Categories

How to set up custom actions using the Microsoft Graph API


CoreView now supports custom actions through the use of the Graph API.  We have now integrated the Graph API PowerShell SDK into the CoreView platform, allowing customers to create custom scripts that can be executed as management actions or as part of workflows.   


For those not familiar with the Graph API, Microsoft has provided an excellent resource mapping commands in the MSOnline and Azure AD cmdlets to Graph cmdlets: Find Azure AD and MSOnline cmdlets in Microsoft Graph PowerShell.  


In each script, you have to invoke the "Refresh-CVGraphToken" function as the first line. 


EXAMPLE for CREATE SECURITY GROUP: 


Original:  

New-MsolGroup -DisplayName 'Test Group' 


 With Graph API:

Refresh-CVGraphToken 

New-MgGroup -DisplayName 'Test Group' -MailEnabled:$False  -MailNickName 'testgroup' -SecurityEnabled 

Configuration 

Before submitting your first custom action against the Graph API, please contact support to enable this module for your tenant. It is not enabled by default.   


Once support has this enabled, navigate to My Organization > Graph Management Configuration and enter the client ID and client secret for your account.   


Getting a Client ID and Client Secret

If you do not already have a client ID and client secret, you can use the script attached below to generate those items. 


1. Run a command as administrator

2. Type PowerShell 

3. Make sure that you have installed the module AzureAD, otherwise run the following:

Install-Module -Name AzureAD -RequiredVersion 2.0.2.137 -Confirm:$false -Scope AllUsers -Force

4. Retrieve the data as below using the location of the folder were it was copied:

C:RegisterAzureAdApp.ps1

5. Call the function as below: 

Register-AzureadApp -Name "here the name" -permissions " User.ReadWrite.All", "Directory.ReadWrite.All",  "Groups.ReadWrite.All"

6. By deafult, the expiration date of the Client Secret is one year from the moment the script is executed. We suggest to add the parameter to extend the expiration date 

-ExpiresClientSecret "12/31/2023"


The script will give you as output the Client ID, the Client Secret and an url that you need to use to provide the consent on Azure AD.

Copy and paste the URL in a web browser and provide the consent using an user with global admin rights.

 


Note regarding Azure AD and MSOnline cmdlets: 

Microsoft has announced an end-of-life date for Azure AD and MSOnline cmdlets for the end of 2022.  You will need to replace any custom actions you have against these cmdlets.  Please ensure they are not being used in any workflows to prevent any disruption to your automated processes.