►
Description
Jocel Sabellano gives a deep dive into getting started with the Microsoft graph API via PowerShell. He discusses how it works and how to interact with it to access the myriad of services in the Microsoft 365 Cloud.
Jocel is a cloud expert for an MSP in the Chicago area. He works with customers helping them get their data into the cloud and accessing that data securely. The Research Triangle PowerShell User group is the world's largest PowerShell group. We meet twice a month to discuss all things PowerShell and automation.
A
All
right
and
good
evening,
and
thanks
so
much
for
everybody
for
joining
the
Research
Triangle
powerful
user
group.
We're
super
excited
today
to
have
just
cell
come
here
and
talk
to
us
about
Microsoft
graph.
Certainly
I'm
gonna
learn
and
get
our
maneuvering
our
way
through
Microsoft
graph
and
take
it
away.
First.
B
Let
me
just
introduce
myself
names:
Joe,
solla,
sollew,
ya,
know
I
read
automations
in
PowerShell
and
you
can
check
me
in
github
for
it
/
the
I
TRX
I
am
a
senior
systems
engineer
that
it's
based
here
in
Chicago,
so
tonight's
agenda,
we're
gonna,
be
talking
a
brief
overview
of
what
is
Microsoft
graph
API
and
then
you
know
the
benefits
of
knowing
graph
and
then
what
applications
or
automations
make
with
it.
And
then
the
bulk
of
the
session
is
gonna,
be
how
to
authenticate
the
graph
API.
B
So
what
is
a
Microsoft
brow
arm?
It
is
a
REST
API,
a
unified
endpoint
that
gives
you
access
to
as
your
ad
Excel
and
soon
Outlook
onedrive
SharePoint
planner
has
a
lot
of
more
so
pretty
much
anything.
That's
of
our
totally
anything.
That
said
within
the
umbrella
of
Microsoft
365,
you
can
access
those
resources
through
graph
API
and
then
from
those
axes.
You
can
general
reports
and
all
that
data
perform
hundreds
and
hundreds
of
tests
programmatically.
Then
you
can
build
a
lot
of
automations
or
apps
and
yeah
just
be
awesome
with
it.
B
So
why
is
Microsoft
grab
important?
What
you
can
do
with
it
is
you
can
onboard
users,
you
can
automate
the
onboarding
of
your
users.
You
can
integrate
with
Excel.
Obviously
you
can
tap
into
Excel
API
endpoint,
and
then
you
know
just
automate
your
workflows.
You
can
manage
employee
profiles
and
then
you
can
manage
and
tune
in
autopilot,
correlated
security
events
and
then
grab
a
ton
of
reporting.
Data.
B
Insights
and
analytics
to
my
favorites
are
the
correlation
of
events
and
then
our
reporting
and
insight
insights
in
analytics
back
last
project
had
with
graph
API,
was
creating
automatic
tickets
for
all
the
security
alerts.
Right
in
all
of
our
customers
of
history,
six,
five
environment,
so
yeah,
that's
that's
really
good!
B
So
some
numbers
about
Microsoft
graph,
90%
of
all
Fortune
500
companies
have
data
and
Microsoft
graph
plot.
One
hundred
and
billion
one
hundred
billion
mark
Sotka
graph
requests
every
month,
then
18
terabytes
of
data
that
includes
emails,
events,
users,
files
groups
and
more
and
that
108
a
million
month
active
active
users
for
marks
off
365.
B
B
So,
let's
dedication
before
I
dive
into
the
details
abut
I
would
like
to
have
just
small
differentiation
between
the
conventional
way
of
authenticating
to
remote
servers
versus
graph
API,
the
conventionally
you
know
you
would
need
to
have
a
username
and
password
put
in
a
you
know
a
credential
object,
and
then
you
know
stitch
that
to
your
command,
lit
and
then
forward
over
to
the
remote
server
right.
That's
the
two-legged
setup,
simple
and
straightforward!
B
If
you,
if
your
username
password,
is
right-
and
if
you
have
the
right
permissions,
then
you
get
what
you
need
right
with
graph
API
you're
gonna
be
dealing
with
a
three-legged
setup.
First
leg
is
your
yourself:
is
the
client
and
then
the
authentication
server
and
then
so
you're
gonna
be
forwarding
a
bunch
of
information
to
the
authentication
server,
for
example
your
service
principal
the
application,
ID
secret
and
a
bunch
of
other
stuff
at
which
we're
gonna
be
dealing
in
a
bit
and
then
once
everything's
good.
You
get
your
access
token.
B
It's
pretty
much
like
you
know
when
you,
when
you
go
to
into
our
arcade,
go
to
the
counter:
hey
get
the
token
and
then
go
to
the
whatever
you
know
game
you
wanna
play
right
and
just
up
in
the
token
similar
to
that
I
like
to
point
out
that
the
your
communication,
once
you
have
a
an
access
token,
the
process
is
pretty
much
uniform
and,
in
terms
of
you
know,
in
terms
of
sending
it
over
to
the
graph
API
endpoint.
B
The
difference
may
only
be
like
you
know
some
parameters,
and
you
know
some
information
that
you
need
to
put
over
a
to
to
or
to
attach
your
request,
but
in
terms
of
the
accessing
or
requiring
access.
Token
there's
a
lot
of
ways
depending
on
where
you
deploy
your
application
or
the
circumstances
of
your
script.
You
know
there's
a
lot
of
ways
and
how
to
acquire
a
token
and
like
I,
like
I,
said
earlier.
You
know
that's
when
the
confusing
confusion
comes
in
and
we're
gonna.
