Table of contents
Accessing the Graph API
Quick explanation: To access graph api endpoints you will need permissions. Some endpoints are available to you by default, some only with special permissions that you have to grant access for. Delegated permissions always run in the user context. If you don’t have access administratively to that endpoint you are trying to use, the request will fail. Application permissions grant access to certain endpoint independent of the user context. Even if you don’t have administrative access,to lets say Microsoft Purview, sending request to the service using application permissions will work fine.
Always work with least privileged access! If it works with delegated permissions, thats amazing. Only give out applications permissions if necessary or when the access is read only.
Graph Explorer
A web based tool (like Postman) but specifically made for the Graph API.
https://developer.microsoft.com/en-us/graph/graph-explorer
You can work with sample data, I recommend signing in with your work account. With that being said, your IT might restrict signing into Graph Explorer, which is fine.
You will start with default delegated permissions. Once you come to a point where default permissions are not enough, the explorer will tell you. You can then request more permissions. Depending on the request permissions, you will need an approval from an IT administrator for Microsoft 365.
Postman
You will need to create an app registration to use this method. You can use delegated or application permissions. For delegated permissions you will need to add a few extra steps in Postman.
More coming some day.
Power Automate
You can use the HTTP action (requires premium subscription) or third-party HTTP actions like the one from Encodian (requires a subscription with Encodian) to send requests to the Graph API. The Third-Party Encodian action will be the cheaper option, with the same functionality.
You will need to create an app registration to use this method. You can use delegated or application permissions. For delegated permissions you will need to add a few extra steps in your Flow.
More coming some day.
Sample requests
List Microsoft 365 groups
Method: GET
//Shows all Microsoft 365 groups up to 999 at a time. If you have more than 99 groups you will have the option to navigate multiple pages
URI: https://graph.microsoft.com/v1.0/groups?$filter=groupTypes/any(c:c+eq+'Unified')&$top=999
//include the sensitivity label information by using the assignedLabels property
URI: https://graph.microsoft.com/v1.0/groups?$select=displayName,assignedLabels,groupTypes&$filter=groupTypes/any(c:c+eq+'Unified')&$top=999Search for old files in Microsoft 365
This will look for all documents (OneDrive or SharePoint) that were modified before 1st of January 2025 by the user with the name Alex Wilber. Make sure to change the name (Alex Wilber) in the queryString to your name. Adjust the LastModifiedTime to your needs.
https://learn.microsoft.com/en-us/graph/search-concept-files#example-6-specify-select-properties
Method: POST
Endpoint: https://graph.microsoft.com/v1.0/search/query
Body:
{
"requests": [
{
"entityTypes": [
"driveItem"
],
"query": {
"queryString": "LastModifiedTime<2025-01-01 AND EditorOWSUSER:Alex Wilber AND contenttype:document"
},
"fields": [
"title",
"path",
"LastModifiedTime",
"Editor"
],
"sortProperties": [
{
"name": "LastModifiedTime",
"isDescending": false
}
],"size":500
}
]
}❤️ Thanks for reading.