Microsoft Graph is a RESTful web API that enables you to access Microsoft Cloud service resources. In this article, we will go through the requests we have to make in order to access the documents in a SharePoint Document Library.

Prerequisites:

  • Register an Azure AD app and allow the app to have full/read control to SharePoint sites in all site collections without a signed-in user. Refer the Microsoft Graph permissions reference here
  • Note down the Application ID(Client ID) and Key(Client Secret)
  • Download and install Postman that simplifies the API testing or any API Testing Tool

REST Calls involved

Get Access Token 

To call Microsoft Graph, your app must acquire an access token from Azure Active Directory (Azure AD), Microsoft’s cloud identity service. Access tokens issued by Azure AD are base 64 encoded JSON Web Tokens (JWT). They contain information (claims) that web APIs secured by Azure AD, like Microsoft Graph, use to validate the caller and to ensure that the caller has the proper permissions to perform the operation they’re requesting.

Copy “access_token” value from the following API call’s reponse. This value will be used in the subsequent REST API calls as bearer token.

Replace:

{tenant-id} with your Office 365 Tenant ID. You can find the same from here.

{client-id} with Application ID copied from Azure AD Application.

{client-secret} with Key(Client Secret) copied from Azure AD Application.

Get SharePoint Site ID

We have to get the SharePoint Site ID(highlighted) where document library is located using the following url:

https://graph.microsoft.com/v1.0/sites/host-name:/server-relative-path

Replace:

{host-name} with your SharePoint online root site url.

{server-relative-path} with site’s relative path.

Get Document Libraries from a SharePoint Site

To get a list of document libraries from a SharePoint site, call the following endpoint:

https://graph.microsoft.com/v1.0/sites/site-id/drives

Replace:

{site-id} with the site id received in the previous step.

Get Files from a Document Library 

To get a list of files in a document library, call the following endpoint:

https://graph.microsoft.com/v1.0/sites/site-id/drives/drive-id/root/children

Replace:

{site-id} with the site id received in the previous step.

{drive-id} with one of the document library id received in the previous step.

Get a Specific File from a Document Library

To get a specific file from a document library, call the following endpoint:

https://graph.microsoft.com/v1.0/sites/site-id/drives/drive-id/root:/item-path

Replace:

{site-id} with the site id received in the previous step.

{drive-id} with one of the document library id received in the previous step.

{item-path} with file name or path.

I hope this article has helped you to understand the REST API calls required to reach a file in a SharePoint Document Library using Graph API.

Sharing is Caring !

Summary

Sample SharePoint Framework client-side web part for Microsoft Teams Tab illustrating Video Recording using MediaRecorder Web API.

This is an experimental web part. Because this technology’s specification has not stabilized, check the compatibility table for usage in various browsers. Also note that the syntax and behavior of an experimental technology is subject to change in future versions of browsers as the specification changes

Teams Custom Tab

About

Add Custom Tab

API Management - MSGraph

Custom Tab

Applies to

Solution

Solution Author(s)
teams-tab-video-recorder Joseph Velliah (SPRIDER, @sprider)

Version history

Version Date Comments
1.0 November 20, 2018 Initial release

Disclaimer

THIS CODE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT.


Minimal Path to Awesome

  • clone this repo
  • run npm i
  • go to this Microsoft article and follow the steps to package and deploy my sample
  • Go to your tenant’s API management page to approve the permission requests configured in this web part.

Features

This project illustrates the following concepts:

  • Building Microsoft Teams tab using SharePoint Framework
  • Packaging and deploying web part as a Microsoft Teams tab
  • Front/Back camera selection
  • Video recording using the supported browsers
  • Playback recording
  • Upload recorded video in user’s OneDrive root folder

Problem 

  • Office 365 Service Communications can only be accessed by any user with global admin or product admin rights (for Exchange, Skype for Business and SharePoint).
  • Dependencies tied to Office 365 Service, as well as the teams that are accountable for those configuration items

Solution 

The Office 365 Service Communications API is a REST service that allows us to develop solutions using any web language and hosting environment that supports HTTPS and X.509 certificates. The API relies on Microsoft Azure Active Directory and the OAuth2 protocol for authentication and authorization. To access the API from our application, we will need to first register it in Azure AD and configure it with permissions at the appropriate scope. This will enable our application to request OAuth2 access tokens necessary for calling the API. We can find more information about registering and configuring an application in Azure AD at Office 365 Management APIs getting started.

