Is it possible to get global tenant settings via a graph api endpoint? For example, if I want to programmatically determine if my tenant's sharepoint settings limit external sharing by domain, is there a graph api endpoint for this? Based on my research I have yet to find an endpoint that gives me access in either v1 or beta (https://learn.microsoft.com/en-us/graph/api/reportroot-getonedriveactivityuserdetail?view=graph-rest-1.0)
It does seem possible to gather this information via powershell using the SharePoint Online module by doing
Get-SPOTenant | fl SharingDomainRestrictionMode,SharingAllowedDomainList
For added context here is the same setting in the sharepoint admin center:
If admin center endpoints (SharePoint, OneDrive, Azure AD, etc.) are not currently available in the graph api are they on the future roadmap?
Thank you in advance for any insight you can provide.
Currently it is not supported and its not under road map.
Please raise user voice.
Related
Using the Azure Devops Extension API in an extension I'm building and wondering if there is an API available to tell if the current user is the organization admin so that we can hide/show different options for that user(s). Or is there another API that I can hit from my extension to get some extended details about the current user rather than what comes back with SDK.getUser()
You can get PCA members via the API below, and check whether the current user in PCA:
GET https://vsaex.dev.azure.com/{organization}/_apis/GroupEntitlements/{groupId}/members?api-version=6.0-preview.1
https://learn.microsoft.com/en-us/rest/api/azure/devops/memberentitlementmanagement/members/get?view=azure-devops-rest-6.0
On our existing AAD, we are trying to integrate with FIDO2 authentication.
As part of this integration b/w AAD & FIDO, in azure portal under "Security
Authentication methods | Authentication method policy (Preview)" AD Admin have been provided UI options to enable FIDO Authentication either for a particular user or group which will be followed by end user side set up process using MS self service portal "https://myprofile.microsoft.com"
Are the above steps involved in AAD & FIDO integration, can be accomplished programmatically via graph api endpoints or any other rest end points?
Is AAD having its own API public endpoints apart from Graph API endpoints?If not why AAD not having its own API public endpoints?
The above steps for AAD and FIDO integration can be done via portal at this point . The underlying functions involved are not exposed through any API at this point . the feature is still in preview and is a work in progress. This may change a little more before it goes GA depending upon existing feedback by the users/customers and internal tests.
There is older API called Azure AD graph API but its not being actively developed for any new features. The Microsoft Graph API is the newer API and it is being designed as a single consolidated API (single endpoint https://graph.microsoft.com) with a robust back-end to interact with Microsoft 365 cloud Services. Earlier Micrsooft had many different APIs to manage end user experiences and Identities however as we evolved a lot of customers/partners demanded consolidation so that it was easier for them to write their customer code for management and build any software on top of Microsoft Azure AD hence one single API backend was built and released as Microsoft Graph .
As for the programmatic access to FIDO settings , I would suggest you to upvote an existing feature request related to the same on Azure feedback site. The Azure Feedback uservoice site is periodically reviewed by the product group and it helps in prioritization of requested features for development.
I have a site where I need to access the user's roles and permissions whose name is stored in domain controller to authenticate them. I am using Vsphere rest api but am unable to find the endpoint for it.I am wondering if it is possible anyway.
You’re correct, the option to access or modify roles and/or permissions is not yet available through the vSphere REST APIs.
I'm writing an app development guide and I'm struggling with a few things:
First of all there are currently 2 endpoints in AAD (v1 and v2), there are also 2 pathways of registering apps in the AAD portal (app registrations and app registrations preview). I can't seem to find confirmation that usage of the app registrations preview blade enforces usage of the v2 endpoint, can anyone confirm? Our users authenticate using WS-Federation which is currently not supported by the v2 endpoint which is why I want to avoid usage of v2 for now.
I'm also looking for the best method of allowing access to the Graph API through a service account with delegated permissions (for more granular scoping).
Anyone that can clarify?
Thanks
I can't seem to find confirmation that usage of the app registrations preview blade enforces usage of the v2 endpoint, can anyone confirm?
An app registered in either registration experience can be used with both the v1 and v2 endpoints. Some features can only be configured in the preview experience, though (e.g. support for Microsoft Accounts).
I couldn't find it anywhere but was wondering if there is a rest api way that allows to programatically register an application (besides the documented ones (powershell,CLI and by portal). I have an app that needs to access to azure monitor to retrieve some metrics and didn't want the clients to have to register the app by themselves. So it would be something like this:
https://learn.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-rest-api-walkthrough
but that I could use in javascript for example.
Thanks!
The reason that the PowerShell sample in the above document works is because Azure PowerShell is registered as an Active Directory application already. At some point, your application will have to be added manually by the customer, since Active Directory APIs can't be executed by a user role.
Take a look at New Azure AD application doesn't work until updated through management portal for the steps necessary to create an application via the Azure AD graph API.