Leverage Microsoft Graph for Smart Office 365 Apps

Building Applications with Office 365 and the Microsoft Graph Richard diZerega Principal Software Developer @richdizz #Build2016

What is Microsoft Graph? Single endpoint for: https://graph.microsoft.com/ Accessing data /me, /users, /groups, /messages, /drive, . Traversing data /drive/<id>/lastmodifiedByUser Accessing insights /insights/trending Work/School and Personal

Demo

New in Microsoft Graph Generally Available: Generally Available: Webhooks on Outlook entities Access to consumer services OneDrive and Outlook.com OneDrive large file upload/download Preview: Preview: Excel REST API Administrative Units Find meeting time API Get/set out of office Online meeting links Updates to People API Updates to trending APIs more

Use Microsoft Graph to build smart apps Gateway to data and insights in Office365 Easy traversal of objects and rich relationships Web Standards, Open Platform Secure data access OAuth2.0 OpenID Connect REST JSON

Building Applications

How to leverage Microsoft Graph from App All requests into the Microsoft Graph require an access token sent as a Bearer token on the request in the Authorization header example: GET https://graph.microsoft.com/v1.0/me/messages Authorization: Bearer eyJ0eXAiOiJ KV1QiLCJhbGciO So how do you get an access token? OAuth with Azure Active Directory

Azure Active Directory Azure Active Directory is the identity provider for O365 In addition to user and group objects, Azure AD has an application object that developers/admins can define Apps can be exclusive to one organization or open to all Office 365 customers (single vs multi-tenant) Apps can have permissions to integrate with other applications (ex: MS Travel writes to Outlook Calendar) microsoft.onmicrosoft.com contosotravel.onmicrosoft.com app app write calendar Exchange Online SharePoint Online OneNote Yammer Microsoft Travel Travel Pro Expense Manager

Azure Active Directory Single authentication flow Across all Office 365 services Native apps and web sites Admin and end-user consent Secure protocol OAuth 2.0 (no capturing user credentials) Fine-grained access scopes Supports multi-factor and federated authentication Long-term access through refresh tokens ADAL and MSAL Authentication Libraries Open Source Libraries that simplifies the authentication Handles token acquisition and caching Available via GitHub or your favorite package manager (NuGet, NPM, bower, etc)

Traditional vs Converged Auth Traditional Auth (v1 app model) Applications registered in Azure Management Portal or dev.office.com All application permissions must be configured at registration time Applications only work in commercial scenarios (ex: OneDrive for Business not OneDrive) Converged Auth (v2 app model) Applications registered in centralized portal (apps.dev.microsoft.com) Application permissions are implicit by providing permission scopes at runtime Applications work with both commercial and consumer scenarios (ex: OneDrive for Business and OneDrive) One Application, One Auth Flow, One API end-point!

Demo

Resources https://graph.microsoft.io Documentation, Graph Explorer, v1 App Registration https://dev.office.com General information about Office 365 Development https://github.com/OfficeDev Primary GitHub for all Office 365 Development samples and training https://aka.ms/OfficeDevShow Numerous getting videos for almost any platform https://aka.ms/OfficeDevPodcast Weekly podcast to get the latest new on Office 365 Development