Microsoft Graph API – Access Documents from SharePoint Document Library using Azure AD Application Credentials and Postman

Microsoft Graph is a RESTful web API that enables you to access Microsoft Cloud service resources. In this article, we will go through the requests we have to make in order to access the documents in a SharePoint Document Library.

Prerequisites:

  • Register an Azure AD app and allow the app to have full/read control to SharePoint sites in all site collections without a signed-in user. Refer the Microsoft Graph permissions reference here
  • Note down the Application ID(Client ID) and Key(Client Secret)
  • Download and install Postman that simplifies the API testing or any API Testing Tool

REST Calls involved

Get Access Token 

To call Microsoft Graph, your app must acquire an access token from Azure Active Directory (Azure AD), Microsoft’s cloud identity service. Access tokens issued by Azure AD are base 64 encoded JSON Web Tokens (JWT). They contain information (claims) that web APIs secured by Azure AD, like Microsoft Graph, use to validate the caller and to ensure that the caller has the proper permissions to perform the operation they’re requesting.

Copy “access_token” value from the following API call’s reponse. This value will be used in the subsequent REST API calls as bearer token.

Replace:

{tenant-id} with your Office 365 Tenant ID. You can find the same from here.

{client-id} with Application ID copied from Azure AD Application.

{client-secret} with Key(Client Secret) copied from Azure AD Application.

Get SharePoint Site ID

We have to get the SharePoint Site ID(highlighted) where document library is located using the following url:

https://graph.microsoft.com/v1.0/sites/{host-name}:/{server-relative-path}

Replace:

{host-name} with your SharePoint online root site url.

{server-relative-path} with site’s relative path.

Get Document Libraries from a SharePoint Site

To get a list of document libraries from a SharePoint site, call the following endpoint:

https://graph.microsoft.com/v1.0/sites/{site-id}/drives

Replace:

{site-id} with the site id received in the previous step.

Get Files from a Document Library 

To get a list of files in a document library, call the following endpoint:

https://graph.microsoft.com/v1.0/sites/{site-id}/drives/{drive-id}/root/children

Replace:

{site-id} with the site id received in the previous step.

{drive-id} with one of the document library id received in the previous step.

Get a Specific File from a Document Library

To get a specific file from a document library, call the following endpoint:

https://graph.microsoft.com/v1.0/sites/{site-id}/drives/{drive-id}/root:/{item-path}

Replace:

{site-id} with the site id received in the previous step.

{drive-id} with one of the document library id received in the previous step.

{item-path} with file name or path.

I hope this article has helped you to understand the REST API calls required to reach a file in a SharePoint Document Library using Graph API.

Sharing is Caring !

Office 365 Groups and Teams Governance

What is governance?

Establishment of policies, and continuous monitoring of a proper implementation, by the members of the governing body of an organization. It includes the mechanisms required to balance the powers of the members (with the associated accountability), and their primary duty of enhancing the prosperity and viability of the organization. Governance is not about limiting the freedom.

Top 4 Office 365 management challenges explained by Marc Anderson and Benjamin Niaulin

  • Lack of visibility on what users are doing in Office 365
  • Group owners need guidance
  • Balancing user freedom with corporate governance requirements
  • Transitioning to a new accountability model

This article explains about different options available to govern Microsoft Teams and Groups.

Manage who can create Office 365 Groups

Because it’s so easy for users to create Office 365 Groups, we can restrict Office 365 Group creation to the members of a security group.

  • To manage who creates Office 365 Groups, we need Azure AD Premium or Azure AD Basic EDU license.
  • Only one security group in your organization can be used to control who is able to create Office 365 Groups. But, we can nest other security groups as members of this group.

Refer this article for more details.

Office365 Group Expiration Policy

A group lifecycle policy allows administrators to set an expiration period for groups. For example, after 180 days, a group expires. When a group reaches its expiration, owners of the group are required to renew their group within a time interval defined by the administrator. Once renewed, the group expiration is extended by the number of days defined in the policy. For example, the group’s new expiration is 180 days after renewal. If the group is not renewed, it expires and is deleted. The group can be restored within a period of 30 days from deletion.

Refer this article for more details.

Orphan Teams and Groups

It is a good practice to find teams and groups without owners. We can get this information from Teams Admin Center as shown below

Best Practices

  • Assign minimum two owners
  • Create a PowerShell script to find the orphan groups on a weekly or monthly basis and send reports to admins.

