Integrate Office 365 templates with Microsoft Graph in SAM

This topic describes how to configure SAM to support the integration of the following Office 365 templates with Microsoft Graph, a product that offers a single REST API endpoint where SAM can access data for Office 365 services.

• Microsoft Office 365 OneDrive
• Microsoft Office 365 SharePoint Online
• Microsoft Office 365 Skype
• Microsoft Office 365 Skype for Business
• Microsoft Office 365 Teams

To learn more about Graph, see:

• Overview of Microsoft Graph
• Get started with Microsoft Graph
• Microsoft Graph permissions
• Working with Office 365 usage reports in Microsoft Graph

All Microsoft links in this topic are © 2019 Microsoft Corp., available at https://docs.microsoft.com, obtained on May 8, 2019.

Requirements

• The PSMSGraph PowerShell module for the Microsoft Graph API is installed and configured on the Orion server, as described next.
• The PSMSGraph module is a registered Azure Active Directory (AD) app in the Microsoft Azure portal with the following Microsoft Graph API permissions:
  • Reports.Read.All (Delegated)
  • Reports.Read.All (Applications)
• When you register the PSMSGraph Module as an app, gather the following details so you can pass them as arguments for different component monitors in Office 365 templates:
  • App name
  • Client ID/Application ID
  • Tenant ID
  • Password

Set up the PSMSGraph module on the Orion server

To install and configure the PSMSGraph module on the Orion server:

1. Obtain PSMSGraph from either of the following websites and install it.
   • PSMSGraph (© 2020 MIT License, Inc., available at https://psmsgraph.readthedocs.io, obtained on February 13, 2020)
   • PowerShell gallery (© 2020 MIT License, available at https://www.powershellgallery.com, obtained on February 13, 2020)
2. Verify the module is installed correctly.
   1. In the PowerShell console, type: Get-Module -ListAvailable -Name "psmsgraph"
   2. Compare the output to the following screenshot; it should be similar.
      

      

Register the app

To provide Office 365 templates with access to the Microsoft Graph API, register the PSMSGraph module as an Azure AD app in the Microsoft Azure portal with the following permissions:

• Reports.Read.All (Delegated)
• Reports.Read.All (Applications)

When you create the app, use a recognizable name, such as "SAM Office 365 Graph".

An Azure AD admin must authorize the endpoint before SAM can access the API.

To learn more, see these Microsoft resources:

• Quickstart: Register an application with the Microsoft identity platform
• New Azure portal app registration training guide
• Register an application with the Microsoft identity platform