Access User Data from Microsoft Graph

Key Takeaways

hi I'm Andrew Connell and I'm a Microsoft MVP in the area of Microsoft 365 development I have a lot of experience with SharePoint development including all the different development models that we've had Microsoft graph development Microsoft teams development and developing add-ins for Microsoft Office as well as working with Microsoft identity including Azure ad users are at the core of most operations in Microsoft 365 Microsoft graph enables developers full control over the lifecycle of users in Microsoft 365 including creating updating and deleting users in addition to listing users within the organization in this section you're going to learn how to use Microsoft graph to work with users in Microsoft 365 including the required permissions in this first section we're gonna primarily look at accessing users Microsoft's Office 365 developer vision focuses on the users experience and their data as a developer you can bring your applications into their user experience with over 1.2 billion users of office worldwide this is a huge opportunity to provide a window into your applications as well as being able to connect into the into their data and add intelligence to your applications there are currently 850 million events created a month and a total of 470 petabytes of data or more in the service that can add value for your users Microsoft graph is the gateway to your data in the Microsoft cloud as you can see from the list of resources services and entities on this slide there are lots of things that you can take advantage of in the office 365 platform you can work with mail calendar contacts tasks in addition to content inside of SharePoint sites and lists files inside of onedrive and interact with Microsoft teams and many more things that you can take advantage of each of these services typically has its own API that you can leverage to read and write to these different services however it can be challenging and cumbersome to work with these different services as each is implementing their own endpoint permission model and syntax for performing some operations like searching and other subtleties each endpoint is also secured with Azure ad which means that developers will need to authenticate with Azure ad and obtain an OAuth access token for each service they want to work with the Microsoft graph addresses many of these challenges by acting as a proxy to a lot of the different services it encompasses data residing in office 365 such as mail calendar and contacts and onedrive as well as many others in addition it also provides access to Windows 10 and enterprise mobility and security under a single endpoint this endpoint HTTP colon slash slash graph Microsoft comm allows developers to create applications that will only have to authenticate once and obtain a single access token that can be used to retrieve data from multiple sources greatly simplifying the development process each service will still have their individual permissions or scopes but all of these permissions are defined in a single place under the Microsoft graph endpoint and handles the underlying calls and permission requests to each of these different endpoints as the previous slide stated the Microsoft graph is your gateway to all data in Microsoft 365 it is a single resource that proxies multiple Microsoft services because the Microsoft graph acts as a proxy endpoint to multiple endpoints for each Microsoft 365 service it will supply the process simplify the process of obtaining oow auth access tokens that you must include with each request to one of these endpoints unlike the process of obtaining a different token for each endpoint the Microsoft graph enables you to obtain a single access token to submit requests that can retrieve data from all the services and endpoints at the Microsoft graph exposes one of the challenges we used to have to deal with with these different services was determining the endpoint URL for each service as some of them were unique to you each user to address this Microsoft created a directory service that you can query to determine what URL with the URL was for the different services for a particular user however the Microsoft crack greatly simplified this with two special endpoints the /me and the slash my organization endpoints these will take you to the root of your user entity or your organization within the Microsoft graph this module will explain how you can easily find relationships between entities in the Microsoft graph and traverse these objects to find related content using the slash me and the slash my organization endpoints in combination with the ability to traverse or related entities the Microsoft graph makes it easy to access your data developers can create all sorts of applications that will communicate with the Microsoft graph and to support as many developers and as many platforms as possible the Microsoft graph has chosen two options for developers has two options for developers to choose from when integrating the Microsoft graph into their applications at its core Microsoft graph is a REST API this means that developers can use any platform any framework in any programming language they are most comfortable with the only requirement is that they issue a common HTTP request and process HTTP responses which pretty much all relevant platforms and frameworks and languages can do these days in addition Microsoft graph also provides native SDKs for developers who want to leverage a rich programming model with their applications these SDKs are available for multiple platforms and simplify the process of interacting with the Microsoft graph REST API obstructing away the tasks of constructing submitting and processing the rest requests and responses with Microsoft graph api's you will likely find exist an existing SDK for the platform and language that you are working on as you'll find almost all of the popular platforms are covered including dotnet iOS Android Java PHP Ruby JavaScript and many many more Microsoft graph supports two styles of authentication one supports the users to authenticate using either azure ad accounts which are also known as working school accounts