Potentially Obsolete Teams and Groups

Analytics and reports will help you create different reports to get insights into how users in your organization are using Teams. Your organization can use the information from the reports to better understand usage patterns, help make business decisions, and inform training and communication efforts.

As we noticed from the Teams Admin Center, this is not a rich report. Tony Redmond has written an awesome PowerShell script that can reveal unused teams or groups.

Guest access in Teams

Guest access in Teams lets people outside your organization access teams and channels. You can control the guest permissions on Teams meeting and messaging from the Teams Admin centre.

The following functionalities are not available to a guest in Microsoft Teams as of today:

  • OneDrive for Business
  • People search outside of Teams
  • Calendar, Scheduled Meetings, or Meeting Details
  • PSTN
  • Organization chart
  • Create or revise a team
  • Browse for a team
  • Upload files to a person-to-person chat

Teams Classifications

Adding team’s classification helps us to group the teams with restrictions such as guest access, meeting policies, etc.,

Refer here for more details.

Group Naming Policy

We use group naming policy to enforce a consistent naming strategy for Office 365 groups created by users in your organization. A naming policy can help you and your users identify the function of the group, membership, geographic region, or who created the group.

Refer here for more details.

Console Application – Get Groups using Microsoft Graph API and Azure Active Directory App Authentication

Microsoft Graph is the gateway to data and intelligence in Microsoft 365. Microsoft Graph provides a unified programmability model that you can use to take advantage of the tremendous amount of data in Office 365, Enterprise Mobility + Security, and Windows 10.

You can use the Microsoft Graph API to build apps for organizations and consumers that interact with the data of millions of users. With Microsoft Graph, you can connect to a wealth of resources, relationships, and intelligence, all through a single endpoint: https://graph.microsoft.com.

Register Application

In order to call Graph API you need to have a registered application within Azure Active Directory that has delegated permissions for the API application.

  • Sign in to your Application Registration Portal(https://apps.dev.microsoft.com).
  • Click on the “Add an app” button.
  • Enter the app name and click the “Create” button to proceed further.

  • Copy Application Id(Client Id) and save it.

  • Now you need to create the Application Secret. To do so click on the “Generate New Password” button as shown below. Once you click the button a pop-up screen will appear displaying the generated one time password. Copy the password and save it securely. Then click the “Ok” button as shown below.

  • Add the Microsoft Graph Permission as shown below

  • Click on the “Save” button to update the changes you made.

Grant Admin Consent

Application permissions are used by apps that run without a signed-in user present; for example, apps that run as background services or daemons. Application permissions can only be consented by an administrator.

To grant admin consent through a URL request:

  • Construct a request to login.microsoftonline.com with your app configurations and append on &prompt=admin_consent.
  • After signing in with admin credentials, the app has been granted consent for all users.

Execute Console Application

  • Download the code sample from this link.
  • Open the solution in Visual Studio.
  • Update the following values in the App.config file
    • TenantId – Office 365 Tenant Identity
    • ClientId – Application Id copied in the app registration process
    • ClientSecret – Password / Public Key copied in the app registration process
  • Save and Execute the console application

Output

Note: Output may vary based on the groups created in your tenant.

 

 

 

Special thanks to @Arutvicky for the code cleanup.

Office 365 Service Communications API

Problem 

  • Office 365 Service Communications can only be accessed by any user with global admin or product admin rights (for Exchange, Skype for Business and SharePoint).
  • Dependencies tied to Office 365 Service, as well as the teams that are accountable for those configuration items

Solution 

The Office 365 Service Communications API is a REST service that allows us to develop solutions using any web language and hosting environment that supports HTTPS and X.509 certificates. The API relies on Microsoft Azure Active Directory and the OAuth2 protocol for authentication and authorization. To access the API from our application, we will need to first register it in Azure AD and configure it with permissions at the appropriate scope. This will enable our application to request OAuth2 access tokens necessary for calling the API. We can find more information about registering and configuring an application in Azure AD at Office 365 Management APIs getting started.

We can use the Office 365 Service Communications API V2 to access the following data:

  • Get Services: Get the list of subscribed services.
  • Get Current Status: Get a real-time view of current and ongoing service incidents and maintenance events
  • Get Historical Status: Get a historical view of service health, including service incidents and maintenance events.
  • Get Messages: Find Incident, Planned Maintenance, and Message Center communications.

