Integrate Office 365 templates with Microsoft Graph in SAM

This topic describes how to configure SAM to support the integration of the following application monitor templates with Microsoft Graph, a product that offers a single REST API endpoint for Microsoft 365 services.

• Microsoft Office 365 OneDrive
• Microsoft Office 365 SharePoint Online
• Microsoft Office 365 Skype
• Microsoft Office 365 Skype for Business
• Microsoft Office 365 Teams

Starting in SAM 2020.2.5, apiversion=v1.0 is required in PowerShell scripts for legacy Microsoft Office 365 Teams and Microsoft Office 365 OneDrive templates and related application monitors. Otherwise, scripts return [ERROR] The remote server returned an error: (404) Not Found. messages. Alternatively, use one of the Microsoft 365 API poller templates.

To learn more about Graph, see:

• Overview of Microsoft Graph
• Get started with Microsoft Graph
• Microsoft Graph permissions
• Working with Microsoft 365 usage reports in Microsoft Graph

All Microsoft links in this topic are © 2019 Microsoft Corp., available at https://docs.microsoft.com, obtained on May 8, 2019.

Requirements

• The PSMSGraph PowerShell module for the Microsoft Graph API is installed and configured on the Orion server, as described next.
• The PSMSGraph module is a registered Azure Active Directory (AD) app in the Microsoft Azure portal with the following Microsoft Graph API permissions:
  • Reports.Read.All (Delegated)
  • Reports.Read.All (Applications)
• When you register the PSMSGraph Module as an app, gather the following details so you can pass them as arguments for different component monitors in SAM templates:
  • App name
  • Client ID/Application ID
  • Tenant ID
  • Password

Set up the PSMSGraph module on the Orion server

To install and configure the PSMSGraph module on the Orion server:

1. Obtain PSMSGraph from either of the following websites and install it.
   • PSMSGraph (© 2020 MIT License, Inc., available at https://psmsgraph.readthedocs.io, obtained on February 13, 2020)
   • PowerShell gallery (© 2020 MIT License, available at https://www.powershellgallery.com, obtained on February 13, 2020)
2. Verify the module is installed correctly.
   1. In the PowerShell console, type: Get-Module -ListAvailable -Name "psmsgraph"
   2. Compare the output to the following screenshot; it should be similar.
      

      

Register the app

To provide SAM templates with access to the Microsoft Graph API, register the PSMSGraph module as an Azure AD app in the Microsoft Azure portal with the following permissions:

• Reports.Read.All (Delegated)
• Reports.Read.All (Applications)

When creating apps, use a recognizable name, such as "SAM Microsoft 365 Graph".

An Azure AD admin must authorize the endpoint before SAM can access the API.

To learn more, see these Microsoft resources:

• Quickstart: Register an application with the Microsoft identity platform
• New Azure portal app registration training guide
• Register an application with the Microsoft identity platform