Idea ID: 2871414

Azure - Microsoft Graph API

Status: New Idea

Since Microsoft Graph API is developed further and more thinga are added I would like to know whar possibillities the driver have.

Microsoft doocumentation is pretty good on what api could be used and how. Micrifocus documentation does not have this correlation though.

Therae are a few things I would like to be able to do though the driver nad MS Graph api:

Creation of teams from template.

Clone team from another team.

Create MS365 group.

Add expiration policy.

And probably more things.

Right now we have to use powershell for this.

It would be nice to be able to do these things from Graph but also to be able to look up in the driver documentation what can be done and through Graph so I know when I need to use Powershell.

Even better would be of the REST interface was opend up so we could use that and do our own calls to the API.

Right now the driver is a bit of a black box and What we do is send things to the shim. The shim translates it but we dont always know what goes through graph and what goes through powershell. This distiction will be more important when there are diffrent rights set on the service acoount and the regitered application.

The service account is used for powershell while the regitered app is used for Graph.

  • OData is just JSON it can easily be processed in ECMAScript after doing a JSON.parse(response_value).

    BTW: Lets keep this thread focused on the enhancement to the AzureAD driver and open a new thread in discussions for evaluating solutions using the REST driver.

    Norbert

  • just to mention more,  we are doing powershell only for "Exchange online" tasks, all other stuff is moved to Microsoft Graph API,  and also you can poll for the changelog in the Microsoft Graph

    learn.microsoft.com/.../delta-query-overview

  •     we were ported on Microsoft Graph before NetIQ had anything to offer for Microsoft graph many years back (since they were doing AzureAD Graph) we are stilling running that old shim (i dont know if its ported or not )

    for powershell, we removed all on-premise big fat windows servers and we replaced that with   Azure function app (that run powershell)  and runs in the Azure,  and from NetIQ we wrote a NetiQ REST driver that connects to Azure Funciton App with Oauth 2.0,  means not only NetIQ can use the powershell from Azure funcitn but any other clinets cna use the same function we have built and can share with others.

    We are using pulumi IaaC to automate azure fucntion app deployment and its scripts,  and also we write a NetIQ driver that update the GitHub Enterprise repo everytime we do update our policy or drivers, this way we can track our performance of our team live and also can whole organizaiton see who is doing what form IAM team 

  • True. And this is how we have done it.

    But the standard Azure driver have two really good functions.

    1. It has powershell functionality built in so we don't need a separate driver for that.

    2. It is good at polling Azure so we get all updates from Azure and can react on those.

  • This is the path I have also taken. I have modified the Azure JSON to the "supported format" and then used the NetIQ parser to get the XDS. I also built an ECMA functions where it made sense.

    Now, in my spare time, I am working on an ECMA parser for oData. If I will endup with something that works well, I will try to open source the code.

    For 2) - can you share me the link?