We can use the Office 365 Service Communications API V2 to access the following data:

  • Get Services: Get the list of subscribed services.
  • Get Current Status: Get a real-time view of current and ongoing service incidents and maintenance events
  • Get Historical Status: Get a historical view of service health, including service incidents and maintenance events.
  • Get Messages: Find Incident, Planned Maintenance, and Message Center communications.

Note: The Office 365 Service Communications API has been released in preview mode. When the General Announcement of Office 365 Service Communications API was made, the older version of the Service Communications API began a period of deprecation.

Sample Calls using Postman

Benefits 

  • Provide service health information to partners and endusers.
  • Encouraging early adoption by endusers
  • Plan our change and release management strategy for Office 365
  • Plan our monitoring strategy and tool integration for Office 365
  • Ensure Service Desk and Incident Management know how to proactively operate and support Office 365 in an end-to-end manner by integrating the tools available into our existing processes

Development Scenarios 

  • Build intelligent bots to naturally interact with our users on a website, app, Microsoft Teams, Skype and more.
  • Building Microsoft Teams tab using SharePoint Framework
  • An application that is running in the background, such as a daemon or service

If you want your SharePoint add-in to appear in SharePoint Store, you need to submit it to the Seller Dashboard for approval. You can add and save your submission as a draft in your Seller Dashboard account until you’re ready to submit it for approval.

Prerequisites

  • Familiarize yourself with the AppSource validation policies
  • Seller dashbaord account
  • Add-in file in .app format
  • App logo
  • App screenshots specific to supported languages

Steps

This section lists the steps involved in submitting your SharePoint add-in in the Seller Dashboard.

Add a new app

On the overview page, click on Add a new app button

Listing type

On the listing type page, select SharePoint add-in and click next

Upload package

On the overview page, provide the mandatory field details as shown below and click next

Language details

On the details page, select the necessary languages and provide the mandatory field details as shown below and click next

Block access

If you want to prevent the app purchases, select the countries / regions

Lead management

To get information about users who acquire your add-in, you can submit lead configuration details for your customer relationship management (CRM) system in the Seller Dashboard.

Pricing model

Choose the pricing model fits your need

Save as Draft or Submit

On your summary page, select EDIT DRAFT and make your changes. Select SUBMIT FOR APPROVAL. After your seller account is approved, you can submit your add-in to the Seller Dashboard. You can make changes at any point before you submit for approval, but during the approval process, you won’t be able to make any changes.

Microsoft Graph is the gateway to data and intelligence in Microsoft 365. Microsoft Graph provides a unified programmability model that you can use to take advantage of the tremendous amount of data in Office 365, Enterprise Mobility + Security, and Windows 10.

You can use the Microsoft Graph API to build apps for organizations and consumers that interact with the data of millions of users. With Microsoft Graph, you can connect to a wealth of resources, relationships, and intelligence, all through a single endpoint: https://graph.microsoft.com.

Register Application

In order to call Graph API you need to have a registered application within Azure Active Directory that has delegated permissions for the API application.

  • Sign in to your Application Registration Portal(https://apps.dev.microsoft.com).
  • Click on the “Add an app” button.
  • Enter the app name and click the “Create” button to proceed further.
  • Copy Application Id(Client Id) and save it.
  • Now you need to create the Application Secret. To do so click on the “Generate New Password” button as shown below. Once you click the button a pop-up screen will appear displaying the generated one time password. Copy the password and save it securely. Then click the “Ok” button as shown below.
  • Add the Microsoft Graph Permission as shown below
  • Click on the “Save” button to update the changes you made.

Grant Admin Consent

Application permissions are used by apps that run without a signed-in user present; for example, apps that run as background services or daemons. Application permissions can only be consented by an administrator.

To grant admin consent through a URL request:

  • Construct a request to login.microsoftonline.com with your app configurations and append on &prompt=admin_consent.
  • After signing in with admin credentials, the app has been granted consent for all users.