or a Microsoft account the former account is typically used to access content and resources within other office 365 services in Microsoft 365 the latter account type Microsoft account is used to access consumer services such as onedrive consumer outlook comm and other related services now what's nice about Microsoft graphs supporting both styles of authentication is that the same API and the same endpoints can be used to create applications that will expose business data to Microsoft in Microsoft 365 or consumer data within the Microsoft consumer services this makes it easy for developers to learn a single API and have the ability to configure their application to support both businesses and consumers ADA that is driven strictly by the user and what type of account they're gonna log in with users are the representation of an azure ad work in school account or a Microsoft account in the Microsoft graph the user resource in Microsoft graph is a hub from which you can access the relationships and resources that are relevant to your users you can use Microsoft graph to access the relationships documents contacts and preferences that are contextually relevant to the signed-in user and the user resource provides a straightforward way for you to access and manipulate user resources without having to perform additional calls look up specific authentication information and directly issue queries against other Microsoft graph resources what can you do with the Microsoft graph user resource well the user resource is the gateway to resources related to a user and it can be the currently signed in user or another user if your identity and application has been granted the necessary permissions to access those other users what kinds of things can you do with the Microsoft graph user resource you can manage your organization you can create new users in your organization or update the resources and relationships for existing users you can use the Microsoft graph to do the following user management tasks you can create or delete users in your azure ad organization you can list a user's group memberships and determine whether a user is a member of a group you can list the users who report to a user and assign managers to users and you can upload or retrieve a photo for the user you can also work with calendars and tasks you can view query and update user calendar and calendar groups associated with the user including listing calendar events and creating events on a user's calendar you can view tasks assigned to a user find free meeting times for a set of users and get a list of reminders set on a user's calendar you can also administer mail and handle contacts you can configure user settings for contact lists and send mail on behalf of the user including listing email messages and send new mail creating lists user contacts and organized contacts and folders receive an update mailbox folders and settings and you can also enrich your apps with user insights and maximize the relevance in your application by promoting recently used or trending documents and contacts associated with a user you can use Microsoft graph to return documents recently reviewed and modified by a user or turn documents and sites trending around a user's activity list documents shared with a user through email or onedrive for business as well now let's explore the Microsoft graph user resource endpoint there are two ways you can access users through the Microsoft graph you can access a signed in user through the me alias at Microsoft graph comm slash v10 slash users for a specific user you can act you can access it so back up I just jump the slide on accident so delete that the slash meat endpoint is going to map to the same endpoint if you went to users slash with the user ID or their user principal name you can access the specific user using either their ID or their user principal name for example you can have it's a user slash user ID or users slash user principal name developers can also use one of the many Microsoft graph dotnet SDKs or one of the other native SDKs to obtain a user object developers can use one of the mini Microsoft grafted SDKs to obtain a user and for example to get a user worth of Microsoft graph dotnet SDK you would use some of the following code so you're first obtaining an axe a Microsoft graph service client and then here you can see where I've got a client dot me dot request and getting the end result for the user and then I can access all the values on that user for that specific user or I can request a specific user by going to the users collection and passing in the ID of the user as a parameter in the array and that would give me back a single user back in order to perform user operations you're going to need one of the following permissions the specific permission required will depend on the operation that you want to perform for example if you are creating editing or deleting a user one of the right permissions is definitely going to be required and some permissions can be granted by a user while others must be granted to the app by an administrator delegated permissions granted by users include things like user dot re basic dot all use a read and user readwrite while application permissions that are granted by admins include many more permissions as you see here on the slide now each resource has an additional referenced resources such as their email messages you can go to the but get all the emails for specific user by going to the user endpoint slash messages or get all their calendar events by going to slash events or by getting a user's onedrive consumer onedrive for business contents by going to these slash drives in point in this demo we're gonna create an azure ad application using the azure active directory admin center and we're gonna look at a dotnet core console application that's going to query the Microsoft graph for user data and we're going to use the Microsoft graph dotnet SDK now the first step we need is an azure ad application so let's go create that first I'm going to come over to I'm gonna come over to my azure ad administrative center or admin center and I'm gonna go create a new app registration so I go to a preju stration