Try
to
you
know
demystified
that
can
for
tonight.
B
B
From
the
add,
your
app
or
from
the
service
principle,
you
get
an
IP
case,
you
an
ID
and
secret,
and
then
you
attend
an
ID
and
you
assign
permissions
to
it
and
then
you
can
send
your
permission
or
an
admin
needs
to
consent,
your
permission
and
then
your
ad
credentials,
you
stitch
them
together
form
into
an
object,
and
then
you
sent
them
over
to
the
access
token
I'll
access,
token
endpoint
right
and
once
you
get
an
access
token
endpoint,
like
I,
said,
send
it
over
to
the
graph
API
endpoint.
B
Now
currently
there
are
two
route
URLs
for
the
graph
API
beta
endpoint
and
the
version
one,
and
then
the
format
for
the
URL
is
Microsoft
com4,
it's
less
version
force
less
resource,
ID
poverty
and
then
a
bunch
of
query
parameters
that
you
can.
You
know
put
into
your
URL.
B
So
when
you're
in
your
and
then
you
go
to
Active
Directory
Azure
Active
Directory,
and
then
you
go
to
app
registrations,
pretty
much.
You
register
in
your
application
and
since
I've
already
done
that
I'm
just
gonna
open
up
the
you
know
the
properties
for
my
as
your
app
here
here.
You
can
find
on
your
application.
B
Id
and
right
now
just
focus
on
like
the
information
that
I'm
pointing
out
here
and
we're
gonna
get
into
like
how
we
can
stitch
them
together
later
on,
and
then
you
get
the
tenant
ID
and
then
that's
what
you
need
and
then
your
API
permissions.
C
Yourself
yep,
so,
let's
just
back
up
for
people
that
may
have
never
seen
this
before
so
you're,
making
an
app
you're
simply
starting
up
an
app
all
those
IDs
that
you
had
there.
Those
will
all
assign
my
Microsoft.
You
then
could
use
later.
So
the
screen
app
is
simply
simple,
as
just
fine
and
so
I
want
to
find
new
app
right.
Yep.
B
Yep
and
then
you
just
go
through,
you
fill
out
a
bunch
of
information
on
the
yeah
pretty
much
so
that
is
really.
B
Yeah,
so
this
are
the
things
that
you
would
ask
you
on.
The
Rita
are
redirect
URL
and
then,
if
you
want
to
just
go
for
an
application
just
within
your
tenant-
or
you
know,
application
that
will
work
for
your
tenant,
so
pretty
much
I.
Think
an
analogy
here.
Is
your
service
miss
and
your
as
your
app
is
like
a
logical
older
or
for
your
application
for
your
script
and
later
on,
we're
gonna
be
able
to
understand
why
you
would
need
to
have
a
problem.
B
You
know
a
service
principle
and
this
approach
is
based
on
both,
which
is
you
know,
an
industry
standard
for
you
know
for
a
lot
of
you
know,
rest
api
I'm,
not
just
graph
API
to
learning
ooofff
or,
like
all
these
methods,
we'd
be
able
to
benefit
from
it,
not
just
by
learning
graph
API
but
as
well
as
you
know,
we
need
to
talk
to
Facebook
API,
you
know
other
other
REST,
API
and.
C
Was
I
was
just
gonna
say,
fill
I'm
sorry.
This
is,
if
you're
building
an
app
from
scratch,
if
you've
built
sure
we're
trying
to
connect
to
an
app
that
Microsoft
has
already
set
up
the
connectors,
for
you
basically
want
to
say:
hey
I
want
to
use
an
applet,
confer
and
I
just
want
to
put
in
my
information
about
concur
and
then
Microsoft
has
already
made
the
backend
connections
to
get
to
concur
or
you.
B
Right,
but
you
know,
if
you
are
making
your
own
script,
you
would
need
to
have.
You
need
to
create
something
in
your
own,
so.
A
So
what
really
you're
talking
about
the
service
principle
is
this.
This
object
it's
this
construct
now
that
contract
as
a
credential.
That's
that
we
kind
of
talked
about
before,
but
it
has
your
attendant.
It
has
the
app
that
you're
connecting
to,
and
you
said,
the
permissions
you
assign
permissions
to
that
potential
service
principal
and
all
of
that
kind
of
stuff.
So
the
service
principle
is
the
is
the
thing
that
you're
going
to
be
doing
now
that
it
is
an
app?
It
is
a
bunch
of
other
stuff.
It
is
the
tenant.
A
It
is
the
subscription
it
is
your
user
ID.
It
is
your
connection,
it
is
an
API
token,
potentially
okay
and
then
that's
your
service
principle
and
then
later
on.
You
then
hand
that
to
an
Access
Authenticator,
which
then
comes
back
and
says
now,
I
have
a
token
that's
what
we
get
to
before
right.
Am
I
understanding
that
right,
so
I
just
wanted
to
reword
what
you
just
said:
yeah.
B
Yeah
yep,
okay
right
about
it,
so
you
can
sense
the
app.
So
you
know
you
authenticate
to
the
app
and
then
you
can
sent
it
and
then
you
know
you
get
a
token
and
then
you
know
on
your
future
request:
you're
no
longer
going
to
be
providing
your
user
and
password,
but
it's
just
gonna
be
the
app
it
represents
you
to
access
graph,
API
or
resources.
Yeah.
A
And
so
that
principle
would
be
unique
to
that
app
on
that
tenant
aren't
like
that
permissions,
and
so,
if
you
needed
to
do
a
different
permission
set
and
or
a
different
app,
then
it
would
be
again
in
the
same
tenant.