Execute Console Application

  • Download the code sample from this link.
  • Open the solution in Visual Studio.
  • Update the following values in the App.config file
    • TenantId – Office 365 Tenant Identity
    • ClientId – Application Id copied in the app registration process
    • ClientSecret – Password / Public Key copied in the app registration process
  • Save and Execute the console application

Output

Note: Output may vary based on the groups created in your tenant.

Special thanks to @Arutvicky for the code cleanup.

With the profile completeness extension we can encourage or force users to fill their profiles. This sample SPFx extension renders a profile completeness meter where the user can see the score details.

react-application-profile-meter react-application-profile-meter

Used SharePoint Framework Version

SPFx v1.6

Applies to

Solution Author(s)
react-application-profile-meter Joseph Velliah (SPRIDER, @sprider)

Version history

Version Date Comments
1.0 February 13, 2019 Initial release

Disclaimer

THIS CODE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT.

Minimal Path to Awesome

  • Clone this repository
    • Open serve.json file under config folder. Update PageUrl where you wish to test. react-application-profile-meter
  • Move to folder where this readme exists
  • In the command window run:
    • npm install
    • gulp serve

Features

This project contains SharePoint Framework extensions that illustrates the following features:

  • Command extension
  • Office UI Fabric React

Notice. This sample is designed to be used in debug mode and does not contain automatic packaging setup for the “production” deployment.

What is governance?

Establishment of policies, and continuous monitoring of a proper implementation, by the members of the governing body of an organization. It includes the mechanisms required to balance the powers of the members (with the associated accountability), and their primary duty of enhancing the prosperity and viability of the organization. Governance is not about limiting the freedom.

Top 4 Office 365 management challenges explained by Marc Anderson and Benjamin Niaulin

  • Lack of visibility on what users are doing in Office 365
  • Group owners need guidance
  • Balancing user freedom with corporate governance requirements
  • Transitioning to a new accountability model

This article explains about different options available to govern Microsoft Teams and Groups.

Manage who can create Office 365 Groups

Because it’s so easy for users to create Office 365 Groups, we can restrict Office 365 Group creation to the members of a security group.

  • To manage who creates Office 365 Groups, we need Azure AD Premium or Azure AD Basic EDU license.
  • Only one security group in your organization can be used to control who is able to create Office 365 Groups. But, we can nest other security groups as members of this group.

Refer this article for more details.

Office365 Group Expiration Policy

A group lifecycle policy allows administrators to set an expiration period for groups. For example, after 180 days, a group expires. When a group reaches its expiration, owners of the group are required to renew their group within a time interval defined by the administrator. Once renewed, the group expiration is extended by the number of days defined in the policy. For example, the group’s new expiration is 180 days after renewal. If the group is not renewed, it expires and is deleted. The group can be restored within a period of 30 days from deletion.

Refer this article for more details.

Orphan Teams and Groups

It is a good practice to find teams and groups without owners. We can get this information from Teams Admin Center as shown below

Best Practices

  • Assign minimum two owners
  • Create a PowerShell script to find the orphan groups on a weekly or monthly basis and send reports to admins.

Potentially Obsolete Teams and Groups

Analytics and reports will help you create different reports to get insights into how users in your organization are using Teams. Your organization can use the information from the reports to better understand usage patterns, help make business decisions, and inform training and communication efforts.

As we noticed from the Teams Admin Center, this is not a rich report. Tony Redmond has written an awesome PowerShell script that can reveal unused teams or groups.

Guest access in Teams

Guest access in Teams lets people outside your organization access teams and channels. You can control the guest permissions on Teams meeting and messaging from the Teams Admin centre.

The following functionalities are not available to a guest in Microsoft Teams as of today:

  • OneDrive for Business
  • People search outside of Teams
  • Calendar, Scheduled Meetings, or Meeting Details
  • PSTN
  • Organization chart
  • Create or revise a team
  • Browse for a team
  • Upload files to a person-to-person chat

Teams Classifications

Adding team’s classification helps us to group the teams with restrictions such as guest access, meeting policies, etc.,

Refer here for more details.

Group Naming Policy

We use group naming policy to enforce a consistent naming strategy for Office 365 groups created by users in your organization. A naming policy can help you and your users identify the function of the group, membership, geographic region, or who created the group.

Refer here for more details.