z-- and create a new registration and I'm gonna call this application the Microsoft graph console app and it's going to be a single tenant application so I'll go ahead and select register now once I've done that you'll see here that we have an application ID and a directory ID as well we're gonna need those in our app in a minute but we're gonna wait for just a minute to go through and grab those and go update our out let's first go over to our authentication tab now the console app that we're creating we really in this module just want to focus on the Microsoft graph I don't want to dwell too deep in the authentication aspects to our application and the reason for that is because it really gets quite complicated pretty quick on the different options that you have so I'm trying to keep the authentication as simple and as straightforward as possible what we're doing we're using a console app and we're this console app is what you call a public client and what that means is that there's no like app ID and secret there's an app ID but there's no secret that we're gonna define and furthermore we're gonna ask the users to login by providing the console out their credentials and then we're gonna log in on their behalf that's called the resource owner password credential and it may not be the best option for a production app there are other options like device code flow that you can use and I encourage you to check those out for true production apps but this is just a demo we want to focus on the Microsoft graph aspect not so much on the authentication aspects so in the we're going to use the Microsoft authentication library emcell and we're gonna use that to authenticate and handle some of the authentication stuff for us so one of the things you do when you when we have that is that because it's a public client like a desktop app or a console app you have special redirect URIs that you use you don't use like URLs so here I'm going to check off the one that M cell is going to use and that's gonna go with the ID of my app and then furthermore a little bit farther down I'm also gonna specify that I want to get that I want to turn on this default client type to treat as a public client this by default has turned off that I'm gonna turn this on in this case so I'll go ahead and save my changes and the next thing we'll do is we'll go into the API permissions to grant our app the necessary permissions now I could define permissions dynamically but again this is a console app and our user does not have a clean way of granting consent when they just pass their username and password in on a console so we're gonna do that here so we're gonna first add a permission and what we're going to do is we want to display a bunch of users from our organization so I'm gonna select the Microsoft graph and I'm gonna add a delegated permission and that permission is going to be user dot read dot all so this allows me to read all the users full profiles so I'll go ahead and select that and then I'll say add permissions okay now this is a this permission requires administrative consent so what I need to do is I need to trigger the admin consent endpoint to from the admin console to grant consent for all users in our our organization this may not be what you want to do in your production example again I'm just trying to keep the authentication stuff as simple as possible to focus on Microsoft graph alright here we can see that our permissions have now all been granted so we're in good shape so now let's go back over to our console log now before we do that our console app we need to tell it the Azeri tenant and the client ID of our application so let me go grab the directory ID I'm gonna go over here to my console app and in the app settings file I'm gonna go ahead and add in these two values so I'll add that one and then we'll grab the application ID and our path paste that in right here as well so there we go you got both of these now are all set up so now the next thing I want to do is let's come over here to our console live and let's let's take a look and see how this works alright so what this does is I first I'm going to go fetch those app settings so all that does it just grabs the values from the app settings JSON file and then I'm gonna prompt the user to provide their username and password to go authenticate and then once I've I've obtained their username and password I then need to create an instance of an authenticated Microsoft graph service client and that that's an object that's going to come from the Microsoft graph net SDK so I'm passing in the configuration information which is our ad app and our as your ad tenant and then the username of the password of the user so let's see how I'm obtaining this so just real briefly what we're doing is is we ultimately want to create an instance of this graph service client and what we have to pass into it is a authentic ation provider and that is an EM cell or Microsoft authentication library object so you can see up on line 62 we're gonna create an instance of this i authenticated provider so what i'm doing here is i'm gonna go obtain the ID and the authority from the app settings file and i'm generating the authority on the fly using the specific directory ID the next thing I'm doing is I'm creating a collection of all the permissions that we're gonna request and then I'm going to create an instance of the public client application which is what we use when we're doing a console app so I'm doing that creating that instance of that using the client ID and the authority I just generated and then I'm gonna go obtain an instance of an EM cell authentication provider and that's what this ionic ation provider is now this code right here is just a little helper class that you see over here and what this does is its implementing just a single 10 so I have this get instance and it's going to create a new instance of this authentication provider I don't want to have multiple ones that could potentially be storing username and passwords so instead I just created this as a singleton so there's only one in our console app and I'm using the public client app that we just generated that you saw a moment ago the permissions