Are you a .NET developer who is stuck in great confusion when it comes to choosing Azure Active Directory or Microsoft Graph?
We all have look at those multiple posts on which you can choose for better web development. In this article, we will be providing some guidance along with a bit of roadmap to clarify things for all of the existing and new developers who want to access directory-based features. Let us begin.
What makes a Difference?
We will begin by looking at some of the different functionalities which makes both of them unique at their own pace. Both of them are defined as two Application Programming Interface (API) with different functionalities.
Microsoft Graph is mostly supporting all of the Azure AD Graph features. It also supports some additional feature like $select projection queries which is not implemented in Azure AD Graph.
Indeed, Microsoft is working harder to close the feature gap between the Microsoft Graph and Azure AD Graph hence making it easier for the developers to use any of them. In present times, all the new applications or integrating an existing app with the cloud is implemented using the Microsoft Graph. The applications which are already running on Azure Active Directory Graph does not get affected as it remains fully functional for these applications.
Make sure that Azure AD Graph client library is only made available for .NET applications while Microsoft Graph client libraries are supporting multiple platforms and languages by giving more choices to use directory data in your application.
What is a Microsoft Graph?
Microsoft Graph is an Application Programming Interface that provides a programming model in order to connect Office 365, Azure Active Directory, Enterprise security services and Windows 10. The API is used to build applications for the users to make them interact with the millions of data to access resources with just a single endpoint. Being a RESTful web API, you can also enjoy the cloud services. All you need to do is register your application with Azure AD and then request Microsoft Graph API for accessing authentication tokens for the user.
This API uses relationships to connect the resources under its services. For instance – By using the manager relationship, you can connect a member from a relationship to the user or the group. With the help of Microsoft Graph, you can also get some important insights. For instance – you can access all the files that are trending around a user.
Components for Microsoft Graph API request
To make a request in Microsoft Graph, you need to use HTTP methods. You simply do not require to get any request body for the GET and DELETE methods. But, you require the request body for PATCH, PUT and POST methods that will return in JSON format which contains some extra information on values and properties.
|GET||Get data from the resource|
|POST||Create a new resource|
|PATCH||Modify resource with the latest values|
|PUT||Replace resource with a new one|
|DELETE||Delete a resource|
Quick Features of Microsoft Graph
To add value to your application and build some friendly user context experiences, you can use the Microsoft Graph.
- Simplify the user onboarding by automation tasks which include assigning a role to users, provide permissions to documents, and assign product licenses, change users role and much more.
- Retrieve your Excel workbook data to build some powerful workflow in order to integrate data collection with cloud services like SharePoint.
- It allows searching meeting times by providing profile information for one or more attendees.
- You also get recommendations on meeting times by scanning your calendar that contains attendees and their preferred timeslots.
- It supports file format conversion to PDF whereas other file types like Excel, Word, PowerPoint, CSV, and RTF can also be converted.
- Allows you to manage employee profile with the help of Azure directory up-to-date and you can also modify user profile information which is stored in SharePoint via API.
- Receive notifications if any changes occur in your calendar if you spend too much time in meetings based on the relevancy of your attendees.
- Sync and Sort your personal data from the mobile phone.
|Get my profile||https://graph.microsoft.com/v1.0/me|
|Get my photo||https://graph.microsoft.com/v1.0/me/photo/$value|
|Get my files||https://graph.microsoft.com/v1.0/me/drive/root/children|
|Get my email||https://graph.microsoft.com/v1.0/me/messages|
|Get my calendar events||ttps://graph.microsoft.com/v1.0/me/events
|Get my manager||https://graph.microsoft.com/v1.0/me/manager|
Azure Active Directory Graph API
This Application Programming Interface is enabled to access the objects of Azure AD by making use of REST API endpoint. Moreover, you can also use Azure AD API to perform CRUD operations and also supports some common operations on the Azure AD data and objects by creating a new user in Azure AD and get the properties of a user such as where does the group user belong to along with their email address, location, updated details, phone number and account status.
Quick Features of Azure AD Graph
You must register your mobile application with the Azure AD to get consent for your app before calling out the Azure AD Graph API on a directory.
- The API is comprising of RESTful APIs which can be accessed with the help of HTTP requests and also supports XML and JSON formats.
- The API request appends a JSON Web Token (JWT) in its authentication header by acquiring the token to request for Azure AD’s token endpoint.
- Makes use of security groups to perform Role-Based Authorization. For instance – You can call Check Group Membership Boolean Operation in your app in order to check the user’s access to the specific resource.
- Differential query tracks the changes in a directory between two durations without any need of an independent query to API which will return modifications that are made between the previous and active requests.
- You can make use of custom properties with Azure directory objects to access properties from the external data source like Skype.
- The API lets you use permission scopes to enable secure access to directory data by using OAuth 2.0 that supports two types of permissions.
- Users get the delegated access to data through authorization from the signed-in user whereas role-based access control is defined by the application without authorization from the signed-in user.
What’s the Difference between Azure AD and Microsoft Graph?
We already know that Microsoft Graph API supports all the features but Azure AD Graph API supports less than the other. Let us see them both.
|Feature||Azure AD Graph capability||Microsoft Graph capability|
|Delta Sync||Differential query/delta sync available for users and groups||• General Availability with Delta query
• Organizational contacts delta sync is not supported.
• Sync from now is still not supported
|Organizational Contact Resource Type||Supported||In the preview stage|
|Applications Management||Applications management such as|
• Application and service principal entity types
• Assigning applications to users and groups
• Assigning OAuth permissions to applications
|Available in preview|
|Partner Admin support||Yes||General Availability|
|Domain resource type||Yes||General Availability|
|Contracts resource type||Yes||General Availability|
|Directory schema extension definition registration||Supported||General availability.
Supports extending resources with application data.
Does not support application or service principal resource type
|Batching||Yes||Available in preview|
|Properties||Properties are missing on user|
Resources such as sipProxyAddress,
otherEmails still not supported, but planned for future
|Get Object||GetObjectsByObjectsIds method||General availability. getByIds method|
|Check Membership||IsMemberOf method||Unplanned. Need to use the checkMemberGroups method|
|Users Management||Users management in B2C tenant||Coming soon in preview|
Microsoft is recommending to use Microsoft Graph in place of the Azure Active Directory Graph API in order to access Azure AD’s resources. The overall Microsoft development is focused on Microsoft Graph as there is no further extension planned for Azure AD Graph API for the future purpose. Keep Learning!