Note: The Office 365 Service Communications API has been released in preview mode. When the General Announcement of Office 365 Service Communications API was made, the older version of the Service Communications API began a period of deprecation.

Sample Calls using Postman

commapitoken

commapigetstatus.PNG

Benefits 

  • Provide service health information to partners and endusers.
  • Encouraging early adoption by endusers
  • Plan our change and release management strategy for Office 365
  • Plan our monitoring strategy and tool integration for Office 365
  • Ensure Service Desk and Incident Management know how to proactively operate and support Office 365 in an end-to-end manner by integrating the tools available into our existing processes

Development Scenarios 

  • Build intelligent bots to naturally interact with our users on a website, app, Microsoft Teams, Skype and more.
  • Building Microsoft Teams tab using SharePoint Framework
  • An application that is running in the background, such as a daemon or service

 

 

Microsoft Teams Custom Tab – Video Recorder App using SharePoint Framework

Summary

Sample SharePoint Framework client-side web part for Microsoft Teams Tab illustrating Video Recording using MediaRecorder Web API.

This is an experimental web part. Because this technology’s specification has not stabilized, check the compatibility table for usage in various browsers. Also note that the syntax and behavior of an experimental technology is subject to change in future versions of browsers as the specification changes

Teams Custom Tab

About

Add Custom Tab

API Management - MSGraph

Custom Tab

Applies to

Solution

Solution Author(s)
teams-tab-video-recorder Joseph Velliah (SPRIDER, @sprider)

Version history

Version Date Comments
1.0 November 20, 2018 Initial release

Disclaimer

THIS CODE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT.


Minimal Path to Awesome

  • clone this repo
  • run npm i
  • go to this Microsoft article and follow the steps to package and deploy my sample
  • Go to your tenant’s API management page to approve the permission requests configured in this web part.

Features

This project illustrates the following concepts:

  • Building Microsoft Teams tab using SharePoint Framework
  • Packaging and deploying web part as a Microsoft Teams tab
  • Front/Back camera selection
  • Video recording using the supported browsers
  • Playback recording
  • Upload recorded video in user’s OneDrive root folder

SharePoint Online – Analyze User Feedback using Sentiment Analysis API and Microsoft Flow

The Sentiment Analysis API provided by Microsoft evaluates text input and returns a sentiment score for each document, ranging from 0 (negative) to 1 (positive). This capability is useful for detecting positive and negative sentiment in social media, customer reviews, and discussion forums. In this article I am going to show you how to send the feedback entered in a SharePoint online modern list item to Sentiment Analysis API and update the response back in SharePoint. Also I am going to show how to beautify the Sentiment score with emojis using column formatting feature.

Create a SharePoint list with the following columns

columns.PNG

At the top of the list, click Flow, and then click Create a flow.

newflow

Select the below flow template from the right-hand panel.

select flow type.PNG

Follow the instructions on the Microsoft Flow site to connect to the list we have created. Credentials will be verified for each service used in the flow. For Office 365 services such as SharePoint and Outlook, connections will be created automatically. The next steps will be performed in the Microsoft Flow designer. The first action displayed, also known as a trigger, will determine how the flow will be started. Additional actions may be added after the first. Each new action will be dependent on the previous action.

add new step.PNG

Next step is to add an initialize variable action to set the value of the current Item Id.

setitemid.PNG

Create a POST request using a HTTP action. Set the HTTP Method, URI, Headers and Body as shown below:

Note: Login to Azure and get the Ocp-Apim-Subscription-Key. Refer this article for steps.

CallSentimentAPI.PNG

Now let us parse the sentiment score from the response we received from the HTTP action and save the value in a variable using initialize variable action as shown below

SetSentimentScore.PNG

Expression : body(‘CallSentimentAPI’)[‘documents’][0][‘score’]

Here CallSentimentAPI is HTTP action name.

Let us update the sentiment score in the list item using a Send an HTTP request to SharePoint action as shown below

update list item.PNG

Save the flow and go back to the list.

Let us create a new item in the SharePoint list to check the sentiment score for our feedback

new item.PNG

If all goes well, we should see the sentiment score in the list column as shown below

data.PNG

We can check the status of every execution in the flow history as shown below

status.PNG

success run.PNG

To beautify the sentiment score with emojis, we can use SharePoint column formatting feature as shown below

column formatting

I have used the following column formatting formula to convert the sentiment score into emojis

formual.PNG

Hope you liked this post. If you have any questions on sharepoint or office 365, please let me know.