and the credentials for the current user and in doing that you see arrive define all these things they're all private properties in my in here but what it does is that there is a there is a method that when it calls get token async what this thing is going to do is this is just making sure that eventually it's adding in the access token to the request header as an authorization header and you can see here where I'm first trying to authenticate using the acquire token silently and if that doesn't work we're gonna go fetch the token using it by username and password so now that I have my the authorization provider or where we're down here in the graph client so we've got our graph client so let's see how we're actually using that so now that we have a dotnet instance of the Microsoft graft client to get a list of all of our users well it's pretty straightforward I'm just gonna say graph client users request and then I'm gonna add on get async dot result and I'm gonna write out all the results of all the users and I broke this up into two different calls here so the request object you could see what the underlying endpoint was that we were calling from the Microsoft graph so I'll save those changes let's come over to the console and let's do a dotnet build and a dotnet run and I'm gonna authenticate using our administrator so I'll put my user name in as the admin and then I'll put the password in and here we get a list of all of our users inside of our directory and you can see here that I'm doing that by just fetching the slash users endpoint for the Microsoft graph so that's one demo now the next thing I want to show you is there's another thing that we can do so let's go ahead and let's let me comment all this out we can also get a specific user or in this case here let's get information about the currently signed end user so we won't log in as the administrator this time we'll log in to somebody else but you can see the way that we do that is with this special me endpoint and then I can write out all the information about me so let's save our changes and let's try us run this as well so this time we will log in as Meagan so we'll do Meghan B and then we'll also grab her password and paste that in there we go so we got Meghan B and we've got Meghan's password passed in as well we can see that we're getting information back about the currently signed end user which is Meghan and you can see here that I'm getting that by just passing in the slash me endpoint furthermore another thing that we can do with this is I can get information from about a specific user so in this case here we're not getting information about Meghan I want to get information about a very particular user and so in this case here I fetched a an object ID of a user in our organization and so you can see here that the first thing I'm doing is I'm going to go grab the user by their ID that you see like this that's one way of doing it or I could have fetched them like this as well by pass in the ID of them listed like this so I don't need to use this first part let's use the second part this is I think it's this this part of the you API is a little bit easier so we're going to the client going to the users collection and passing in the gooood of the individual user and that's gonna give me back this specific user and then I can go write out the results for this so let's go make sure we have a real user here let's grab let's go to our users and as you're the azure ad admin Center and let's find a user like let's grab Alex so I'll grab Alex subscribe his object ID and we'll just paste that in right here save our changes and now let's run this so this time we'll do another dotnet build paste in the username paste in the password and tada we got Alex's information you can see the way we're doing that is because we're passing in this slash user ID as part of the U as part of the endpoint and just to show you there's another way you can do this you can use the dollar filter to filter your requests so again let's change the value that we're going to be grabbing let's change the way we're getting it absolute we want it like this that and let's go like we want actually this one to run and like that so when we did when we request is a single user this came back for a very specific user and noticed that when we did that we were able to just to get a single result back but when we do this filter this is gonna give me back a collection and so notice I'm grabbing the first item back from that collection so if I save my changes here and I run this what you'll see is a slightly different request that's gonna be generated for the graph API so notice here instead of using the users slash in the gooood it's adding in a dollar filter ID equals and then this value right here so that's another way to get a specific user so in this demo what you saw was a couple different ways of getting all users or a specific user or the current user using the me endpoint using the Microsoft graph dotnet SDK but you also saw the equivalent Microsoft graph API endpoint as well in this section we're going to learn how to get a reference to and download a user's profile photo as well as access the user's manager we're also going to see how to save the file the photo file locally to your machine now profile photos can be set on a user account or on a group or on a contact in office 365 and developers can use the Microsoft graph to view download and manage profile photos for these three different resource types now profile photos are stored as a binary data that developers can convert to different formats for use in different use cases for example you could convert it to a base64 for use in a web environment now the way that you're going to get a resources profile photo is if you're using the Microsoft graph API you go to the slash photo dollar value endpoint on the resource so for example for the currently signed in users profile photo you can access it by going to graph Microsoft comm slash v10 slash me slash photo slash dollar value you can do the same thing though the same operation using the Microsoft graph net SDK by just going to the me dot photo endpoint or API now that's just gonna give you access to