Microsoft Enterprise Mobility + Security and the Microsoft Graph API
Published Sep 08 2018 09:55 AM 10.1K Views
First published on CloudBlogs on Mar 20, 2017
Across the more than forty thousand customers that Enterprise Mobility + Security (EMS) serves today, there’s a notable diversity in how they organize their IT resources to enable mobile productivity for their workforce. Each customer uniquely defines their mobile strategy and IT structure through a series of choices based on the strategic needs of their business. Customers may choose to manage their mobility solutions internally while others choose to work with a managed service provider to manage on their behalf. Regardless of the structure, our goal is to enable IT to easily design processes and workflows that allow them to be more empowered and efficient. As the Microsoft Intune and Azure Active Directory admin experiences come together in Azure, we’re taking an important step forward in our ability to offer EMS customers more choices and capability. Built on the Microsoft Graph API , the new Intune and Azure AD experience on Azure opens a new set of possibilities for our customers and partners to simplify, automate, and integrate their workloads. Microsoft Graph API connects developers to the data that drives productivity – mail, calendar, contacts, documents, directory, devices, and more. It serves as a single interface where Microsoft services can be reached through a set of REST APIs. With our shift to Azure and the Microsoft Graph API, customers now have the choice to manage the administration and operation of Intune and Azure AD services in the new Azure console or through the Microsoft Graph API. The scenarios that the Microsoft Graph API enable are expansive – we expect the value to you and all our customers to center on three core benefits:


Microsoft Graph API is accessible through several platforms and tools, including REST- based API endpoints, and most popular programming and automation platforms (.NET, JS, iOS, Android, PowerShell). Resources (user, group, device, application, file) and policies can be queried through this API, and formerly difficult or complex questions can be addressed via straightforward queries. For example, you can use the Graph APIs to check the compliance state of all your Intune- managed devices and feed this data into your existing reporting system, enabling a simple, yet powerful, reporting experience across your organization.


The Microsoft Graph API allows you to connect different services and automate workflows and processes between them. For example, you could connect your HR system with the Microsoft Graph APIs to automate the provisioning of mobile devices when you’re onboarding a new employee, and set up automation to retire and wipe a device as employees leave the company. If you are a service provider managing the environment of multiple customers at once, you could use these capabilities to automate the onboarding of tenants, populating them with default policies and implementing industry-specific templates. All this can be set up to happen automatically without ever opening a management console.


The Microsoft Graph API can send detailed device and application information to other IT asset management or reporting systems. You could build custom experiences which call our APIs to configure Intune and Azure AD controls and policies and unify workflows across multiple services. For example, a help desk organization might build a custom solution that incorporates Intune functionality into their console, allowing them to manage device and application policies in a unified way alongside other helpdesk tasks. You can even connect with PowerBI and other analytics services to create custom dashboards and reports based on Office 365, Intune, and Azure AD data from the Microsoft Graph API. The new Intune for Education experience and the OneDrive for Business console, where Intune app protection policies are now built in directly, are both great examples of new experiences that are made possible because of Intune and Azure AD being built on the Microsoft Graph API. We’re also working directly with several partners who are starting to explore what’s possible with our APIs in preview. It’s exciting to see the ideas they come up with around how these capabilities will improve their processes and workflows, and the custom solutions they will enable. The Intune and Azure AD APIs are available in preview now as part of the Microsoft Graph API beta and will be generally available later in 2017.*For a closer look, check out the documentation on how to use Intune and Azure Active Directory APIs. *Use of a Microsoft online service requires a valid license. Therefore, accessing EMS, Microsoft Intune, or Azure Active Directory Premium features via Microsoft Graph API requires paid licenses of the applicable service and compliance with Microsoft Graph API Terms of Use.
Version history
Last update:
‎Sep 08 2018 09:55 AM
Updated by: