WHAT IS THE MICROSOFT GRAPH?
To ensure your organization is getting the most out of your Office/Microsoft 365 licensing costs, you need to understand the capabilities of Microsoft Graph and how it can be used. Simply put, Graph gives you access to an immense amount of data and allows for remote management of most Microsoft services and users in and outside of your tenant. It can securely connect Office, Windows 10, Business Central, Azure AD, Planner, Exchange, and more. Per Microsoft, “Microsoft Graph is the gateway to data and intelligence in Microsoft 365. It provides a unified programmability model that you can use to access the tremendous amount of data in Microsoft 365, Windows 10, and Enterprise Mobility + Security.”
HOW CAN YOU USE IT?
Power up your Power Automate flows with advanced actions not available through the flow maker user interface. Developers can interact with Graph directly using the Graph Explorer, a web-based tool to execute and test requests to various APIs, or build apps or automation flows to interact with Graph automatically. Want an example of how we use this internally? We have automated our employee onboarding process, complete with the creation and assignment of Planner tasks, plus our developer used the Graph Explorer to automate the addition of checklist items to task cards; this functionality is not currently available via the typical Power Automate interface.
In addition to the plethora of available data, businesses can also use the Graph API to administer and interact with services, such as managing devices enrolled in Intune or creating groups, channels, and tabs in Microsoft Teams. While Graph allows businesses to access incredible amounts of organizational data, it keeps data secure by enabling more granular controls and requiring administrator consent prior to users or applications utilizing Graph.
GATEWAY TO DATA
As mentioned previously, Microsoft Graph serves as the gateway to vast amounts of organizational data. Using calls to REST API’s, admins or developers can gather data on specific users, groups, or activities taking place within Microsoft services. For example, organizations might leverage Graph to review security events, collect user licensing details, or gather group or manager relationship data. The intelligence built into Graph allows organizations to search for relevant people around a specific user, get insights around trending documents, and even analyze meeting attendee’s calendars and suggest best possible times for a Team’s next meeting. Besides the wealth of data available, whether interacting directly with Graph, or leveraging graph capabilities from the Power Platform, Graph also allows admins and developers more flexibility and opportunities for administration of services.
STREAMLINE ADMIN ACTIVITIES
Apart from all the data that can be gathered in Graph, the tool can also be extremely useful for streamlining management of apps and services across Microsoft 365. Using Graph, admins or developers with the proper authorization can create, modify, or even delete any of the following…users, groups, mailboxes, SharePoint sites, etc. One advantage of using Graph for administration is the ability to reach and update records from all corners of Microsoft services, whereas utilizing the GUI (user interface), admins may need to jump between several of the admin centers. Another advantage afforded by Graph is the ability to test HTTP requests in MS Graph Explorer, prior to building them into Power Automate flows. Essentially, if you can do it through the admin center, you can probably (have an app or flow) do it through Graph.
SECURITY IN MICROSOFT GRAPH
Graph allows organizations granular access controls to allow end users to leverage the data rich graph, while not exposing confidential information and preventing unauthorized users from performing admin functions. For example, helpdesk staff could be granted access to use GET requests and gather user info, while not being allowed to modify, delete, or create new users.
Applications and automation flows that utilize Graph also need to have the proper access granted and an app registration in Azure to query or act on objects through the API’s that make up Graph. If an app utilizing Graph to get details on groups in your organization is not granted the ability to read all groups, it will not work as intended until the proper read level access is granted. As evidenced by these requirements, Microsoft has configured the Graph in a way that allows maximum benefit to organizations while minimizing risk.
CUSTOM CONNECTORS / APPS
While developers and admins may leverage Graph on an as needed basis through Graph Explorer, the true potential of Graph is unlocked when integrated into applications and custom connectors. With proper authentication configured, calls to Graph may be automated with use of custom connectors and/or the Power Platform applications, which allows admins and developers to expose information or capabilities within Graph to end users without the risk of them being able to make unapproved calls to Graph (such as deleting users or groups). Configuring custom connectors can also reduce the time needed by end users to develop automation solutions by allowing them to supply minimal information for each action, while having the schema for input and output pre-defined. For example, instead of having to properly format a request containing a group ID to Graph, an end user utilizing a custom connector in Power Automate may simply need to input the group ID.
Back to that employee onboarding automation mentioned in the beginning of this blog, we built a custom connector that leveraged Graph to create checklists on task cards. By doing this, we were able to not only meet the design requirements, but also leave in place a connector that we can re-use in other flows.
Another solution we built leverages Graph to meet customer requirements of allowing users to request a new Microsoft Team choosing from custom, pre-defined templates, without opening Microsoft 365 Group creation ability to those users. It validates that the Group name is available, provisions the Team, creates the Channels, and adds Planner, OneNote and specific files as tabs based on the chosen template.
In summary, Microsoft Graph allows your organization to access vast amounts of data and insights, in addition to allowing remote management of many M365 services. The power of Graph can be leveraged securely utilizing granular controls and app registrations and enable your admins and developers to quickly test and deploy applications or flows that help your business do more, faster.
Are you ready to start leveraging the vast amounts of data and insights available through Graph? Curious about how your organization can leverage Graph data and capabilities via custom connectors in Power Automate? Contact email@example.com to learn more.
(206) 299-2191 firstname.lastname@example.org
Copyright © 2021 Pivotal Consulting, LLC. All rights reserved.