It
would
just
be
a
new
surface
principle
with
a
new
token
and
they'd
be
two
discrete
objects
right:
cool,
okay,.
B
All
right
so
going
back
to
my
app
here:
I
do
have
a
secret
yep
here,
so
you
could,
you
could
generate.
You,
know
a
couple
of
Secrets
for
different
purposes,
but
yeah
all
right,
so
yeah
pretty
much.
These
are
the
information
that
you
would
need
from
your
from
your
service
principal
arm,
you
permissions
and
then
the
consent
and
yeah
your
credentials.
So
let's
talk
about
briefly
its
talk
briefly
about
permissions.
You
can
assign
two
kinds
of
permissions
delegated
and
application.
B
So
if
you
are
to
request,
if
you
are
to
talk
to
graph
API-
and
you
know
needs
say,
for
example,
you
want
to
send
an
email
graph.
Api
would
need
to
have
a
user
context
within
your
access
token
right
so
from
there
you
can
sell
what
kind
of
permission
that
you
would
need
either
a
delegated
or
application
application
permission
with
delegated
permission.
B
B
If
you
go
to
our
API
permissions
and
then
when
you
add
a
permission
and
then
you
go
to
Microsoft
crap
and
then
you
get
two
kinds
of
permissions
here,
so
it's
pretty
much
like
you
ask
your
question
like
hey:
do
I
need
to
have
a
user
associated
to
this
yeah,
so
you
go
to
delete
delegate
permissions,
but
if
you
don't
need
to
have
a
user,
then
ya
use
go
for
application,
permissions
examples
of
endpoints
that
don't
need
arm.
B
You
know,
user
context
in
the
access
token
are
say:
reporting,
endpoints,
yeah
reporting
and
the
audits
and
stuff,
like
that.
Examples
of
you
know,
end
points
that
need
user
contacts
or
like
say
you
want
to
send
a
message
to
two
teams
right
or
send
an
email
and
let
how
stuff.
B
So
now
you
got
you
got
your
emissions,
but
that's
just
not
enough
need
also
to
consent
right.
So
you
know
you're
granting
permissions
the
service
principle
to
gain
access
to
your
email
right,
but
that's
not
up.
You're
gonna
need
to
have
you
need
to
consent,
it
explicitly
consent
it
to
let
it
access
to
your
email
or
to
let
it
access
to
your
about
tenants.
You
know
directory
data
right.
B
The
way
how
you
would
do
that
is
you
know
you
just
you
know,
pass
these
parameters
since
who
URL
and
then,
depending
on,
like
the
program
that
you're
using
we
would
perish
all
those
forms
that
you
could.
You
could
do
to
access
this
URL
and
then
you
authenticate
and
I
think
all
of
us
that
have
at
least
have
access
to
box
of
apps
before
are
familiar
with
this
screenshot
over
here,
where
in
this
case,
I'm
consenting
these
have
to
read
any
risk
information
in
my
tenant.
B
And
there
are
some,
you
know
permissions
as
well,
that
you
know
where
it's
not
enough
to
just
consent
or
he's
not
enough
for
a
user
to
consent.
It
needs
to
have
admin
consent.
Well,
this
is
how
you
would
do
it
this.
The
URL
for
this
is
pretty
much
straightforward.
B
It's
in
the
documentation,
I
do
I'm
in
a
bit.
I'm
gonna
show
you
where
we're
in
the
Docs
and
Microsoft
comm.
You
can
find
these
URLs
yep.
So
now,
yet
you
get
the
service
principle.
You
get
the
permissions,
you
get
the
consent
right,
so
you're
pretty
much
ready
to
send
this
over
to
the
axis,
to
request
for
an
access
token
right
so,
but
before
we
get
an
access
token
I'd
like
to
talk
about
the
Oh,
the
structure
of
the
access
token.
B
Here
this
is
an
example
of
an
access
token,
it's
an
encoded
string
and
then,
when
decoded,
it
translates
into
like
a
bunch
of
information,
I'm,
not
sure
if
it's
visible
here,
but
let
me
I'd
sue
here,
but
this
is
an
example
of
an
access
token
and
then
I
get
said.
If
decoded
it
gives
you
like
the
expiration,
also
meaning
you
can't
use
this
access
token.
B
If
it's
past
the
expiration
time,
and
then
you
know
the
user
associated
to
it,
yeah
and
the
access
token
right
now,
this
access
token
is
doesn't
have
any
permission
or
scope
assigned
to
it.
So
yeah
it's
JWT
or
json
web
token
and
then
the
end
point
to
request
over
the
URL
to
request
your
token
is
login
at
Microsoft
online.com
and
then
you
put
the
tenant,
ID
and
then
ooofff
to
version
2.0
and
then
token.
C
So
before
you
get
to
your
code,
we
just
want
to
make
sure
because
there's
some
chatter
in
the
chat-
and
this
is
a
topic
that
I
think
people
are
very
interested
in,
but
also
can
be
confusing
to
some
people
so
yeah.
There
are
some
people
that
have
been
asking
questions
rather
than
go
through
the
particular
I'd
like
to
ask
people.
Is
there
anybody
who
needs
another
walkthrough
on
what
we've
done
or
is
unsure
of
what
we've
covered
so
far,
because
this
is
like
foundational
so
guys?
C
C
Robertson,
can
you
delegate
less
permissions
and
giving
someone
complete
access
to
azure
ID,
and
I
think
the
answer
to
that
is.
