Showing posts with label AzureAD. Show all posts
Showing posts with label AzureAD. Show all posts

Sunday 23 August 2020

Power Automate: Sending Emails without User Context

This article helps us to understand the way to send emails without the user context. This could be applicable for applications, where consumers/users are non-licensed.  

This could be achieved with the help of few set of actions on Power Automate flow. Here Microsoft graph end points are used to send emails on power automate, based on application permissions. The app permission needs to be enabled on Azure AD app. 

Let us only look at the power automate configuration, instead of end-end business scenario. The following snapshot shows the actions. 

Power Automate Flow : To send emails without user context
Read more »
By at
Labels: , , ,

Saturday 18 April 2020

Configure Azure AD end-user Authentication and Office 365 data access on Azure Health BOT Service via Graph API

Microsoft Health BOT Service is hosted on Azure, and is easily configurable solution that might meet multiple health-related BOT scenarios.

The scenario considered here in this article, helps us to understand how to enable end-user authentication on BOT Service to read Office 365 relevant data. For this POC, Azure AD authentication is considered. Azure AD authentication is best, only when the BOT service provider/organization manages their users entirely on Azure AD. If not the identity and authentication to be changed accordingly.

So in this article, let us understand how to enable end-user authentication on Azure Health BOT service using Azure AD, and read user profile information using Microsoft Graph API.


Enable Azure AD Authentication Flow using Azure AD App configuration


Create an application on Azure AD, and configure the following.
  • Set the required API permissions. In my case, only User.Read under Microsoft Graph delegated type.
  • Set oauth2AllowImplicitFlow to true, under Manifest section or platform configuration section.
  • Under platform configurations, configure the redirect URI (https://bot-api-eu.healthbot.microsoft.com/bot/redirect/oauth2) for health BOT service authentication. 
  • Generate the secret key from certificates & secrets. (Dem81hW@h:Ia07Os/kQEzk-Cr48_SuLm)

Copy the client ID and client secret from this app, to be used in the next sections on Azure Health BOT service configurations.


Configure Azure AD Authentication on Health BOT service


From the health BOT service (https://eu.healthbot.microsoft.com/account/<account-id>), navigate to integration -> authentication.

Authorization URL: https://login.microsoftonline.com/<tenantname>.onmicrosoft.com/oauth2/v2.0/authorize
Access Token URL:  https://login.microsoftonline.com/<tenantname>.onmicrosoft.com/oauth2/v2.0/token

Add new authentication provider with the configurations below.
Azure AAD Authentication configured from the configurations done on Azure AD App
Azure AAD Authentication configured from the configurations done on Azure AD App

Read more »
By at
Labels: , , , ,

Saturday 21 March 2020

Azure Web App – Integrate Microsoft Teams Channel and show Conversation highlights with MS Graph API endpoints

This article helps you out integrating the Microsoft Teams channel data into custom web applications. Assume an use case, web application has channel mapping, where the app interface needs to show the highlights of latest conversations from respective team channels.

Currently the graph endpoint which exposes the channel messages is beta and available as protected endpoints.

Note: Microsoft Team restricts more sensitive data, and integrate the endpoints if there is a need. Please read out the following notes for the integration guidance.
  • This article little focuses on information about integrating protected APIs. As of today, Microsoft has restricted integrating some of their beta APIs. The protected endpoint list is shown here. https://docs.microsoft.com/en-us/graph/teams-protected-apis
  • To enable the protected APIs for integration, you would need to reach out to Microsoft team for integrations. The request could be submitted through this form. https://aka.ms/teamsgraph/requestaccess
  • The request is generally reviewed, approved and enabled over a timeline mentioned in the article. 
  • The request form needs to be filled with tenant, Azure AD app (explained below) and other details. 
  • Once the request is approved, you will get a notification over email confirming the API enablement within specific timeline. 


Azure AD App Registration and Configuration


Before submitting the request, an Azure AD app needs to be registered on the tenant. The use case requires to get the channel conversations. So, the following snapshot shows the configured and granted permissions. Apart from this configuration, the other key parameters needs to be configured.
  • Enabling oAuth implicit flow. 
  • Enabling implicit tokens 
  • And providing redirect APIs. 
API permissions required for integration
API permissions required for integration


Read more »
By at
Labels: , , , , ,

Tuesday 18 February 2020

Retrieve Office365 People data on MS Team Channels via Outgoing Webhook and Azure App Service

Here, let us see how office 365 people information can be integrated into Microsoft Teams, with the help of outgoing webhooks on Teams. The use case is to pull the people present at a location, on posting a message to a service from Microsoft Teams.  

This could be easily achieved with the help of outgoing webhook feature under teams. The webhook has to interact with a service to get data processed based on data posted. 

Why Outgoing Webhook?: The outgoing webhook is used here instead of incoming webhook, since the data needs to be retrieved only when it is required.

No BOT Framework, only Azure App Service: This article helps us to understand creating outgoing webhook services for Microsoft Teams, without creating BOT service/app. Here the intent of service is clear, so we are not leveraging the BOT framework, instead hosting a simple service with Azure web app. From azure web app, the people data is being pulled from Azure AD with the help of Microsoft Graph API.


Create an outgoing webhook for a Microsoft Team 


Locate a team under Microsoft Teams, and navigate to manage team. Under App, in the bottom right corner, you will find an outgoing webhook link. From the link, create a webhook.  

Outgoing Webhook creation on Teams
Outgoing Webhook creation on Teams

Read more »
By at
Labels: , , , , , ,

Saturday 9 December 2017

Azure Active Directory App Authentications

Azure AD App registrations provides ways for authenticating or authorizing the user custom applications which uses Azure AD, to access the data available on the Microsoft products/services.

Why Azure AD App Registration? You might have already worked with custom applications that uses Azure Control Service, which provides way for authenticating users to gain access to web applications and services. As ACS is getting deprecated, Microsoft provides ways for authenticating the applications and provides way for enabling permissions for users to access the data. 

(Source: https://cloudblogs.microsoft.com/enterprisemobility/2013/06/22/azure-active-directory-is-the-future-of-acs/)

Read more »
By at
Labels: , , ,
Subscribe to: Posts (Atom)