Multitenant Azure Function using MS Graph API

/ Sudharsan K...

Introduction

Hi friends, in this post we are going to learn about how to access multitenant information in Azure Function using MS Graph API. In my last post on A Try On Multitenant Application Using React with MS Graph API | Knowledge Share (spknowledge.com), I had covered an introduction about Multitenant application and its key benefits.

Scenario

An Azure function to list all users in the specific tenant with the help of Graph API. Here we are going to use the HTTP Trigger of Azure Function and then using Postman to test the trigger. For this sample also we need an app registered in Microsoft Entra ID as a multitenant. Since I had covered the detail steps on App registration on A Try On Multitenant Application Using React with MS Graph API | Knowledge Share (spknowledge.com), in this post I am gonna highlight the changes that needs to be done in the app already registered.

App Registration

Once you had created the app based on my previous post, follow the below steps in addition for the Azure function to work.

  • Navigate to the app registered in the Tenant A and click on Certificates & secrets from the left navigation
  • Click New client secret to create a new secret. Give any Description and Expires to create a client secret. Once the secret is created, copy the secret because you wont’ be able to get the secret once move from that page.
  • Navigate to API permissions on the left navigation and choose Add a permission. From the Request API permissions panel click Microsoft Graph and then choose Application permissions (since Azure Function will run as a backend service)
  • Once the permissions are added, check whether admin consent required or not, if needed provide the admin consent.

We are done with the changes to the app registration. Now we focus on the Azure Function

Focus on the Azure Function

Create a Azure Function in Visual Studio. Choose the configuration like the below and create the project.

Once the project is created, try to run your project. You should be able to see the console with the endpoint like the below

Open the Postman tool and try to send the request to the above Url and get the response like the below. Once you got the status as 200 Ok, your azure function is good to go for modification. If you face any issues, try to resolve it before you modify the code.

Now let us start to change the code to communicate with Graph API

  • Install the below nuget packages
    • Azure.Identity
    • Microsoft.Graph
  • Update the local.settings.json file and add the below keys and the values
    • ClientID
    • ClientSecret
  • Navigate to the <function>.cs file. Create a new class named IUser to store some of the user properties and the same will be returned as a collection when our endpoint is called from Postman.
  • Update the actual Run method to the below.
  1. Getting the ClientID & ClientSecret from the local.settings.json file using Environment.GetEnvironmentVariable
  2. For this sample, I have hard coded the tenant variable as <tenantname>.onmicrosoft.com. You can also pass the tenant id.
  3. I am using the default scopes that is registered via the app registration
  4. Selecting only few properties of the users using the graph client
  5. Updating the custom collection with the result from graph and sending the custom collection as a response for our endpoint.
  • Before executing this with different tenant, you have to make sure that the app registration is successful and all the consumer tenants has given the permission for the app.
  • Below is the screenshot using the main tenant name m365devpractice
  • Below is the screenshot using the consumer tenant name o365practice

In a real world, you can have the list of tenant names in a DB and loop it to get the details of the specific tenant. It could be user details, license details or any other details based on the permissions accepted by the consumer tenant.

Reference – Source Code

Github – az-func-multitenant

Conclusion

Thats it, we came to climax of the post and I assure some of you had learned something new on the multitenant in Azure Function. Leave your feedback or comments if you think that I need to improve something or anything you want me to explore and give you some guidance.

If you like my post, please like and subscribe to the news letter. Also, dont forget to subscribe my Youtube Channel – Knowledge Share

Happy Coding…

Leave a comment