What is Microsoft Graph API?
Microsoft Graph API is a RESTful web API that enables you to access Microsoft 365 services and data. Think of it as a bridge between your applications and Microsoft services like Azure Active Directory, Outlook, Teams, OneDrive, and more. With Microsoft Graph API, you can create, read, update, and delete data across Microsoft services through a single API endpoint.
Microsoft Graph API allows you to manage user data.
- Retrieve user information
- Create new users
- Update existing users
- Delete users
Prerequisites
To get started, you’ll need.
- An Azure AD App Registration: This app registration will grant you permission to interact with Microsoft Graph.
- Administrator Privileges: Some actions may require admin access.
1. Retrieve User Data
This operation returns, by default, only a subset of the more commonly used properties for each user.
Permissions
Delegated (work or school account) |
User.Read |
Delegated (personal Microsoft account) |
User.Read |
Application |
User.Read.All |
HTTP request
- Retrive all user's data: GET https://graph.microsoft.com/v1.0/users
- Retrive specific user's data: GET https://graph.microsoft.com/v1.0/users/{user-id}
Note
1. We can expand this to get specific fields like below
GET: https://graph.microsoft.com/v1.0/users?$select=displayName,jobTitle,mail
2. We can filter users by attributes like
GET: https://graph.microsoft.com/v1.0/users?$filter=jobTitle eq 'Manager'
2. Creating a New User
The request body contains the user to create. At a minimum, you must specify the required properties for the user. You can optionally specify any other writable properties.
Permissions
Delegated (work or school account) |
User.ReadWrite.All, Directory.ReadWrite.All |
Delegated (personal Microsoft account) |
Not supported. |
Application |
User.ReadWrite.All, Directory.ReadWrite.All |
HTTP request
POST: https://graph.microsoft.com/v1.0/users
Content type: application/json
{
"accountEnabled": true,
"displayName": "Adele Vance",
"mailNickname": "AdeleV",
"userPrincipalName": "[email protected]",
"passwordProfile": {
"forceChangePasswordNextSignIn": true,
"password": "xWwvJ]6NMw+bWH-d"
}
}
Response
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"id": "87d349ed-44d7-43e1-9a83-5f2406dee5bd",
"businessPhones": [],
"displayName": "Adele Vance",
"givenName": "Adele",
"jobTitle": "Product Marketing Manager",
"mail": "[email protected]",
"mobilePhone": "+1 425 555 0109",
"officeLocation": "18/2111",
"preferredLanguage": "en-US",
"surname": "Vance",
"userPrincipalName": "[email protected]"
}
3. Updating User Data
Permissions
Delegated (work or school account) |
User.ReadWrite |
Delegated (personal Microsoft account) |
User.ReadWrite |
Application |
User.ManageIdentities.All |
HTTP request
PATCH: https://graph.microsoft.com/v1.0/me
Content-type: application/json
{
"businessPhones": [
"+1 425 555 0109"
],
"officeLocation": "18/2111"
}
Response
HTTP/1.1 204 No Content
4. Deleting Users
When deleted, user resources, including their mailbox and license assignments, are moved to a temporary container, and if the user is restored within 30 days, these objects are restored to them.
Permissions
Delegated (work or school account) |
User.ReadWrite.All |
Delegated (personal Microsoft account) |
Not supported. |
Application |
User.ReadWrite.All |
HTTP request
DELETE: https://graph.microsoft.com/v1.0/users/{user-id}
Response
HTTP/1.1 204 No Content
Conclusion
Microsoft Graph API offers comprehensive support for managing user data in Azure Active Directory, making it an invaluable tool for applications requiring user data operations. From onboarding and offboarding to updating profiles and managing group memberships, Graph API streamlines user management in modern cloud environments.