Configure SAM to use Microsoft Graph API for Office-365 related templates
What is Graph API
Microsoft Graph is the gateway to data and intelligence in Microsoft 365. Microsoft Graph provides a unified programmability model that you can use to take advantage of the tremendous amount of data in Office 365
Microsoft Graph exposes REST APIs and client libraries to access data on Office 365 services: SharePoint, OneDrive, Outlook/Exchange, Microsoft Teams, OneNote, Planner, and Excel
Things to Note
- PSMSGraph Module installed on the server where SAM is installed
- App Name registered with Microsoft
- Client/App ID of the app registered Permission “Reports.Read.All” set and granted
- Password generated for the App.
- Tenant ID for the App registered.
Once you have all these details, you are ready to deploy Office-365 Templates, with all these values passed as Argument to Monitors.
How to Connect Graph API
Install PSMSGraph Module
To connect to the Microsoft Graph API using PowerShell we will have to install the PSMSGraph PowerShell module.
There are 2 ways to install PSMSGraph module for PowerShell.
- Download and install module from https://psmsgraph.readthedocs.io/en/latest/
- Install module from PowerShell Gallery
- Open PowerShell Console as Administrator and run “Install-Module -Name psmsgraph”
Once Module is installed check if its installed correctly.
- On PowerShell console type
- Type : Get-Module -ListAvailable -Name "psmsgraph"
- Out will be similar to the screen shot below
Snap-1
Register an Azure App
- To register an Azure application navigate to https://apps.dev.microsoft.com/ and select “Add an App”
2.Put in your application name and press the “Create” button.
3. Note and Store the Client App ID
4. Generate New Password. Before generating the Password, think about it, the password will be displayed once and has to be noted down to use later.
5. Add Permission – for the SolarWinds template, the permission required is “Reports.Read.All”
Note the permission should be added to both Delegated Permissions and Application Permissions
6. Save Application
7. Note, the above added permission require Admin Consent, the consent should be provided by Admin under Azure AD.
Provide Admin Consent
- Login to https://portal.azure.com using the Global Administrator account
- Go to All Services->Identity->Azure Active Directory
The “Azure Active Directory” can be found under “Favorites” on left hand pane by default.
3. Under “Azure Active Directory” Click “App registration (Preview)” and Select App you just registered
4. In your App, Note the Client ID (same as Step-2) and Tenant ID, select “View API Permission” -> and Grant Permission and wait for the Confirmation.