Yes,
if
you
want
to
work
with
users,
you
need
so
there's
some
basic
questions
that
the
group
has
been
handling
but
I
just
want
to
make
sure
before
we
let
Giselle
Rippon
the
examples
that
we
understand
the
foundational
knowledge
of
apps,
the
information
that's
available
and
what
he's
gonna
start
piecing
together,
everybody's
okay
with
that
which
don't
seem
to
be
saying
anything
Joe,
so
keep
knocking
it
out.
Man,
you
doing
awesome
so.
A
A
B
B
A
B
A
App
registration
is
what
gives
you
your
secret
and
allows
you
to
consent
for
whatever
permissions
you
attribute
to
the
app
registration
right
and
then
we're
going
to
use
that
app
registration
information.
So
that's
what
the
client
ID
is.
The
client
is
part
of
that
app
registration,
the
tenant
ID,
is
the
tennis
to
your
Azure,
Active
Directory,
and
the
secret
is
essentially
the
password
for
the
quote/unquote
user.
That
is
the
app
registration.
This.
B
Here
is,
like
I,
said:
I
I
pretty
much
just
got.
You
know
to
be
all
these
information
and
I
made
a
hash
table,
and
this
is
how
I
this
is
my
preferred
method
to
stitch
all
these
information
together
and
then
you
know
the
grande
type
I'm
gonna
talk
about
this
in
a
bit.
You
can
have
to
specify
that
it's
client
credentials
and
then
the
school
client
ID
and
then,
if
I
run
this.
B
B
Now,
like
I
mentioned
on
a
three-legged
setup,
I
go
ahead
and
create
a
new,
a
new
hash
table
and
they
pretty
much.
You
know
my
example
over
here:
I'm
gonna
go
ahead
and
grab
all
the
users
in
my
directory.
A
So
at
this
point
is
that
this
is
this
is
the
the
sec,
so
you
kind
of
talked
about
like
the
the
three-legged
authentication,
so
you
used
a
token
request.
Yeah
token
request
the
res
there,
which
was
the
token
to
get
this
token
and
then
from
now
on,
in
order
to
talk
to
or
use
it
dr.
Graf
and
that's
the
line
36
there
is
in
order
to
get
some
more
data
or
to
do
other
work
and
all
the
kind
of
stuff
you
have
to
pass
in
that
bearer
token
and
then
authorize.
B
Every
time,
every
time
you
talk
to
graph,
you
gonna
have
to
yeah,
you
don't
have
to
go
through.
You
know
accessing
a
new
token.
Oh
yeah,
that's
a
really
good
question.
So
tokens
by
default
are
valid
for
one
hour.
All
right
and
I
know
you're
gonna.
Ask
me
like
what
are
you
telling
me
I'm
gonna
have
to
reoffending
Kate
or
gonna
have
to
like
acquired
token
every
hour,
not
but
I'm
gonna
have
to
explain
to
that
in
my
future.
B
Slides
and
I'm
gonna
get
into
that
in
a
bit
crushes
so
far
on
how
you
know
stitching
all
these
information
together,
work.
B
Right,
so
all
right,
so
I
got
an
access
token.
How
do
I
know
which
end
point
or,
like
you
know,
if
I
need
to
upload
files
into
my
onedrive?
How
do
I
know
right?
So
a
very
good
starting
point
is
going
to.
B
Yeah,
dr.
Microsoft
calm
or
it's
let's
graph
for
its
ledge
over
view,
and
then
this
is
where
you
can
get
started
with
things
I'm.
In
fact,
one
of
the
sub
menus
over
here
is
where
you
can
find.
You
know
the
coconut
token
access
token
URL
and
that
I
would
usually
go
to
say.
For
example,
if
I
go
when
I
go
to
reports
right
so
let's
say:
okay
I
want
to
know.
B
Oh
you
know
all
my
users
are
like
what
are
my
number
as
far
as
exchanged
traffic
in
my
network
right
so
now,
I
go
to
reports
and
I,
go
oh
say,
Outlook
and
then
get
activity,
counts
reports
get
activity,
count
and
then
from
here
it
tells
you
all
right.
So
what's
the
permission
you
would
need
to
be
able
to
have
this
access
token
all
right
to
be
able
to
query
into
this
endpoint.
B
A
B
B
Brants
hives,
like
I,
mentioned
earlier,
depending
on
your
circumstances
or
the
circumstances
of
your
your
automation,
depending
on
where
you
deploy
it.
It
is
very
important
to
know
the
different
grant
types
because
it
is
how
you
can
shape
the
way,
how
your
automation
to
behave
to
acquire
an
access
token.
So
you
know
to
explain
that
further.
B
For
example,
earlier
right,
you
notice,
in
my
access
token
request,
I
didn't
put
in
a
username
and
password
in
there
right,
so
bad
access.
Token
I
can't
use
that
for
just
for
me
to
be
able
to
send
an
email,
hey
or
say.
If
you
want
to
deploy
your
automation
and
so
like
a
headless
machine
right
and
then
your
user
account
needs
to
have
multi-factor
authentication
alright.
Now,
if
you
need
to
do
multi-factor
authentication,
obviously
you
need
to
open
up
a
web
GUI
HTML
based
form,
putting
your
username
password
and
go
through
the
you
know.
B
Second
factor
authentication
right
put
in
the
MFA
OTP,
whatever
right.
So,
if
you
wanna,
do
it
a
headless
machine?
How
we
gonna
do
that
right
or
you
know,
I
mentioned
you.
The
access
token
is
only
valid
for
an
hour,
but
how
are
we
gonna?
Do
it
this
way
that
you're
not
gonna
have
to
reallocate
every
hour
right?
