2. www.winsmarts.com
contact@winsmarts.com
Obligatory about me slide ..
• Twitter: @sahilmalik
• Hands on developer!
• C#, SP, O365, JS, TS, Cordova, Electron, iOS, Android, etc.
• Worked in 18 countries, 5 continents.
• Author of 20+ books, videos, trainings, etc. etc.
• MVP for 15ish years.
• C#, SharePoint, Office365
• Office Servers and Services, Visual Studio and Development Technologies
3. www.winsmarts.com
contact@winsmarts.com
What am I doing here?
• Two sessions,
• This session: Where I put AzureAD and O365 dev in perspective, a lay of the
land. And end with a demo.
• Another session: Where is more hands on, where we do stuff with TypeScript
and Office365. Pretty cool stuff!
• So lets get started!!
8. www.winsmarts.com
contact@winsmarts.com
SharePoint hosted apps
• Poor upgrade story
• Limited capability on what they can actually do
• Requires wildcard redirect URI
• IFrame app parts, use querystrings, which can interfere with your logic
• ClientWebPart’s editor area is extremely limited
• Branding is hard
• UX is hard (resizing, deep linking etc.)
• Non-standard CORS
• Etc.
12. www.winsmarts.com
contact@winsmarts.com
Azure AD
• .. Is not a replacement for your on prem AD
• Protects Office 365 resources
• Anything you access from the browser as a user
• Anything you access from a program using the API
• Can federate authentication to standards based identity providers
15. www.winsmarts.com
contact@winsmarts.com
So what APIs do we have?
• Well there is the v1 app model
• Then there is a v2 app model
• And there is the v1 APIs
• And there are v2 APIs, which is not the same as the v2 app model
20. www.winsmarts.com
contact@winsmarts.com
PHA vs Azure AD based APIs
Provider Hosted App
• Great for CSOM + REST
(SharePoint)
• Suitable for single client
(internal dev)
• Complex setup
• Works on prem, but somewhat
different from O365
Azure AD based APIs
• CSOM + REST not 100%
supported
• Very suitable for vendors
• Very suitable for app stores
• Does not work on-prem as of
today
• Much more solid and robust
architecture, but not everything
is supported today
23. www.winsmarts.com
contact@winsmarts.com
V1
• User
• OneDrive
• Outlook mail and calendar
• Personal Contact
• Groups
• Directory
• Webhooks
Beta
• Users (more)
• People
• Tasks
• OneNote
• Data extensions
• WebHooks (more)
• Excel
• OneDrive (more)
• Outlook mail and calendar (more)
• Personal contact (more)
• Groups (more)
• Organizational contacts
• Directory (more)
24. www.winsmarts.com
contact@winsmarts.com
User – v1
Get/Update/Delete user details
Get/create user mails and mail folders & send mails
List/Create calendars, and list/create/delete events, get reminders
List/create/delete contacts and contact folders
List direct reports, manager, what groups the user belongs to
List owned devices/ owned objects/registered devices/createdobjects
Assign license to user
Groups – check for membership, get groups user is member of.
Profile photo – Get/Update
http://graph.microsoft.io/en-us/docs/api-reference/v1.0/resources/user
26. www.winsmarts.com
contact@winsmarts.com
OneDrive – v1
• Get current user or another
user’s drive
• Get root folder of drive
• List items or changes in drive
• Search items in a drive
• List children of a drive item
• Get recent files
• Get shared with me
• Get special folders
http://graph.microsoft.io/en-us/docs/api-reference/v1.0/resources/drive
• Drive item –
get/create/delete/update, get
children, download content
• Copy and Move item
• Search Items
• Find changes (for this item and
it’s children)
• List thumbnails
• Create sharing link
• Add/List/Delete permissions
28. www.winsmarts.com
contact@winsmarts.com
Outlook Mail – v1
http://graph.microsoft.io/en-us/docs/api-reference/v1.0/resources/message
• Get/Update/Delete/Copy a mail
• List/Create attachments
• Forward/Reply/ReplyAll
• Send
• Get/Create/List mail folders
• Create/List messages in a mail
folder
• Update/Delete/Copy/Move a
mail folder
• Get attachments of
• Event
• Mail
• Post
• Delete attachment
• Get contents of an attachment
29. www.winsmarts.com
contact@winsmarts.com
Outlook Mail – v2
http://graph.microsoft.io/en-us/docs/api-reference/beta/resources/message
• Get/Update autoreply settings
• On Mail, Data extensions and
extended properties
• Add/remove/update
• On Mail Folders, Data
extensions and extended
properties
• Add/remove/update
• Attachment
• No changes
30. www.winsmarts.com
contact@winsmarts.com
Outlook Calendar – v1
http://graph.microsoft.io/en-us/docs/api-reference/v1.0/resources/calendar
• List/Create/Get/Update/Delete
calendar(s)
• List Calendar views
• CRUD events
• Accept/tentatively accept/decline
event
• Reminder – dismiss or snooze
• List recurrences of events
• Manage attachments
• CRUD event message (the
calendar invite email)
• Send/Copy/Move event
message
• Reply/ReplyAll
• Attachments
• CRUD calendar(s)
31. www.winsmarts.com
contact@winsmarts.com
Outlook Calendar – v2
http://graph.microsoft.io/en-us/docs/api-reference/beta/resources/calendar
• Cancel Event
• Data extension and properties
on events
• Data extension and properties
on event messages
• Data extensions and properties
on calendars
• CRUD calendar(s)
42. www.winsmarts.com
contact@winsmarts.com
Main differences between v1 and v2
• Accept both Azure AD and Microsoft account (live ID) identities
• Office 365 Authentication Scopes, not resources. Your app can
request additional scopes.
• New registration portal.
• Not everything works as of now in v2 app model.
43. www.winsmarts.com
contact@winsmarts.com
What works in v2?
• Outlook mail, calendar,
contacts
• The app itself (your
custom web apis)
• Graph
• Works for all O365 users.
• Works for some outlook.com
users (create a new account if
you want it to work)
44. www.winsmarts.com
contact@winsmarts.com
What does not work in v2?
• Stand alone Web APIs (i.e. ApplicationID of the caller and called must
be the same)
• Daemons
• On-Behalf-Of-Flow
• Existing apps (new registration portal and registration required)
45. www.winsmarts.com
contact@winsmarts.com
Scenarios
• Web Browser to Web Application
• JavaScript SPA*
• Native App*
• Web application calling Web API
• Application Identity
• Delegated user identity
• Daemon
* can also call CSOM+REST also with user identity