Add Modern SharePoint Site Page in Microsoft Teams

Microsoft Teams is a chat-based workspace that brings together people, conversations, content, and tools for easier collaboration. SharePoint sites include the modern page feature, which allow you to engage the team members with important or interesting stories. Here I am going to show you how to display a SharePoint modern page with in teams as a tab.

I have created a SharePoint modern page as show below:

samplemodernpage.png

Set up SharePoint Modern Page in Teams

  • In Teams, navigate to the team where you want your SharePoint page to appear.

teams1.PNG

  • Click the plus sign to add a new tab.

teams2

  • Click on Website

teams3.png

  • Provide a Tab name and SharePoint Modern page url and click Save. Optionally we can select Post to the channel about this tab check box to communicate this change with the users.

teams4

  • That’s it! Now, every time you visit your team, the newly added tab will appear as part of the teams as shown below

teams5.png

  • You can use the expand / collapse button to view the content the way you like

teams6

Notes :

  • I don’t know if you noticed, but the out of the box sharepoint controls such as Suite Bar, Left Navigation, Search Box, Page Title Area and Command Bar are gone within teams.
  • If you have custom webparts within the page, you can not edit properties of those within teams.
  • You can not change the web part arrangement sequence within teams.
  • You can not display classic page.

SharePoint Framework Web Part – Continuous Integration and Delivery

Continuous Integration and Delivery are the foundations of Modern Software Development. Continuous Integration and Delivery process is going to help your team in the following aspects:

  • Revision Control
  • Build Automation
  • Automated Deployment
  • Reduced Overhead
  • Consistent Build Process
  • Confidence and Team Communication
  • Risk Mitigation

In this article, I am going to show you how to set up Continuous Integration and Delivery for SharePoint Framework Web Part.

Tools Needed 

  1. Visual Studio Team Service – Source Control System
  2. Visual Studio Code – Code Editor
  3. SharePoint Framework Development Environment – Refer
  4. Git Repository Project in Visual Studio Team Service(VSTS)
  5. Git Commands
  6. A SharePoint Document Library that acts as a CDN
  7. SharePoint App Catalog Site
  8. A SharePoint Site to test the app

SharePoint Framework(SPFx) Git Project Configuration

The first step is to create a SPFx Git Repository Project in VSTS.

snip20170818_1.png

(Example)

Let us clone the newly created Git project into your favorite local folder using the following git command

git clone -b master repopath

SharePoint Framework(SPFx) Web Part Setup

Go to the project directory using command prompt/ terminal and set up your SPFx Web Part project as explained here. I am going to use my sample code here but feel free to write your own logic in your SPFx Web Part.

This is my project folder structure

snip20170818_4.png

One Time Activity

Let us package artifacts and upload the files in app catalog site and CDN library.

Open the write-manifests.json file under config folder and update the cdnBasePath parameter with your CDN SharePoint Document Library path.

snip20170818_8.png

Make sure you are still in the project directory you used to set up your web part project. In the console window, execute the following gulp task:

snip20170818_9.png

This will build the minified assets required to upload to the CDN library in temp\deploy directory. Go to your CDN SharePoint Library and upload the generated files.

snip20170818_11.png

snip20170818_14.png

In the console window, execute the following gulp task to package your client-side solution that contains the web part:

snip20170818_10.png

The command will create the .sppkg package file in the sharepoint/solution.

snip20170818_12.png

Go to your App Catalog site and upload the generated .sppkg file to the App Catalog. This will deploy the client-side solution package. SharePoint will display a dialog and ask you to trust the client-side solution to deploy. Click deploy.

snip20170818_13.png

At this point the web part is ready to be used on a page. Open a site where you want to test the web part and go the Site contents page of the site. Choose Add – App from the toolbar and choose the your app to be installed on the site.

snip20170818_16

After the app has been installed, add the webpart in a page

screen-shot-2017-08-18-at-10-36-17-am.png

Check-in the code and push the same to master branch via Visual Studio Code editor.

Climax

At this point we are ready integrate our SPFx web part project repository with VSTS continuous build and release process.

Gulp Tasks

Upload the highlighted custom gulp tasks provided by Elio Struyf and install the necessary npm packages as per the instruction given.

snip20170818_7.png

Update the gulpfile.js as shown below:

snip20170818_6.png

Continuous Integration and Delivery Setup in VSTS

Switch back to VSTS

Go to build & release section and click New buttonscreen-shot-2017-08-18-at-10-43-52-am.png

Select the empty template and click Apply.