B
So
you
know,
there's
you
know
different
ground
signs
that
you
can
choose
from,
but
these
are
the
most
you
know,
common
ones
that
are
that
are
used
at
least
from
what
I've
seen
and
let
me
get
into
like
the
details
for
each
one
of
that,
but
this
guy.
This
is
what
I
use
in
my
last
example,
which
is
client
credentials
and
it's
pretty
straightforward,
just
clan
credentials,
client,
ID
and
client
secret
and
again
you
can't
use
this,
for
you
know
talking
to
act.
The
end
points
that
need
user
contacts
now.
B
Right
so
an
extended
version
of
it
is
password,
so
you're
gonna
be
asking
me
like
okay,
how
do
I
go
down
and
for
password,
so
there's
password
grant
type.
The
thing,
though,
is
like
I
need
to
mention
this,
that
this
is
not
recommended.
Mike
with
Microsoft,
because
right
now
Microsoft's
been
pushing
a
multi-factor
authentication
it,
since
this
guy
doesn't
work,
come
on,
brick
doesn't
support
it,
so
it's
not
recommended
by
them,
but
why?
How
this
thing
works?
B
Is
it's
close
to
the
client
credentials,
but
you
just
need
to
you
know,
add
a
username
and
password
to
your
request,
token
buddy
and
then
for
the
grant
type
you
change
it
the
password
and
then
for
the
scroll
specify
the
scope.
Scope
is
like
pretty
much
like
the
you
know
the
permission
that
you
would
need
all
right.
So
you
know
permission
over
here:
I
have
directory
reader.
Also
I
want.
You
know.
I
want
my
access
token
to
be
able
to
read
all
the
rest's.
B
B
C
B
That's
a
really
good
question.
Look
at
this,
so
I
have
a
token
on
my
clang
credential
here
and
the
different
the
difference
would
be
so
this
is
my
access
token
right,
but
tell
difference.
Let's
see
here.
B
Thanks
for
asking
really
really
good
questions,
I
like
delicate
this
right,
so
this
is
my
access
token,
for
my
first
request
right
and
then
let
me
go
for.
B
B
B
So,
in
my
previous
token,
like
oh
I,
don't
know
who
you
are
and
you're
trying
to
send
an
email,
all
right,
denied
yeah,
now
ooh
good
directory
admin,
and
then
you
are
just
cell
yeah.
You
were
you,
are
you
were
a
global
admin
by
the
way,
so
yeah
you're
in
yeah
I
forgot
I
almost
forgot
to
mention
that
so
the
effective
permission
for
a
user
and
the
permission
that
you
assigned
to
the
service
principal
it's
always
what
takes
precedence
is,
you
know,
be
the
permission
for
that
user.
B
B
All
right,
so
that's
for
the
password
okay,
so
yeah
now
I
have
a
really
good
awesome.
I
have
an
awesome
access
token.
So,
oh
you
don't
want
my
wait.
All
the
users
in
our
active
direct
or
in
our
azure
ad
everyone's
enabled
for
multi-factor
authentication
right.
What
comes
into
play
now
is
authorization
code,
so.
B
Think
of
the
authors,
this
authorization
code
is
it's
more
of
like
a
four-legged
setup,
because
the
way
how
it
works
is
you
authenticate
and
then
you
authenticate
and
consent,
and
then
you
get
a
code
now
with
that
code,
you
sent
it
over
along
with
those
other
information,
vital
information,
you
send
it
over
to
the
access
token
request,
endpoint
and
then
from
there
you
got
a
token
all
right
and
then
you
got
a
token.
You
go
to
a
graph,
there's
four
steps
set
of
three
and
then
request.
B
B
B
That
I,
just
so
fine
and
so
now
I'm.
You
know
granting
consent
that
a
bead
right
all
the
grooves
except.
B
What
happened
there
was.
Let
me,
let
me
run
this
okay
on
that
opens
it
Internet
Explorer
just
pay
attention
to
the
URL.
Alright,
fine,
an
that
get
some
GTR.
All
look
at
this
I
got
a
coat
now
I'm
like
in
my
partial
script
capture
this
code.
Let
me
for
me,
let
me
put
this
in
a
notepad
all
right
and
all
right,
so
I
just
need
to
capture
this
portion
over
here
up
into
here
right
and
my
power,
so
scrub
good,
so
I
captured
it
from
here.
B
B
I
put
in
here
my
grandsire,
his
authorization
code,
lion,
ID
and
secret
that
my
school,
my
school
purrs
all
of
these
permissions
over
here
and
the
one
different
one
different
thing
about
this
is
you
need
to
specify
a
reader
like
your
eye,
so
specifying
every
direct.
Your
eye
is,
you
know
so,
like
earlier,
I
had
a
redirect
to
Google
and
then
same
things
that
you
into
it
like
all
day
hash-table
now
my
buddy,
all
right
and
I
just
need
quest
it
now.
A
A
So,
but
when
you're
trying
to
do
things,
it's
in
the
documentation
which
one
you're
gonna
need
for
this
action.
If
you're
trying
to
do
you
know,
like
you
said
sending
emails,
you
need
this
type
of
tokens,
so
grant
types,
and
if
you
just
you
know
K
accessing
it
to
you
know,
read
some
metadata,
then
you
need
this
type
of
token
and
then
in
this
case
the
authorization
token
there
needs
to
be
a
URL,
because
it's
trying
to
do
like
an
SSO
kind
of
thing
is
that
what
the
redirect
yeah
yeah.
B
Yep
yeah,
so
it's
a
first!
You
you
open
up
through
this
URL
and
I.
Just
have
Internet
Explorer
open
it.
Then
you
supply
it
with
your
tenant
ID.
