> ## Documentation Index
> Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Microsoft Graph

> Microsoft Graph is a unified API for accessing Microsoft 365 services and data, like users, emails, and files.

<Note>Microsoft Graph does not support any actions itself. It serves only as a general connection that can be used across all Microsoft Graph integrations for extra convenience.</Note>

## Creating a Microsoft Graph connection

<Info>
  To reduce the number of scopes, we recommend using separate connections for each of the following integrations rather than the general Microsoft Graph connection.

  1. [Microsoft Entra ID](/docs/integrations/microsoft-entra-id)
  2. [Microsoft Defender XDR](/docs/integrations/microsoft-defender-xdr)
  3. [Microsoft Teams](/docs/integrations/microsoft-teams)
  4. [SharePoint](/docs/integrations/sharepoint)
  5. [OneDrive](/docs/integrations/onedrive)
  6. [Microsoft Outlook](/docs/integrations/microsoft-outlook)
  7. [Microsoft Intune](/docs/integrations/microsoft-intune)
  8. [Microsoft Excel](/docs/integrations/microsoft-excel)
  9. [Microsoft E-Discovery](/docs/integrations/microsoft-e-discovery)
  10. [Microsoft OneNote](/docs/integrations/microsoft-onenote)

  You can continue to use the general connection if desired.
</Info>

Create the connection by using one of the following methods:

* [OAuth](#using-oauth)
* [App Registration](#using-app-registration)

### Using OAuth

#### Creating your connection

1. In the Blink platform, navigate to the **Connections** page > **Add connection**. A New Connection dialog box opens displaying icons of external service providers available.
2. Select the **Microsoft Graph** icon. A dialog box with name of the connection and connection methods appear.
3. (Optional) Edit the name of the connection. At a later stage you cannot edit the name.
4. Click **Microsoft Graph** to authenticate using OAuth.
5. Sign in using your credentials.

<Info>
  Need admin approval? please refer to the [Need Admin
  Approval](/docs/integrations/microsoft-graph/admin-approval) guide.
</Info>

### Using App Registration

To create the connection you need:

* A client ID
* A client secret
* A tenant ID

#### Obtaining the credentials

1. Log into the [Azure Portal](https://portal.azure.com/#home).

2. Go to the *Microsoft Entra ID* resource.

   <img src="https://mintcdn.com/blinkops-2/LiDiL34PEmIGHJGK/img/ActiveDirectory/azure_active_directory.png?fit=max&auto=format&n=LiDiL34PEmIGHJGK&q=85&s=57246fca73df6e9ce3f39594b5c944bf" alt="Azure Active Directory Resource" width="2760" height="1602" data-path="img/ActiveDirectory/azure_active_directory.png" />

3. In the left-hand menu, click **App registrations**.

   <img src="https://mintcdn.com/blinkops-2/LiDiL34PEmIGHJGK/img/ActiveDirectory/app_registrations.png?fit=max&auto=format&n=LiDiL34PEmIGHJGK&q=85&s=aa4834712de9b57c079d56adb68abc7f" alt="App Registrations" width="495" height="853" data-path="img/ActiveDirectory/app_registrations.png" />

4. Create a new application registration or click on one of your existing applications.

   <img src="https://mintcdn.com/blinkops-2/LiDiL34PEmIGHJGK/img/ActiveDirectory/my_app1.png?fit=max&auto=format&n=LiDiL34PEmIGHJGK&q=85&s=bc11b1db3698cb119e105eaa7e699f6b" alt="My App" width="2628" height="1138" data-path="img/ActiveDirectory/my_app1.png" />

5. In the left-hand menu, click **API permissions**.

   <img src="https://mintcdn.com/blinkops-2/LiDiL34PEmIGHJGK/img/ActiveDirectory/api_permissions.png?fit=max&auto=format&n=LiDiL34PEmIGHJGK&q=85&s=b0ed7c3e06ffd15e35fb078b7b3f0e78" alt="API Permissions" width="320" height="853" data-path="img/ActiveDirectory/api_permissions.png" />

6. Click **Add a permission** and select **Microsoft Graph**.

   <img src="https://mintcdn.com/blinkops-2/LiDiL34PEmIGHJGK/img/ActiveDirectory/add_permission.png?fit=max&auto=format&n=LiDiL34PEmIGHJGK&q=85&s=036e402e171051eb562e528089ba7d9f" alt="Add Permission" width="1920" height="832" data-path="img/ActiveDirectory/add_permission.png" />

7. Choose **Application permissions** and mark the permissions you wish to add.

   <img src="https://mintcdn.com/blinkops-2/LiDiL34PEmIGHJGK/img/ActiveDirectory/application_permissions.png?fit=max&auto=format&n=LiDiL34PEmIGHJGK&q=85&s=96ae24085dfac2547b72a7abbc82eca4" alt="Application Permissions" width="1919" height="833" data-path="img/ActiveDirectory/application_permissions.png" />