Variables

Configure the following variables for the build and release. Adjust the values as per your environment.

snip20170818_28.png

Tasks

Add the following tasks and configure it as shown below

Process

snip20170818_19.png

Get Sources

snip20170818_20.png

NPM Install – npm

snip20170818_21.png

Update CDN Location – Gulp 

snip20170818_22.png

Bundle Project – Gulp

snip20170818_23.png

Package Solution – Gulp 

snip20170818_24.png

Upload Files in CDN – Gulp

snip20170818_25.png

Upload App Package to App Catalog – Gulp 

snip20170818_26.png

Deploy App – Gulp 

snip20170818_27.png

Trigger

Also enable the continuous integration settings so that the build process starts when the latest code is checked-in in master branch.

snip20170818_29.png

All done. Now it is time to test our continuous build and release process by pushing a new code change to git repository and check build process get triggered.

Code Change 

Let us change the progress bar color to red and check-in the latest change to git.

screen-shot-2017-08-18-at-11-23-24-am.png

Commit & Push Code Changes 

screen-shot-2017-08-18-at-11-26-05-am.png

screen-shot-2017-08-18-at-11-26-25-am.png

Build and Release Status

screen-shot-2017-08-18-at-11-30-18-am.png

snip20170818_31.png

snip20170818_32.png

snip20170818_33.png

snip20170818_34.png

As you can see in the screenshot, the latest code got updated and progress bar color is reflecting.

Email Notification

snip20170818_35

Note: You can isolate the deployment process from the build process using a release template.

Azure Traffic Manager for Provider Hosted Apps – Global Load Balancing

Microsoft Azure Traffic Manager allows us to control the distribution of user traffic to the specified endpoints (Zone Specific Azure Sites).

Azure Traffic Manager gives us three traffic routing methods to choose from:

  • Failover
  • Performance
  • Round robin.

We can choose the one that is right for our application or scenario.

Advantages

  • Traffic Manager can improve the availability of important applications by monitoring our Azure sites and automatically directing users to a new location anytime there is a failure.
  • Traffic Manager makes applications more responsive and improves content delivery times by directing users to an Azure or external location with the lowest network latency.
  • Traffic Manager can direct user traffic to distribute it across multiple locations

Steps to load balance provider hosted apps

  • Create Azure websites in different zones
  • Create a Traffic Manager profile
  • Configure End Points (Zone Specific Azure Sites)
  • Point the company Internet domain(https://providerapps.sprider.com) to a Azure Traffic Manager domain(https://sprider.trafficmanager.net)
  • Publish the web deploy packages separately in each azure website. We need to do this two times, one for each azure website data center location.
  • The azure website virtual directory is accessible using the TM URL ). So while registering the app we must give the TM URL for the following parameters
    • App Domain:      providerapps.sprider.com
    • Redirect URI:     https://providerapps.sprider.com/POCRER/Pages/default.aspx

drawing1.png

Reference

https://azure.microsoft.com/en-us/documentation/articles/traffic-manager-manage-profiles/

Deploying Multiple Provider Hosted Apps in a Single Azure Web Site

Is it possible to host Multiple Provider Hosted Apps in a Single Azure Web Site?

The answer is Yes. If yes how?

Here you go…..

  • Create Azure Site
  • Create Required App Folders
    1. Go to azure web site
    1. Click on the Configure link in the top navigation for the web site
    1. Scroll to the bottom of the page and enter the values for your new virtual paths as shown below:

1

Note: Make sure you check the Application checkbox.

  • Register your apps using appregnew.aspx page as shown below

2.png

Note: Here I am adding my virtual directory sub folder name(App1 and App2) after azure website URL.

  • Your app manifest file should look like this

3.png

Note: Here I am adding my virtual directory sub folder name(App1 and App2) after ~remoteAppUrl. If you don’t have Remote Event Receiver in your app, you do not need to configure InstalledEventEndpoint and UninstallingEventEndpoint.

  • Publishing configuration(App Web Project) should be something like this

4.png

Note: Here I am adding my virtual directory sub folder name(App1 and App2) after site name.

  • Finally the app package configuration should be like this

5.png

Note: Here I am NOT adding my virtual directory sub folder name(App1 and App2).

Let me know if you  have any questions on this.