Your
client
ID,
to
redirect
your
I
use
scope,
which
is
like
I,
said
the
permissions
that
you
would
need.
It's
like,
hey,
I
need
I
need
to.
B
It's
just
my
example:
my
redirect
your
eyes
Google,
so
it
have
to
be
there.
It
doesn't
have
to
be
it's
pretty
much
like
anything.
You
want
as
long
as
it
does
not
throw
spit
out
a
404
error:
okay,
floral
iron
or
a
lot
of
times.
People
just
do
localhost,
but
the
thing
is
yeah
and
then
prompt
right.
They
would
prompt
you
all
right.
So
all
right
cool,
you
know
I
think
I'm,
fine
with
this
now,
but
you
know
your
boss,
you,
like
your
boss,
tells
you
like.
B
B
Vasko
right
so
the
way
how
it
works
with
device
code.
Is
you
send
a
an
API
request
to
the
device
code
endpoint,
which
is
this
URL
over
here,
and
then
it
gives
you
the
reply
that
hey
go
to
Microsoft,
calm
or
slash
device
login
and
then
input
this
code
right
so
from
there?
B
You
can
pretty
much
go
to
like
any
browser,
your
phone
whatever
and
then
put
the
code
and
then
once
you
authenticate,
and
then
you
know
you
put
in
the
valid
code
that
you
got
from
from
your
script
or
from
the
from
the
response
it
authenticates
at
the
background
and
then
once
it
does,
that
it
gets
the
brad
count
it
just.
You
know
something
happens.
B
You
know
behind
the
curtains
and
change
the
status
of
that
device
code
and
then,
once
you
request
a
token,
if
everything's
good,
it
gives
you
an
access
token,
all
right,
so
I'm
not
sure
if
anyone
have
used
as
your
CLI,
it's
the
same
grant
side
they
use
right.
So
if
see
here
you
do
a
zeal
again.
Yeah.
A
B
B
B
A
Is
there
anything
I'm
unique
about
like
and
over?
The
other
word
is
all
about
information
early
in
the
day.
Is
it
something
kind
of
like
a
a
high-level,
hey,
I
think
these
kind
of
things
are
happening
here,
these
types
of
theft,
or
is
it
it's
the
same
kind
of
authentication?
It's
just
a
matter
of
using
the
doctor
figure
out,
which
one
you
mean
right.
B
B
A
B
Because,
like
right
now,
the
difference
is
just
like
how
we
are
acquiring
the
access
token.
B
So
you
know
so
after
I
send
the
there
my
initial
request
to
this
guy.
It
tells
me
that
hey
to
sign
in
pretty
much
the
same
thing
as
what
we
did,
an
AZ
log
in
Braz,
you
lug
in
CLI
and
sign
in
use
a
browser
Microsoft
and
let
input
this
guy
great
and
then
before
I.
Do
that,
let
me
let
me
try
to
request
okay,
let
me
try
to
request
without
having
to
authenticate.
First
all
right,
let
me
try
to
request
a
token.
B
B
A
Oh,
it's
really
in
this
example.
What
you
just
showed
was
that
hey
you
can
do
this
authentication
type
where
you
create
a
device
code
and
yellow
spectively,
it's
offline,
it's
some
other
through
some
other
command,
key
and
so
forth,
or
a
duration
of
that
this
code.
Is
that
that's
a
valid
code
that
you
can
you
then
use
in
the
script
right.
B
A
B
B
Then
let
me
use,
let
me
use
that
token
to
grab
all
my
a
licenses
that
works
all
right,
so,
okay
and
then
so
I
mentioned
earlier,
that
you
asked
stokin
you
actually
stokin
is
only
valid
for
an
R
right
and
then
alright.
What
I'm
gonna
do
now
what's
gonna
happen,
as
in
my
axis
reply,
ver
here,
I
get
a
afresh
token.
So
the
use
of
the
refreshed
and
refreshed
tokens
are
valid
for
a
very
long
period
of
time.
It
only
gets
invalid.
B
If
say,
you
know
the
user,
who
requested
that
Refresh
token
say
got
disabled,
you
know
changed
its
password
or
you
know
there
are
some
changes
into
that
account
right.
You
know
how
you
would
use
your
refresh
token
as
you
can
be
using
it
to
create
or
request
a
new
access
token.
So
then,
in
your
logic,
you
can
do
you
can
do
say
you
know
when
you're
passing
our
or
let's
say
you
know
if
you
get,
if
you
get
a
you
know
a
an
arrow
when
you
cook
after
passed
an
hour.
B
B
B
A
A
B
Yeah
yeah
a
400,
X,
4
xx
the
air
yeah,
because
you
know
your
access
token
is
no
longer
valid
when
your
you
could
just
like.
Do
our
traps
and,
like,
oh,
you
know,
4-xx
error
I'm
here
brush
token.
Give
me
a
new
refresh
token.
Give
me
a
new
access
token.
You
know
so,
and
this
is
how
you
do
it
you
just
this
I
just
added.
By
refresh
token,
the
new
body,
my
talking
request
and
then
sky.
B
Now
I
have
a
new
access
token
and
they
have
a
Newark
fresh
token
as
well
right,
because
in
my
request
over
here,
yeah
yeah
you
just
pretty
much
get
on
your
fresh
token
and
then
you
could
use
then
later
on.
You
had
I
had
a
really
interesting
conversation
about
this
with
one
of
the
Microsoft
guys
and
I
was
like
so
can
I
use.
You
know
my
access
token
for
forever
and
then
or
can
I
just
go
like.
Maybe
you
know,
invalidate
it
or
dump
it
every
ten
days
it
was
like.