the actual photo itself not the binary data for the photo now certain photo sizes can be requested using Microsoft graph the supported sizes of HD photos on office 365 are the following as you see there on the screen in the slide now you can get the metadata of the largest available photo or specify a size to get the metadata for that specific photo size if the size that you request isn't available you can still get a smaller size that the user has uploaded and made available now for example let's say the user uploads a photo that is 504 by 504 pixels in size but all but the 600 in this case all except for the 648 by 648 size of the photo is going to be available for download or in the case you see them on the side of 550 by 550 is available in all sizes except for one that's bigger now to get a specific photo size you can use the actual resolution of the photo in the URL as you see there on the slide so you could say me slash photos 48 by 48 slash dollar value to get the smaller size of the photo now when you use the photo slash dollar value an endpoint to get the binary data for a photo you're gonna need to convert the data into a base64 string for example to add it to an email attachment you can also save the binary stream to the local disk and if you want to save it as an image so that's just one of the ways that you can end up doing this now the following code that you see here is going to use the dotnet SDK for Microsoft graph to request a profile photo from the current signed in user and save it to the disk as a jpg file so you see here we're getting the photo by going to me dot photo dot content and that's how we're getting the actual data value and the binary value binary content of the photo I'm then going to create a file locally on my machine and then I'm gonna save the file from the Microsoft graph to the local file using a file stream now each user resource has an additional referenced resources such as their email messages at slash messages their slash events and even for file as you can go to slash Drive and we talked a little bit about that in the previous section now one of the resources that's linked off of the user resource is the users manager the manager property on a user resource is returned as a directory object type and if you're using one of the native Microsoft graph SDKs it should automatically convert the type to a user object but if not you can always cast it as a user object because you can expect that's what you're getting back so here's the the Microsoft graph net SDK equivalent to that so you can see here I'm getting a specific user by their ID and then I'm going to get their manager object I'm gonna get their manager object notice that I'm casting it as a user because that manager object is really a directory object so here I'm actually writing out the user ID the manager's ID the managers display name and their email address and you'll see that these we're gonna do this in the demo and this demo we're gonna use the existing as your ad app that we created in the previous demo and the existing dotnet core console application to call the Microsoft graph and we're gonna show you how to do two things first how do you get access to the profile photo for the current user and then also how can we get some information about say the related user so like say the current users manager so what I'm gonna do here we have the same console app and I've got everything set up the exact same way but I've changed the code a little bit and the code that we've changed is right down here right after we get the the Microsoft graphic service client what I want to show you here is how do we get access to the profile photo I'm gonna show you how to not only to get the photo but then also how to download the photo and save it locally so what I'm gonna do first is let's get a reference to the profile photo so I'm gonna do that by just going to the current user so client up me and then go to the dot photo endpoint now once I've done that let's write out some information about the photos so I've got the idea of the photo I've got something called the media content type as well as the e-tag just some details about the photo itself and you can see what the resulting end point is that'll be generated now once that's done let's go get the photo itself now to get the physical photo this is just a reference to the photo but if I want some information about the specific photo itself or like go get the actual data so like the binary data I use the dot content endpoint here so I've got the content endpoint and what I want to do is I want to download the data from the photo and I want to save it locally into a file so here I've got my the current photo path I'm gonna define so I'm going to do that by creating that going to the current directory and I'm gonna create a brand new file here called profile photo whatever the ID is of the photo dot JPEG I'm gonna create the photo right here so I've got my photo path and then what I'm going to do is I'm going to take the results that we got back from getting the actual content I'm gonna go to the very beginning of the file of the stream and I'm gonna copy out all the data from the stream to the photo file that we just created so once I've done that I'll show you how they have saved the photo and then we'll see what the results look like so this time I'm gonna go and open this up because you're gonna see the photo show up over here on the left so let's go over here and let's do a dotnet build and a dotnet run and let's log in as Adele Adele V and I will use the same password so there we go we got some information about the photo so we can see it's a JPEG there's the e-tag for the photo itself is the 205 240 240 pixel image and then I've saved the photo down here that you can see locally on my machine so first I got photo information by doing the going to flash photo and then basically did the same thing but I got the content endpoint this time and if I look at the photo we will see there we go there's the photo of the person that just signed in and I can even go grab another photo so let's delete this photo and let's try it for a different user just to show that we're not that we're actually