none
Office 365 API without AD RRS feed

  • Question

  • Hi,

    Few years ago I created a test project which will retrieve documents created in office 365 using graph API. The following setup was done before I started coding,

    1. Subscribe for 1 year free account https://developer.microsoft.com/en-us/office

    2. Then I logged in to https://www.office.com

    3. Create users.

    4. Using the same credentials, I logged in to azure.com

    5. Configured active directory by adding the application (0365App) in C#.

    6. Using the graph API, I managed to get documents using the graph api.

    public async Task<string> GetFiles(string userID)
            {
                List<MyFiles> myFiles = new List<MyFiles>();
                string extension = "";
    
                try
                {
                    string accessToken = this.GetAccessToken();
                    
                    GraphServiceClient graphServiceClient = new GraphServiceClient((IAuthenticationProvider)new DelegateAuthenticationProvider((AuthenticateRequestAsyncDelegate)(requestMessage =>
                    {
                        requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", accessToken);
                        return (Task)Task.FromResult<int>(0);
                    })), (IHttpProvider)null);
    
                    foreach (DriveItem driveItem in (IEnumerable<DriveItem>)await graphServiceClient.Users[userID].Drive.Root.Children.Request().GetAsync())
                    {
                        if (driveItem.Name.EndsWith(".docx") || driveItem.Name.EndsWith(".doc"))
                            extension = "doc";
                        else if (driveItem.Name.EndsWith(".xlsx") || driveItem.Name.EndsWith(".xls"))
                            extension = "xls";
                        else if (driveItem.Name.EndsWith(".pptx") || driveItem.Name.EndsWith(".ppt"))
                            extension = "ppt";
                        myFiles.Add(new MyFiles()
                        {
                            Name = driveItem.Name,
                            WebURI = driveItem.WebUrl + "?web=1",
                            ID = driveItem.WebUrl + "?web=1",
                            Extension = extension,
                            CreatedDate = driveItem.CreatedDateTime.Value.ToString("dd-MMM-yyyy")
                        });
                    }
                }

    The code works well without any issues, Now my problem is,

    1. Whenever I create an account for an user for Office 365, There will be an user created in azure AD. By doing this, that user will be able to access the AD and even delete users, application etc.. Is there a way to handle this like, I have a Office 365 account and I add users, but those users should not have access to view AD users and application?

    2. Is there a way to create o365 users without creating a AD account for them?

    Nashaq.

    Wednesday, February 13, 2019 6:19 AM

Answers

  • For #1, goto users -> User settings in Azure Portal.

    Set the "Administration portal" to Yes.

    After that, the normal user will be get a message of lack of permission when access Azure AD.


    Justin Liu Office Apps & Services MVP, MCSE
    Senior Software Engineer
    Please Vote and Mark as Answer if it helps you.

    • Marked as answer by Nashaq Wednesday, February 13, 2019 7:11 AM
    Wednesday, February 13, 2019 7:02 AM

All replies

  • Hi

    Per my knowledge, every office 365 tenant has its corresponding Azure AD. So #2 is impossible.

    Go to your Office 365 admin center and go to Azure AD directory.

    For #1, I will take a test and reply later.


    Justin Liu Office Apps & Services MVP, MCSE
    Senior Software Engineer
    Please Vote and Mark as Answer if it helps you.

    Wednesday, February 13, 2019 6:54 AM
  • Hi Justin,

    Thank you for clarifying. Will wait for your reply on #1.

    Nashaq.


    • Edited by Nashaq Wednesday, February 13, 2019 7:06 AM
    Wednesday, February 13, 2019 6:58 AM
  • For #1, goto users -> User settings in Azure Portal.

    Set the "Administration portal" to Yes.

    After that, the normal user will be get a message of lack of permission when access Azure AD.


    Justin Liu Office Apps & Services MVP, MCSE
    Senior Software Engineer
    Please Vote and Mark as Answer if it helps you.

    • Marked as answer by Nashaq Wednesday, February 13, 2019 7:11 AM
    Wednesday, February 13, 2019 7:02 AM
  • Thank you Justin.

    Nashaq.

    Wednesday, February 13, 2019 7:11 AM