B
Well
it's
up
to
you.
You
know,
as
long
as
like
your
user
account,
the
user
calendar
doesn't
expire
or
did
not
change
the
password,
and
you
should
be
good
all
right
and
then
you
know
same
access.
Token
I'll
grab
all
my
licenses.
B
Right,
oh,
wait,
examples!
Okay!
So
before
we
get
into
the
examples
all
you
know
how
you
can
interact
more
with
graph
AP
I,
what
I
mentioned
about
just
three
stuff
career
parameters,
her
parameters
just
say:
if
you
wanna,
you
know
just
filter
your
results
or
your
returns
say.
If
you
want
to
go
for
Holi,
you
grab
all
your
users
and
then
you
know,
if
you
have
ten
thousand
users
or
environment.
Well,
you
can
filter
them
is
through
query
parameters
say
you
just
want
to
go
for
everyone,
or
you
know
all
users.
B
So
you
know,
and
the
same
example,
if
say
you
request
for
all
the
users
environment
you
get
50,000
users
right
graph.
Api
doesn't
you
know
hand
them
over
to
you
and
just
like
one
result
of
a
curry
after
he
agreed
just
not
gonna
like
give
you
all
right,
because
it's
just
gonna
be
huge.
The
way
how
they
would
do
it
is.
B
You
know
they
send
you
your
first
batch
in
the
second
batch
and
a
third
batch
and
then
yeah,
and
what
I'm
gonna
demonstrate
that
in
bit,
batch
processing
is
say
you
want
to
send.
For
example,
you
want
to
go
for,
like
oh
I
went
out.
No
all
my
licenses
I
want
to
know
all
my
users
I
want
to
know
all
of
my
groups
right.
B
You
can't
it's
just
gonna,
be
so
time-consuming,
just
send
them
all
I
mean
send
them
like
one
at
a
time
right,
so
you
can
do
batch,
processing
or
and
like
hey,
I,
want
all
these
data
I
just
want.
You
know
response
from
you
guys
and
just
one
request
from
you
so
and
again:
I
pretty
much
escaped
and
pasted.
This
is
the
URL
it's
at
its
emotion
over
here.
B
So
I
have
a
working
example
here
to
send
a
message
to
the
team
right
so
but
every
ignore
first,
whatever
that's
in
my
screen
right
now
and
just
pay
attention
to
the
URL
over
here
I
mean
if
you
notice
the
URL
to
send
a
message
to
teams
is
the
base
URL
and
then
teams,
and
then
the
team,
ID
and
then
channel
and
then
shall
I
d8
and
then
messages.
So
how
do
I
know
my
team
ID
right
or
how
do
I
know?
What's
my
channel
ID
I
only
knows
explaining.
B
So
what
I'm
gonna
do
is
here,
I'm,
demonstrating
during
through
your
URL,
so
I
go
or
all
my
groups
right,
whose
display
name
as
equals
to
say
I'm
going
for
our
group
names
called
hiker,
heaven
hikers,
heaven
and
I'm
gonna
capture
the
ID.
So
yeah,
let's
go
ahead
and
do
that
all
right,
so
mighty
men
info
you
go
I
get
the
value
here.
B
C
B
B
Okay,
they
were
here
and
then
for
you
to
send
two
teams.
You
just
you
know.
Like
I
mentioned
earlier,
okay
hard.
What's
gonna,
be
you
know?
How
do
I
format
my
message
right
and
you
just
go
to
graph
API
the
the
documentation
and
it's
gonna
tell
you,
okay,
here's
how
you
would
you
know
format
your
body.
You
need
to
have
a
you
know
and
your
JSON
data
you
need
to
have
you
know
this
is
probably
a
name
and
then
your
value,
and
then
you
know
body
is
gonna,
be
the
content
of
your
body.
B
A
B
B
Yeah
yep
I
that
that's
what
we
good
question
I,
don't
know
what
the
exact
number
is,
but
I've
been
to
that
situation
and
I
just
add
a
wait
time
to
it.
Yeah.
B
So
yeah
for
the
paging
going
back
to
my
internet
explorer
over
here,
so
I
got
I
got
a
folder
in
my
Wan
drive
and
it's
got
about
you
know:
99
I
mean
I.
Yeah
I
got
999
items
over
here
then
arm
so
say.
For
example,
I
want
to
have
a
script
that
just
returns
all
those
files
and
then
I'm
gonna
show
you
what
happens.
B
B
All
right,
oh
that
so
because
I
have
a
ton
of
items
over
there,
it
presents
me,
you
know
a
property
in
my
result,
called
data
next
link
right
because
yeah
and
then
what
you're
going
to
do
is
same
process
with
with
your
header.
You
just
need
to
access
the
data
next
link
URL,
because
the
data
next
link
here
is
they
did
you
know
it's
it's
it's
a
URL.
So
and
then
what
happens?
C
So,
while
you're
working
to
do
that,
there's
a
couple
of
questions
that
popping
up
in
the
chat
that
some
of
them
have
been
answered,
but
just
to
get
it
running
the
same
page.
Some
people
are
worrying
about
I'm,
wondering
not
worrying
wondering
about
the
amount
access
requests
could
be
made
against
services
in
a
time
period,
and
it
looks
like
it
varies
per
service
like
that.
The
rates
of
requests
for
teams
is
different
than
the
rates
of
requests
or
individual
apps.
B
Yeah
yeah
I,
don't
play
I,
don't
have
the
number
unfortunately,
but
yeah,
but
I
could
I
could
get
back
to
you
regarding
that
is.
