Microsoft Graph is a tool that allows you to access a wealth of data within your O365 organization. Microsoft Graph API is a REST API that enables you to access various Microsoft cloud services via a single endpoint. With this tool, we can build apps to support productivity, collaboration and help us gain powerful insights about our organization. Microsoft Graph allows us to manage users, devices, access, security, and compliance. New Microsoft Graph features enable us to create alerts based on security events and collect interesting data to help protect our organizations from data leakage or loss. 

Graph Explorer 

To jumpstart using Microsoft Graph API, we can use this handy tool: 

Microsoft Graph Explorer is a fantastic tool that allows us to try different queries without needing to sign in, pull up a terminal or create any Azure applications. This tool is a great way to explore permissions required for particular endpoints/queries and to help you understand how to query the API. 

There are many built-in queries shown on the left-hand side of the graph explorer, but through reading the documentation, you can get a thorough understanding of how to retrieve the data you want from the API.

The results can be displayed in different formats. The default display format is JSON. We can also review the plain text results as “Adaptive Cards”.

We can see the permissions required for this query are:

The tool also provides code snippets in a select few programming languages so you can learn to query the o365 Graph API programmatically. 

Creating An Azure Application

To query Microsoft Graph API, we are going to need some credentials to authenticate to Microsoft. For this example, we create an application that will query Microsoft Graph API for groups and list all users in each group. First, we will need to head over to the Azure Active Directory(AD) Admin Center portal to create an App registration. The Azure AD Admin Center will look something like this:

Next, we will create credentials for the application. Select “Certificates & Secrets” on the left-hand side then “New Client Secret” to provide an appropriate name and description for the secret. Make sure you save your secretID and value before leaving the page.

Now, we must provide the appropriate permissions. We learned from Microsoft Graph Explorer that these queries require User.Read.All and Group.Read.All permissions.

Select “Add Permissions”, then select Microsoft Graph as the resource.

For elevated privileges, we need to select “Grant Admin Consent”. If the green marks appear near your permissions, you are ready to roll.

Let’s Query Graph API in Golang

Configuration File

We are going to start with our configuration file. You can use whatever sort of configuration files or environment variables you’d like to set your secret variables, but for this example, we will be using a YAML file that looks like this:

Imports 

We are importing fmt. fmt stands for format. The package enables us to format input and output values easily. We are importing the Microsoft graph SDK(software development kit) for Golang to access the Microsoft tool easily. We are importing viper to read our configuration file. Once again, there are plenty of ways to work with these variables.

Get Microsoft Client 

Our configuration function will read our credentials from our configuration file, call the SDK NewGraphClient method and return a Microsoft Graph Client. This returned client object acts as an interface between our application and the o365 Graph API, allowing us to easily interact with the API.

Get Groups and Users

Once we have created a client object, we can start querying for our groups. This main function queries all groups in our organization, loops through the groups, then prints the name and the users in the group. If there are any errors in our ListGroups() query, err.Error() prints the error as a human-readable string.

Here is an example of the output:

Summary

Today we had a light introduction to the powerful tool Microsoft Graph API.

• We used Graph Explorer to get started with the API quickly. We learned how to list groups in our organization and which permissions we need to run such queries.

• We learned how to create an Azure Application Registration.

• We got our feet wet with Golang and the Microsoft graph SDK by listing the groups and group members.