Managing User Data in Azure AD with Microsoft Graph API

What is Microsoft Graph API?

Microsoft Graph API is a RESTful web API that enables you to access Microsoft 365 services and data. Think of it as a bridge between your applications and Microsoft services like Azure Active Directory, Outlook, Teams, OneDrive, and more. With Microsoft Graph API, you can create, read, update, and delete data across Microsoft services through a single API endpoint.

Microsoft Graph API allows you to manage user data.

  1. Retrieve user information
  2. Create new users
  3. Update existing users
  4. Delete users

Prerequisites

To get started, you’ll need.

  1. An Azure AD App Registration: This app registration will grant you permission to interact with Microsoft Graph.
  2. Administrator Privileges: Some actions may require admin access.

1. Retrieve User Data

This operation returns, by default, only a subset of the more commonly used properties for each user.

Permissions

Delegated (work or school account) User.Read
Delegated (personal Microsoft account) User.Read
Application User.Read.All

HTTP request

  • Retrive all user's data: GET  https://graph.microsoft.com/v1.0/users
  • Retrive specific user's data: GET  https://graph.microsoft.com/v1.0/users/{user-id}

Note

1. We can expand this to get specific fields like below

GET: https://graph.microsoft.com/v1.0/users?$select=displayName,jobTitle,mail

2. We can filter users by attributes like

GET: https://graph.microsoft.com/v1.0/users?$filter=jobTitle eq 'Manager'

2. Creating a New User

The request body contains the user to create. At a minimum, you must specify the required properties for the user. You can optionally specify any other writable properties.

Permissions

Delegated (work or school account) User.ReadWrite.All, Directory.ReadWrite.All
Delegated (personal Microsoft account) Not supported.
Application User.ReadWrite.All, Directory.ReadWrite.All

HTTP request

POST: https://graph.microsoft.com/v1.0/users

Content type: application/json

{
  "accountEnabled": true,
  "displayName": "Adele Vance",
  "mailNickname": "AdeleV",
  "userPrincipalName": "[email protected]",
  "passwordProfile": {
    "forceChangePasswordNextSignIn": true,
    "password": "xWwvJ]6NMw+bWH-d"
  }
}

Response

HTTP/1.1 201 Created

Content-type: application/json

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
    "id": "87d349ed-44d7-43e1-9a83-5f2406dee5bd",
    "businessPhones": [],
    "displayName": "Adele Vance",
    "givenName": "Adele",
    "jobTitle": "Product Marketing Manager",
    "mail": "[email protected]",
    "mobilePhone": "+1 425 555 0109",
    "officeLocation": "18/2111",
    "preferredLanguage": "en-US",
    "surname": "Vance",
    "userPrincipalName": "[email protected]"
}

3. Updating User Data

Permissions

Delegated (work or school account) User.ReadWrite
Delegated (personal Microsoft account) User.ReadWrite
Application User.ManageIdentities.All

HTTP request

PATCH: https://graph.microsoft.com/v1.0/me

Content-type: application/json

{
  "businessPhones": [
    "+1 425 555 0109"
  ],
  "officeLocation": "18/2111"
}

Response

HTTP/1.1 204 No Content

4. Deleting Users

When deleted, user resources, including their mailbox and license assignments, are moved to a temporary container, and if the user is restored within 30 days, these objects are restored to them.

Permissions

Delegated (work or school account) User.ReadWrite.All
Delegated (personal Microsoft account) Not supported.
Application User.ReadWrite.All

HTTP request

DELETE: https://graph.microsoft.com/v1.0/users/{user-id}

Response

HTTP/1.1 204 No Content

Conclusion

Microsoft Graph API offers comprehensive support for managing user data in Azure Active Directory, making it an invaluable tool for applications requiring user data operations. From onboarding and offboarding to updating profiles and managing group memberships, Graph API streamlines user management in modern cloud environments.


Similar Articles