A
C
B
B
Yeah,
the
and
then
last
last
but
not
least,
example,
here,
it's
sending
my
sending
request
in
bulk
I
prevent
being
felled
in
my
body,
I
specify
I,
got
multiple
requests
and
I
specify
wooden
ID
and
then
my
method
than
the
URL.
You
don't
have
to
put
in
there
here
the
base
URL
an
ID
number
two
and
then
yet
then
groups
same
thing
and
then
I'll
be
used,
throw
it
over
to
Catherine
Microsoft,
calm
where's
this
batch,
and
then,
let's
see
what
happens
here.
B
B
Okay,
so
one
last
thing
on
the
partial
graph
SDK:
it's
currently
still
in
preview
and
I-
think
he
had
all
these
supports
the
device
login
grant
type.
So
you
don't
have
you
know
a
bit
of
a
flexibility
there,
but
you
know
it's
very
useful.
I've
used
it
a
couple
of
times.
If
you
don't
want
to
go
through
like
position
making
and
liquid
you
know
with
grants,
I've
can
use.
This
is
about
it's
about
3,200
commands
currently
and
yeah.
It's
it's
awesome
and.
A
C
Right
so,
first
of
all,
thank
you
for
the
presentation
seething
appreciate
that
very
much
so
a
couple
things.
So
there
are
some
questions
here,
we'll
open
up
the
mics.
If
anybody
want
to
chat
before
we
get
into
the
questions,
I
would
I
want
to
say.
We
saw
a
lot
of
deep
examples
of
different
ways
that
you
can
access
data
using
different
authentication
tokens.
C
So
where
do
you
think
is
a
good
place
for
someone
to
start
if
they've
never
played
with
this
stuff,
like
what
kind
of
methods
did
they
be
using
to
access
like
before
they
get
to
using
expiring
codes
and
the?
How
do
they
get
their
feet,
wet
with
the
basics,
so
they
can
start
to
get
the
stuff
that
you
were
doing.
B
So
when
I
started
thing
I
just
went
to,
you
know
the
graph,
the
overview
graph
and
just
kinda
like
poke
around
all
the
documentation
there
and
then
well.
This
might
be
like
an
opinionated
answer
and
and
it's
subjective
but
they're
the
documentation,
czar
little
developer,
centric
but
they're.
Pretty
really.
B
You
know
they're
pretty
good
in
terms
of
like
you
know,
putting
a
lot
of
details
in
a
documentation
right,
that's
a
really
good
way
to
start,
and
then
there
is
a
blog
as
well
like
a
blog
site
that
just
it's
a
Microsoft
blog
side
that
just
it's
just
filled
with
a
ton
of
you
know
my
examples
or
graph.
That's
that's
a
good
start
and
then
for
motivation.
B
You
know
with
it
with
the
numbers
that
I
showed
to
you.
Yeah
I
feel
like
it's
just
a
really
huge
plus
to
like
no
graph,
because,
like
I
said
the
examples
that
I
showed
earlier.
Those
were
like
super
basic
and
that's
just
to
like
you
know,
demonstrate
to
you
right,
but
what
you
really
can
do
it?
It's
just
analyst.
It's
there's
a
ton
amount
of
information
out
there
on
the
could
automate
rig
graph.
C
B
B
C
So
so
that
that
that
is,
that's
really
the
big
thing.
You're
gonna
have
to
generate
those
secrets.
Certificates
be
part
of
an
automated
process.
You
can
request
certificates
on
the
fly.
You
can
use
that
certificate
for
some
hardened
dedication.
You
have
secrets,
you're
gonna
have
to
go
and
generate
those
and
they
can
vary
based
on
oh
yeah,
good,
the
secrets,
yeah.
A
So
I
had
another
one
too
12
going
all
the
way
that
was
very
very
beginning
when
you're
using
your
own
personal
subscription.
Of
course,
you'll
have
no
trouble
making
an
application
registration,
but
a
normal
user
can't
do
that.
It
will
take
and
not
a
global
admin,
but
at
least
somebody's
got
application
administrator
on
the
tenant
in
azure
active
directory
to
be
able
to
create
the
app
registration.
So
anybody
that's
looking
to
do
this
in
their
production
environment
or
if
you
have
a
test
environment
from
work.
A
You're
gonna
have
to
go
up
to
probably
identity
administrators
right
and
get
them
to
liberate
the
app
registration
for
you
is
I,
don't
I'm,
not
sure
if
that
was
conveyed,
we're
not
in
the
beginning
of
so
anyway.
I
was
asking,
if
you
could
do
it
with
Microsoft
teams,
free
version.
If
you
could
hook
that
up
with
a
Q
free
Azure
portal
subscription
to
get
away
of
testing
with
the
graph
API
you
could.
But
you
again
it
all
has
to
tie
back
to
an
a
as
your
Active
Directory
tenant
right.
A
A
B
Those
are
really
good
responses.
Ohm
I
was
always
gonna.
Ask
as
well.
I
was
gonna,
add
as
well
that
you
know
in
some
ms
peas
or
like,
depending
on
the
route
partnership
with
Microsoft,
you
get
you
get,
you
get
a
free
test,
tenant
and
then
I
think
Microsoft
gives
you
like
just
like
an
amount
allocation
for
a
year.
B
A
B
A
Yep
Thanks
yourself:
this
was
pretty
cool,
any
other
questions
information
there
and
you
know
so,
do
you
have
any
any
links
that
we
want
to
share
or
things
those
like
that
absolutely
want
to
maybe
reference
back
to
the
overview,
doc
that
you
showed
originally
I.
Don't
know
if
that
was
posted
in
the
links
or
something
but
I
want
to
gently.