $filter | $expand Paging: $top | $skip | $skiptoken Calling the API https://graph.microsoft.com /{version} /{resource} /{id} /{property} ?{query-parameters}
GET: /users/jeff { "displayName": “Jeff", "jobTitle": “Senior Program Manager" } GET: /users/jeff/photo/$value Stream image/jpeg GET: /users/jeff/manager {"displayName": “Dan", …} GET: /users/jeff/directReports "value" : [ {"displayName": “Christie", …}, {"displayName": "Suresh", …}, ] GET: /me/memberOf "value" : [ {"displayName": “Contoso Softball", …}, {"displayName": "Graph PM team", …} ] With Microsoft Graph memberOf Get the user profile Dan Groups manager Jeff directReports Christie Suresh
GET /me/insights/trending "value" : [ {"name": "presentation.pptx", …}, {"name": "forecast.xlsx", …} ] GET /me/drive/recent "value" : [ {"name": "guidelines.pptx", …}, {"name": "budget.xlsx", …} ] GET people/?$search="topic: planning" "value" : [ {"displayName": “Agnieszka", …}, {"displayName": “Yina", …}, ] POST: /me/findMeetingTimes { "attendees": [ { "type": "required", "emailAddress": { "address": "ana@contoso.com" } ], "meetingDuration": "2h" } With Microsoft Graph Get insights based on activities Out of office TrendingDocuments Search people based on topics Find me the best time to meet Ana People I’m working with RecentDocuments
GET/me/mailFolders/{id}/messages/delta "@odata.deltalink":"me/mailfolders('AA')/messages/delta?$deltatoken=BB", "value" : […] POST /subscriptions { "changeType": "created,updated", "notificationUrl": "https://app.net/callback", "resource": "/me/mailfolders('AA')/messages", } GET/me/mailFolders/{id}/messages/delta?$deltatoken=BB" "value" : […] With Microsoft Graph Get notifications & track changes Edited a file Scheduled a new meeting Got a new hire Added to a group Got high important email
Open Extensions GET /me/message/<id>/?$expand=extensions { "displayName": “Jeff", "extensions": [ { "extensionName": "Com.Contoso.Referral", "companyName": "Wingtip Toys", "expirationDate": "2017-12-30T11", "dealValue": 10,000 } ] } Schema extensions POST /schemaExtensions { "id": "graph_courses", "targetTypes": [ "Group" ], "properties": [ { "name": "name", "type": "String" }… ] } GET /groups?$filter=courses/name eq Math101 Extending Microsoft Graph Add extensions to user, group, mail & more Customer referral email Group: Math 101 PMP Certified Favorite color: blue
Overview Using Microsoft Graph Agenda Deep Dives Next Steps
Use Microsoft Graph to streamline Facilitating collaboration across entities Managing employee lifecycle Protecting sensitive data across devices Responding to threats … and MORE
Enabling Day One and Ongoing Collaboration Bulk invite users to unblock collaboration on Day One Ongoing automation to sync users as they are added/removed from home tenant Learn more BRK3249 | Granting partners access to resources using Azure AD B2B
Using Microsoft Graph to invite guests Elisabeth Olson
B2B API capabilities Create new guest users With or without invitation email being sent List guest users in the tenant Filter guests based on invitation status (ex: find all un-redeemed guests) Learn more BRK3249 | Granting partners access to resources using Azure AD B2B
Managing risk and addressing compliance Learn more BRK3242 | Govern access to your resources
Understand the access rights Use Microsoft Graph to Query who has access to an app or via a group Retrieve the activity and audit logs Delegate deciding who keeps access, with an access review Time-limit privileged access to Azure, using Azure AD PIM
Retrieving activity logs GET /users/{id}/appRoleAssignments/{id} GET /auditLogs/directoryAudits GET /reports/getTeamsUserActivityUserDetail GET /auditLogs/signIns GET /users/{id}/memberOf GET /users/{id}/joinedTeams
Access reviews for group and app assignments GET /groups POST /accessReviews GET /accessReviews({id}) GET /groups/{id}/appRoleAssignments/{id} POST /programControls GET /accessReviews({id})/decisions Learn more https://developer.microsoft.com/en-us/office/blogs/retrieving-azure-ad-access-reviews/
Time-limiting privileged access in Azure Learn more BRK3248 | Protect the keys to your kingdom with Azure AD PIM
Create and Deploy Android Compliance Policy POST /deviceManagement/CompliancePolicyAssignment GET /users/delta POST /deviceManagement/CompliancePolicy POST /groups/{id}
Intune on Graph If you can do the task in Intune Azure Portal, you can do it from Graph! Intune portal uses Graph 100% for it's backend calls. THR4004 | Learn how to leverage Intune support for Microsoft Graph and PowerShell to enable powerful automation and IT security Learn more
Intune on Graph- What's New? V1.0 API's for Sept 2018 Assign action for managedDeviceMobileAppConfiguration Deviceappmanagement adds microsoftStoreForBusinessPortalSelection property Beta API's announced for Sept 2018 New entities: - deviceConfigurationConflictSummary - importedWindowsAutopilotDeviceIdentityUpload - win32LobApp New enums to support win32LobApp
Info Protection Endpoint protection Network protection Threat intelligence SIEM + log analytics SOAR+ITSM Apps Microsoft Graph Common Libraries, Authentication, and Authorization Other Graph Services (Azure AD, O365, SharePoint, Intune …) Alerts Other Security Entities* (context, actions, …) Secure Score Graph Security API Federates Queries, Aggregates Results, Applies Common Schema Security Providers ! ! ! ! Azure Info Protection Ecosystem Partners Cloud Application Security Windows Defender ATP Azure Security Center Azure ADIdentity Protection Intune Azure ATP* Office 365 ATP* *coming soon Learn more BRK3022 | Unlocking security insights with the Microsoft Graph Security API
Overview Using Microsoft Graph Agenda Deep Dives Next Steps
https://graph.microsoft.com Get started today GitHub /MicrosoftGraph StackOverflow [MicrosoftGraph] Twitter #MicrosoftGraph
Please evaluate this sessionYour feedback is important to us! Please evaluate this session through MyEvaluations on the mobile appor website. Download the app:https://aka.ms/ignite.mobileApp Go to the website: https://myignite.techcommunity.microsoft.com/evaluations
Terminology Client- the application requesting access to data Resource- the application/service (usually a web API) that exposes data Permission- the ability for a client application to perform some action on some data owned by a resource application e.g. read a user’s OneDrive files through Microsoft Graph Consent prompt- the process by which a user is asked to grant an application the permission(s) it has requested Consent grant- the result of saying “yes” to a consent prompt Admin(istrative) Consent- the process by which a company administrator grants an application one or more permissions that cannot be granted by a regular user. These permissions may: Allow the app to perform high privilege operations- admin-restricted permissions Apply to all users in the organization
Permissions Types Delegated Permissions ApplicationPermissions Mobile / Web / SPA Service / Daemon Get access as a service Get access on behalf of users Only admin can consent Users for self / Admin for self or all users Permissions granted to App App + User Permissions granted to App User’s Permissions
