We want to create Azure b2c tenant using Graph api.
We tried searching in Internet and got how to create b2c tenant from portal. This is the reference we found: https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-tenant
But we want to get the same results using graph calls. We have one service principal having owner role and global administrator roles.
Is there any existing graph api call that helps us to create tenant?
If not, any REST api call also okay for us. Please help.
Thanks in advance.
You can't create B2C tenants with a service principal, You must use an ARM API, not Graph API.
You can use ARM API create B2C tenant, reference: https://learn.microsoft.com/en-us/rest/api/activedirectory/b2c-tenants/create?tabs=HTTP#scopes
Related
I use below rest API to get all other role assignments but i am not finding one for Classic administrators. Can someone
"https://management.azure.com/subscriptions/{SubscriptionID}/providers/Microsoft.Authorization/roleAssignments?api-version=2018-09-01-preview"
Got it. I was able to find the Rest API here
Is it possible to get global tenant settings via a graph api endpoint? For example, if I want to programmatically determine if my tenant's sharepoint settings limit external sharing by domain, is there a graph api endpoint for this? Based on my research I have yet to find an endpoint that gives me access in either v1 or beta (https://learn.microsoft.com/en-us/graph/api/reportroot-getonedriveactivityuserdetail?view=graph-rest-1.0)
It does seem possible to gather this information via powershell using the SharePoint Online module by doing
Get-SPOTenant | fl SharingDomainRestrictionMode,SharingAllowedDomainList
For added context here is the same setting in the sharepoint admin center:
If admin center endpoints (SharePoint, OneDrive, Azure AD, etc.) are not currently available in the graph api are they on the future roadmap?
Thank you in advance for any insight you can provide.
Currently it is not supported and its not under road map.
Please raise user voice.
On our existing AAD, we are trying to integrate with FIDO2 authentication.
As part of this integration b/w AAD & FIDO, in azure portal under "Security
Authentication methods | Authentication method policy (Preview)" AD Admin have been provided UI options to enable FIDO Authentication either for a particular user or group which will be followed by end user side set up process using MS self service portal "https://myprofile.microsoft.com"
Are the above steps involved in AAD & FIDO integration, can be accomplished programmatically via graph api endpoints or any other rest end points?
Is AAD having its own API public endpoints apart from Graph API endpoints?If not why AAD not having its own API public endpoints?
The above steps for AAD and FIDO integration can be done via portal at this point . The underlying functions involved are not exposed through any API at this point . the feature is still in preview and is a work in progress. This may change a little more before it goes GA depending upon existing feedback by the users/customers and internal tests.
There is older API called Azure AD graph API but its not being actively developed for any new features. The Microsoft Graph API is the newer API and it is being designed as a single consolidated API (single endpoint https://graph.microsoft.com) with a robust back-end to interact with Microsoft 365 cloud Services. Earlier Micrsooft had many different APIs to manage end user experiences and Identities however as we evolved a lot of customers/partners demanded consolidation so that it was easier for them to write their customer code for management and build any software on top of Microsoft Azure AD hence one single API backend was built and released as Microsoft Graph .
As for the programmatic access to FIDO settings , I would suggest you to upvote an existing feature request related to the same on Azure feedback site. The Azure Feedback uservoice site is periodically reviewed by the product group and it helps in prioritization of requested features for development.
I have a site where I need to access the user's roles and permissions whose name is stored in domain controller to authenticate them. I am using Vsphere rest api but am unable to find the endpoint for it.I am wondering if it is possible anyway.
You’re correct, the option to access or modify roles and/or permissions is not yet available through the vSphere REST APIs.
I am an Azure Global Tenant Admin for our [Premium] Azure AD instance. I have a Web App that requires Group/User Assignment to access. We need to know which Groups and Users have been assigned access. The Azure UI does not let you query this information so I am wondering if there is any way to obtain a list of Groups/Users that have been assigned access to a Web App.
Edit: It looks like the Graph API version 1.5 now supports this. I can download the servicePrincipal ODATA with this URL:
GET string.Format("https://graph.windows.net/{0}/servicePrincipals?api-version=1.5&$filter=appId+eq+'{1}'",
tenant, clientId)
According to this MSDN post, I should be able to use a URL format like
GET string.Format("https://graph.windows.net/{0}/servicePrincipals/{1}/appRoleAssignedTo?api-version=1.5",
tenant, clientId)
However, I am receiving this error:
"Resource 'f4126638-cb47-48df-ad9d-57c0684b6575' does not exist or one of its queried reference-property objects are not present."}
In the second Graph call, I should be using the servicePrincipal's ObjectID returned from the first call instead of the Application's ClientID.