getting a real photo so let's go back and let's run this again that was Adele let's go to Meagan Meagan B and then we use the password for Meagan and we got a photo again and there we go we have a totally different photo for this person so here what you do see is how to get the photos now let's go do one more thing let's look a little bit farther down and let's now get information about the current the the current users manager and so first you have to make sure that a manager is actually specified for our user so let's go over and let's find a user so let's take let's see we get Alex will use Alex what sign is Alex and Alex does have a manager so there we go Miriam Graham so copy that his ID let's come back over to the console and let's paste in their user so here we're going to the users endpoint for that specific user and then I'm going to the manager expanded property and getting that value out so I'm going to write out the current user I'm going to write out the manager and the managers display name now notice the manager that comes back that's a directory object that comes back right to the result that I get back from this is going to be a directory object what I'm gonna do is I know that this is a user so I'm gonna cast the directory object as a user and then grab the display name you probably wanna be a little bit more careful with this in production in a real app and make sure that you're not casting it is something that doesn't exist so in this case here I do know that it works so now let's go ahead and run our app and we'll login is the same or did I say Alex so who are using Alex so Alex W is a sign-in so use Alex W Oh there's two ampersands in there that's not what we want there we go and then let's grab password and look so we downloaded Alex's photo as well here we go so there's Alex there's Alex's manager and sure enough there's Mariam Graham and you can see that even got Miriam Graham's email as well grabbing her display name and her email address and you can see with the request that we made so we went straight to the users in point got for that specific user and then I added on the manager at the very end so pretty cool makes it nice and makes it nice and easy so in this demo you saw how to get access to the current user or a users photo download and save that file locally and then you also saw how to get one of the navigation properties of related entities from the current user and specifically we got the current users manager in this section we're going to learn how to modify users using Microsoft graph and specifically we're going to see how to create update and delete users and the permissions that are required to do these different operations so the Microsoft graph has support for creating updating and deleting users within your organization and when you're creating or updating a user the HTTP request body is going to contain the user to create or update this is typically submitted as a JSON object as a string form and when creating a user there you must specify some required properties for that user at a bare minimum you can optionally specify any other writable properties when you create the user now to create a user you're gonna submit a request to the users endpoint as an HTTP POST with the request header content type that you're going to set that to application slash JSON and the body that requests it should include a JSON object in the string format with the following required properties that you see here the account enabled boolean property display name mail nickname a password profile object and the user profile name so here's what it looks like if you're using the Microsoft graph API endpoint to do this and those were issuing an HTTP POST to the user's collection and we're using the content-type application / JSON and this is how I do it if I was using the Microsoft graph dotnet SDK so I'm getting an instance of the graft service client I'm creating a new user object and then we're going to create the user by going to the users collection and then passing in and add a sync and passing user into it now you can also update an existing user with Microsoft graph that's very similar to creating a new user there are some subtle differences though first the request header should be sent as an HTTP patch instead of a post and the reason for that is because if you use a post it's gonna going to update everything but everything that you leave off is gonna be nald out second the requests should be submitted to the endpoint of the user resource to update not the general slash users endpoint and you need to include a JSON object that is sent as a string in the body of the request because that skin should include all the properties that you need to update just like if you are doing a create operation so if I was doing this with the dotnet SDK you can see here we're doing it some more thing I'm creating a user object but the difference is is I'm getting a reference to a specific user in this case me and then I'm submitting the new user object that I want to patch using the update async method now to delete an existing user it's similar to updating except you're not sending a payload and the request should be an HTTP delete so here you can see both the API version using the Microsoft graph API you just issue an HTTP delete to the endpoint with the content type equal to application slash JSON which that's really not necessary because not really submitting anything and then the last part is the dotnet SDK and here I'm getting a reference to a specific user and calling delete async this is the user grab Microsoft craft users module lab number or demo number three and this demo you're going to modify an existing azure ad app registration using the azure active directory admin center and we're gonna use our existing asp.net or sorry dot and our dotnet core console application to use the Microsoft graph to create update and delete users within our organization now in order to do this the first thing we need to do is we need to go modify our azure ad application that we've been using and I need to go add a new permission to it because we only have been reading stuff we have not been writing anything so we're gonna have to go