Skip to main content

API calls for Microsoft Azure Active Directory

The Microsoft Azure Active Directory connector makes API calls to Microsoft Graph API to retrieve data.

Authentication token

The call uses the POST operation to retrieve an auth token used in other Graph API calls.

URI:https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token

See Microsoft Graph docs for more information.

Users

The call uses the GET operation to retrieve information about Azure AD users. The call differs depending on how the Domains field is populated when adding the connector.

URI when populated with *: https://graph.microsoft.com/v1.0/users?$select={userColumns}&$top={maxUsers}

URI when populated with domains: https://graph.microsoft.com/v1.0/users?$select={userColumns}&$top={maxUsers}&$count=true&ConsistencyLevel=eventual&$filter=endswith(mail,'@{domain1}') OR endswith(mail,'@{domain2}') ... for all domains added

See Microsoft Graph docs for more information.

Groups

The call uses the GET operation to retrieve information about Azure AD groups.

URI:https://graph.microsoft.com/v1.0/groups

See Microsoft Graph docs for more information.

Group membership

The call uses the GET operation to retrieve information about groups of which the user is a direct member.

URI:https://graph.microsoft.com/v1.0/users/{userId}/memberOf/microsoft.graph.group

See Microsoft Graph docs for more information.

User credential registration details

The call uses the GET operation to retrieve credentialUserRegistrationDetails report. This report is only fetched if Collect user credential details report is selected when adding the connector.

URI:https://graph.microsoft.com/beta/reports/credentialUserRegistrationDetails

See Microsoft Graph docs for more information.