   To allow all actions in Blink to run, add the following permissions used by Blink to access your Microsoft Graph APIs:

   ```
   AuditLog.Read.All
   Calendars.ReadBasic
   Calendars.ReadWrite
   Calendars.ReadWrite.Shared
   Channel.Create
   ChannelMember.ReadWrite.All
   ChannelMessage.ReadWrite
   ChannelMessage.Send
   ChannelSettings.ReadWrite.All
   Chat.Create
   Chat.ReadWrite
   Chat.ReadWrite.All
   ChatMember.ReadWrite
   Device.Command
   Device.Read.All
   DeviceManagementApps.ReadWrite.All
   DeviceManagementManagedDevices.PrivilegedOperations.All
   DeviceManagementManagedDevices.ReadWrite.All
   Directory.AccessAsUser.All
   Directory.ReadWrite.All
   eDiscovery.ReadWrite.All
   Files.ReadWrite
   Files.ReadWrite.All
   Group.ReadWrite.All
   GroupMember.ReadWrite.All
   IdentityRiskyUser.Read.All
   IdentityRiskyUser.ReadWrite.All
   Mail.Read
   Mail.ReadBasic
   Mail.ReadWrite
   Mail.ReadWrite.Shared
   Mail.Send
   MailboxSettings.ReadWrite
   Notes.ReadWrite.All
   OnlineMeetings.ReadWrite
   SecurityAlert.Read.All
   SecurityAlert.ReadWrite.All
   SecurityIncident.ReadWrite.All
   Sites.Manage.All
   Sites.ReadWrite.All
   TeamMember.ReadWrite.All
   ThreatHunting.Read.All
   User.EnableDisableAccount.All
   User.ManageIdentities.All
   User.Read
   User.ReadWrite.All
   User.RevokeSessions.All
   ```

   <Note>
     You can adjust the permissions according to your requirements.

     Ensure that the permissions configured in your app registration align with those required by the actions you wish to perform with Blink. Remember, having a high-level permission does not automatically grant access to its subordinate permissions.
   </Note>

8. Click **Add permissions** to save the changes.

9. Click **Grant admin consent for `<your tenant>`** on the API permissions page. **Only admins can grant consent**.

   <img src="https://mintcdn.com/blinkops-2/LiDiL34PEmIGHJGK/img/ActiveDirectory/grant_admin_consent.png?fit=max&auto=format&n=LiDiL34PEmIGHJGK&q=85&s=ae92df915ab2cd3ffb8d3241752e6e56" alt="Grant Admin Consent" width="1319" height="833" data-path="img/ActiveDirectory/grant_admin_consent.png" />

10. Navigate to **Overview** and Copy your **client ID** and **tenant ID**.

    <img src="https://mintcdn.com/blinkops-2/LiDiL34PEmIGHJGK/img/ActiveDirectory/client_tenant.png?fit=max&auto=format&n=LiDiL34PEmIGHJGK&q=85&s=7faa71341ef29fce86e62d436472e630" alt="Client ID & Tenant ID" width="3438" height="1266" data-path="img/ActiveDirectory/client_tenant.png" />

11. Create a new **client secret**.

    <img src="https://mintcdn.com/blinkops-2/LiDiL34PEmIGHJGK/img/ActiveDirectory/secret.png?fit=max&auto=format&n=LiDiL34PEmIGHJGK&q=85&s=9d1dfac219ab431a28a8c0d5219b96f1" alt="Client Secret" width="3250" height="1252" data-path="img/ActiveDirectory/secret.png" />

12. Copy the **secret value**.

    <img src="https://mintcdn.com/blinkops-2/LiDiL34PEmIGHJGK/img/ActiveDirectory/secret_value.png?fit=max&auto=format&n=LiDiL34PEmIGHJGK&q=85&s=8c7709585443b3044f2c17e3e9493ed9" alt="Client Secret" width="2672" height="1312" data-path="img/ActiveDirectory/secret_value.png" />

#### Creating your connection

1. In the Blink platform, navigate to the **Connections** page > **Add connection**. A New Connection dialog box opens displaying icons of external service providers available.

2. Select the **Microsoft Graph** icon. A dialog box with name of the connection and connection methods appear.

3. (Optional) Edit the name of the connection. At a later stage you cannot edit the name.

4. Select **App Registration** as the method to create the connection.

5. Fill in the parameters:

   * The Client ID
   * The Client Secret
   * The Tenant ID

6. (Optional) Click **Test Connection** to test it.

7. Click **Create connection**. The new connection appears on the **Connections** page.
