Configure Graph API in Microsoft Azure
The Graph API application in Microsoft Azure is used for gathering directory information (list of users, company, and subscription SKU info) and usage reports.
To gather information via Graph API, the following information needs to be provided from Microsoft Azure:
Directory (tenant) ID
The ID of the Microsoft Azure Active Directory to retrieve information from.
Application (client) ID
The ID of the application that will connect to Microsoft Azure Active Directory, which in this case the integration connector.
Application (client) secret
The key that will be used as the secret in the connection to Microsoft Azure.
Create Azure Active Directory application
Login to Microsoft Azure portal.
In the main menu, select Azure Active Directory and then select App registrations.
To create a new application, select New registration.
Enter the following information:
Enter Name of the application.
Set Supported account types to Accounts in this organizational directory only.
Set Redirect URI to Web and in the URI box enter http://localhost.
To save the new application, select Register.
Add API access to Graph API and grant permissions
To add API access to Graph API and to give the Graph API application permissions to read reports for all users in the Active Directory and access directory data (list of users, company, and subscription SKU info):
In the Microsoft Azure portal and the main menu, select Azure Active Directory, then select App registrations.
Select All apps.
Find and select the application you created in Create Azure Active Directory application.
Select API Permissions.
In the API Permissions view, select Add a permission.
In the Request API permissions section, select Microsoft Graph.
Configure Delegated permissions:
Select Delegated permissions.
Select offline_access in the list of permissions.
Clear the User > User.Read permission, if it is selected.
Configure Application permissions:
Select Application permissions.
Do one of the following:
Select Directory > Directory.Read.All in the list of permissions.
Select Organization > Organization.Read.All in the list of permissions and select User > User.Read.All in the list of permissions.
If you want to collect last activity data for Microsoft 365 users, select Report.Read.All > Reports in the list of permissions. This step is only required if Include last activity checkbox is selected.
Select Add permissions.
Select Grant admin consent for [your company name].
Note
This step must be done by an admin user.
An example of the API permissions view after admin consent is granted.
Locate Directory (tenant) ID
In the Microsoft Azure portal, navigate to the application you created.
Copy the value of the Directory (tenant) ID.
Use it as the Directory Id when configuring the integration connector.
Locate Application (client) ID
In the Microsoft Azure portal, navigate to the application you created.
Copy the value of the Application (client) ID.
Use it as the Application id when configuring the integration connector.
Locate and create Application (client) secret
In the Microsoft Azure portal, navigate to the application you created.
Select Certificates & secrets.
Create a new client secret using the following information:
Select New client secret.
In the side panel that appears, set Description to sim_secret_key.
Set Expires to 24 months.
Note
The new client secret needs to be regenerated after the set expiration time. This also means that the connector needs to be re-configured.
Select Add.
The client secret you create appears on the page.
Note
Before you leave this screen, copy the content in the Value field under Client secrets.
Use the client secret value as the Application secret when configuring the integration connector.
After completing this task, follow the general procedure to Configure the connector.
The connector makes API calls to the vendor to retrieve data.