Using Microsoft Graph Explorer

I’m back with part three in my series on Microsoft Graph – this week I’ll show you how to get started with Graph Explorer…

First, what is Graph Explorer?

Microsoft Graph Explorer is a tool that allows you to interact with the Graph APIs such as Intune and Security, but also provides a base for learning to develop applications and scripts using the Graph API.  

Using Graph Explorer allows you to: –

  • Access/modify data from Intune, Office 365, Sharepoint, OneDrive, Teams etc
  • Navigate between different Office 365 or Intune entities and see the relationships between them
  • Get intelligence and insights from the Microsoft cloud

Developers can use Graph Explorer to test how Graph APIs work, to see what data can be accessed, what data is retrieved from a particular command and test how the POST, PATCH, GET and DELETE calls work (more on this later).

The Graph Explorer dashboard is shown in the following diagram:

Using some of the sample queries within the menu on the left-hand side, we can access information about users as follows: –

In order to quickly access information within Explorer, we can use the Service Endpoint URL to look for the relevant area of information. For example, if I use the first part of the default URL https://graph.microsoft.com/v1.0/me/ the available options will then present themselves as follows.

Any of these options can be selected to obtain the information that is required about the user.

The first screenshot shows the profile of the user who is signed in:

The second screenshot display information about email messages, calendar entries and Microsoft Teams chat (if integrated with Outlook):

The last screenshot displays information from Microsoft Intune regarding the Device Configuration profile that has been configured. Note that the output shows the status of each setting within the configuration profile. In this case, it is an iOS profile. This type of output could be used to migrate settings to another Azure tenant or to modify the policy settings using Graph API

Accessing Intune Graph API using Powershell

An alternative method of accessing the Intune Graph API (or any other element of the Graph API), is by using Powershell.

Using Powershell can help to develop scripts that can be used by an application to retrieve and manipulate data automatically.

To connect to the Microsoft Graph via Powershell : –

  • Open Powershell as Administrator
  • Type Install-Module AzureAD
  • Type Install-Module Microsoft.Graph.Intune
  • Type Connect-MSGraph
  • You will be presented with a login screen. Sign in with your Office 365 account or an account that has elevated privileges if required. Once connected, you will be presented with a confirmation output.
  • From here we can access any information within Microsoft 365 that we have permission to view. We can run scripts to access/modify/process information including the scenario of backing up an Intune configuration.
  • For starters, type Get-IntuneDeviceCompliancePolicy. Note – you will need to have the relevant access in Intune to be able to view these policies. This could be set up in a demo lab using http://microsoft.com if access is not available. This command will retrieve all Compliance Policies that have been configured in Intune.
  • The output will be similar to what was viewed in the Graph Explorer. We can use this information to back up the settings so that we can export to another tenant.

So there you have it, hopefully these tutorials have been useful to you and you can start working with Microsoft Graph – if you miss the first two blogs, check out part one and part two.

If you have any questions, feel free to reach out at info@poweronplatforms.com and the team will pass any questions along to me. You can also tweet us @PowerON_UK if you prefer!

Stephen Barnard

Stephen Barnard

More about this author

Related resources

What Makes a Secure PKI Solution? Part 2

Apart from obvious server security aspects such as patching, with PKI solutions there are also considerations relating to cryptography and even physical access. These are rarely documented as a consolidated list, so we decided to try and lay out what we look for and why in a PKI solution.

What Makes a Secure PKI Solution? Part 1

Apart from obvious server security aspects such as patching, with PKI solutions there are also considerations relating to cryptography and even physical access. These are rarely documented as a consolidated list, so we decided to try and lay out what we look for and why in a PKI solution.

Managing Inconsistent AOVPN Disconnects

Struggling with AOVPN disconnects? We now potentially have a mechanism to regulate this known behaviour from the AOVPN server when using the IKEv2 protocol for VPN tunnels.