to our API permissions and we're gonna add a new permission and this is this permission is going to be the users or user dot read/write dot all permission there we go so now we can write full permissions so I'll say that and now the next thing I do we have to go in and grant access to this just like we have for the other demos so I'll do open up the admin consent endpoint and we'll accept it and we will wait for it to grant that permission here we can see that the permission has now been granted so now let's come back over to our net console out and if I look at the program dot CS file so this is just like what we've seen from our previous demos but notice here that we have our user dot read/write dot all permission we that we've specified and I'm gonna go make one more change to this just because that will speed things up otherwise this is a watch setting and we're not gonna change our configuration so that will just speed it up a little bit all right so let's take a look at this so what are we doing so all the code is basically the same as our previous demos so the first thing we're going to do is let's comment out all of this which is updating a user and let's go create a brand new user so how is that gonna work so after we have a authenticated version of the Microsoft graft service client I'm then going to pass in the configuration which has our app ID and secret or sorry our app ID and tenant ID and the username and password of the current user and then I'm going to call in create user async and pass in our graph client so where is that so create user async is right here what we're gonna do is gonna create a new user and our new user is going to be named Melissa Darrow right and so there's Melissa Darrow and we're going to specify her email address we have a nickname for for mail that's kind of like the the alias the first part of your email have to specify her password so we're just gonna make something very simple and then I'm gonna go get to the users endpoint and call add a sync on that users endpoint to go create that user so that what that'll do is then we will then it'll pass back an asynchronous task that we will wait for it to finish and then write out the new users ID so let's see this in action so I'm going to come over to my console I'll do a dotnet build and a dotnet run but before we do that let's come over here to our users listen let's make sure we don't have a user named Melissa Darrow so let's do a search for Melissa and we see we have no users named Melissa all right so let's come back over to our console and let's run the app we're gonna log in as an administrator passing the administrator passing the password there we go so new user was created okay now let's come back over here and let's now do a search so I'm into a hard refresh the page to make sure there's no caching involved and let's do a search for Melissa and there we go there's our new user of Melissa Darrow that's kind of cool so we got our new user it's all been set up got our names been set up her passwords been set her email has been set as out as well so everything's in pretty good shape so now let's go back and let's look at our code and the next thing that we're gonna want to do is let's go modify the user so what we're gonna do is let's go first let's go modify our user and the way we're gonna do that is I'm first gonna find Melissa so I don't let's just say that no order ID was I'm gonna go go to the users endpoint I just want her ID and then find it by doing a filter on her on her UPN and go find that user it doesn't give me a collection of users back but I know there's only one there so what I'm then gonna do is I'm then gonna go update her phone number so the way I'm gonna do that is passing in the graft client and her ID so if I come back over here to this this app or this method I'm gonna change her mobile phone number to the universal test number so the five five five five five five one two one two and just to be sure let's go over and look and make sure we do not have a mobile number set for so sure enough we we don't have a mobile number set for her just yet so if I come back over to my console app and let's go run this actually we before we run this we actually need to save our changes there we go so now everything's saved now we can run it now something is actually going to happen and we'll paste in the password there we go so now the users been updated so let's go double check on that so let's go let's go back over here to a list of all of our users we will find Melissa let's add arrow and this can take a minute for the data to show up but it showed up right away so there we go we have updated her phone number to five five five five five five one two one two fantastic now what you saw then in this demo well let's see it was there one more oh we want to I want to show you one more thing and that is how do you delete a user so let's delete a user and we're gonna use the same Melissa so we're gonna get our user as we saw earlier and then I'm gonna delete or by calling delete user async and to delete a user that's very simple you're just gonna get a reference to your user and instead of calling update async I'm gonna call delete user or delete async after I fetch the specific user so let's see this so come back over here to the console we will run this again dotnet rotten I will pass in the username and the password there we go so Melissa should be deleted let's go back to all of our users and we'll do a search for Melissa and know Melissa has been found Melissa's been deleted so there you saw the entire lifecycle of a user in this demo how to create a user how to modify an existing user and also how to delete a user using the Microsoft graph net SDK but you can do all the same stuff using the Microsoft graph API the raw rest API as well so thank you for taking the time to watch this module in this module we talked about working with the users collection with Microsoft graph both from accessing users accessing the profile photos referent related information such as the manager and then finally how to modify create and delete existing users I hope you got a lot out of this module and learned a lot about working with the Microsoft graph