API calls for Microsoft Azure Active Directory
The Microsoft Azure Active Directory connector makes API calls to Microsoft Graph API to retrieve data.
Authentication token
The call uses the POST operation to retrieve an auth token used in other Graph API calls.
URI:https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token
See Microsoft Graph docs for more information.
Users
The call uses the GET operation to retrieve information about Azure AD users. The call differs depending on how the Domains field is populated when adding the connector.
URI when populated with *
: https://graph.microsoft.com/v1.0/users?$select={userColumns}&$top={maxUsers}
URI when populated with domains: https://graph.microsoft.com/v1.0/users?$select={userColumns}&$top={maxUsers}&$count=true&ConsistencyLevel=eventual&$filter=endswith(mail,'@{domain1}') OR endswith(mail,'@{domain2}') ...
for all domains added
See Microsoft Graph docs for more information.
Groups
The call uses the GET operation to retrieve information about Azure AD groups.
URI:https://graph.microsoft.com/v1.0/groups
See Microsoft Graph docs for more information.
Group membership
The call uses the GET operation to retrieve information about groups of which the user is a direct member.
URI:https://graph.microsoft.com/v1.0/users/{userId}/memberOf/microsoft.graph.group
See Microsoft Graph docs for more information.
User credential registration details
The call uses the GET operation to retrieve credentialUserRegistrationDetails report. This report is only fetched if Collect user credential details report is selected when adding the connector.
URI:https://graph.microsoft.com/beta/reports/credentialUserRegistrationDetails
See Microsoft Graph docs for more information.