Graph API – Azure AD


Copyright ©

Mindbreeze GmbH, A-4020 Linz, 2018.

All rights reserved. All hardware and software names are brand names and/or trademarks of their respective manufacturers.

These documents are strictly confidential. The submission and presentation of these documents does not confer any rights to our software, our services and service outcomes or other protected rights. The dissemination, publication or reproduction hereof is prohibited.

For ease of readability, gender differentiation has been waived. Corresponding terms and definitions apply within the meaning and intent of the equal treatment principle for both sexes.

IntroductionPermanent link for this heading

This document describes how to configure Microsoft Azure in order to access groups and users of Azure Active Directories (for example, Microsoft SharePoint Online without active AD Connect) using the Graph API.

ConfigurationPermanent link for this heading

Navigate to your Microsoft Azure installation ( and select "Azure Active Directory" from the navigation pane on the left-hand side. Then select "App Registrations" and add a new app by clicking on "Register a new application".

Enter a name for the app, select "Web-App/API" as the application type, and enter a sign-on URL.

After you have created your app, select it from the list. The summary shows the application ID that is required when using the Graph API.

Now select "Required permissions" in the "Settings" and then "Windows Azure Active Directory", which will pop up as a suggestion.

Under both "Application permissions" and "Delegated permissions", enable "Read directory data" and click "Save".

Select "+Add" in the "Required permissions" section.

Select "Microsoft Graph" from the list of APIs and click the "Select" button at the bottom.

Next, enable the "Read directory data" option for the application and delegated permissions, and confirm your selection by clicking on the "Select" button and then on the "Done" button.

Click on "Grant permissions" and confirm with "Yes".

Now select "Key" in the settings and assign a description as well as a time when the key should expire. When you confirm with "Save", the value of the key is displayed. Make a note of this value! You cannot access it later!

With this key, the application ID, and some additional information, you can use the Graph API to connect to your Azure Active Directory. For more information, please refer to the documentation for the Graph API at