What else can I create with Azure AD

Question

Hello

I created application in Azure AD that sends emails. I'm able to get use of OAuth 2.0 log person send (think also read mails)

But what else can I do ?

Some options?

Answer 1

Hello @Wojciech Sobiesiak !

1. Regarding Microsoft Graph API and sending emails:
   • The Microsoft Graph API endpoint https://graph.microsoft.com/v1.0/me/messages is primarily used for accessing messages in a mailbox, not for sending them. To send emails using the Graph API, you typically use https://graph.microsoft.com/v1.0/me/sendMail. The Outlook endpoint you mentioned, https://outlook.office.com/api/v2.0/me/sendmail, is from the older Outlook REST API, which while functional, is not recommended for new applications as Microsoft is pushing developers to use the Graph API.
2. Regarding creating an internet shop with Azure AD:
   • Azure Active Directory (Azure AD) is Microsoft's cloud-based identity and access management service. It's not a platform for creating online stores per se. However, Azure AD can be used to authenticate and authorize users of your online store, if that's what you're aiming for. If you're looking to create an online store:

        1. You'd typically use an e-commerce platform (like Magento, Shopify, WooCommerce, etc.).
     
              1. You might host it on Azure (or any other cloud provider).
     
                    1. You could integrate Azure AD if you wanted enterprise-grade user authentication and authorization.
     
                    The structure would involve e-commerce software to handle products, orders, and customer management, hosting services to keep your site online, and then Azure AD (or other identity services) for user management.
     
                     The structure would involve e-commerce software to handle products, orders, and customer management, hosting services to keep your site online, and then Azure AD (or other identity services) for user management.
     

     . For the OAuth 2.0 system you built:
     • If your system starts the OAuth 2.0 authorization process, manages access tokens, and modifies output files based on tokens without the use of sessions and stores data in encoded files on the HD, it seems like you've built a custom OAuth 2.0 client-side implementation with persistent storage.

           - The use of encoded files on the HD for storing client data is unique and does raise security concerns, especially when dealing with sensitive OAuth tokens.
       
           - You could call it a "File-based OAuth 2.0 Client Implementation" or a "Persistent OAuth 2.0 Token Manager". However, ensure that storing tokens or any sensitive data on disk is encrypted and secured.
       

     1. Let me know if there is anything else i can help !
     2. I hope this helps!
     3. Kindly mark the answer as Accepted and Upvote in case it helped!
     4. Regards

Answer 2

Hello @Wojciech Sobiesiak !

Really the sky is the limit !

You can Manage Users and Groups , edit profiles , assign users to groups etc

You can read & write files on OneDrive/Sharepoint

You can access and manage contacts

Access Security Alerts

Create add ons for Office 365 Apps

Manage Devices and the list goes on!

Have a look :

https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis

https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-application-management

https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/five-steps-to-full-application-integration?source=recommendations

I hope this helps!

Kindly mark the answer as Accepted and Upvote in case it helped!

Regards

Answer 3

Konstntinos Passadis, thanks for answer 2 more questions 1) is it normal that I completly can't use graph https://graph.microsoft.com/v1.0/me/messages to send messages? and need to use https://outlook.office.com/api/v2.0/me/sendmail which works? (and also I think some issues with https://outlook.office.com/api/v2.0/me/messages).

2. Is it posssible to create internet shop with Azure AD? If what structure would it be?(You wrote "write files") - so this is what I need.

Just need to see "bigger picture" of it.

Answer 4

Konstntinos Passadis I have one more question

You wrote "ustom OAuth 2.0 client-side implementation with persistent storage." what does mean this phrase "Failed to get session key" in this error ?

Email sending failed with status code: 401 Response: {"error":{"code":"InvalidMsaTicket","message":"ErrorCode: 'PP_E_RPS_CERT_NOT_FOUND'. Message: ' Internal error: spRPSTicket->ProcessToken failed. Failed to call CRPSDataCryptImpl::UnpackData: Internal error: Failed to decrypt data. :Failed to get session key. RecipientId=292841. spCache->GetCacheItem returns error.:Cert Name: (null). SKI: b219e529469cc90e5028ea9c506474d1e18b767c...'","innerError":{"oAuthEventOperationId":"fb84e15a-8970-44e8-87c7-a659ce7ba5fb","oAuthEventcV":"3OtExmmJ/OHzGkDTAiRdrQ.1","errorUrl":"https://aka.ms/autherrors#error-InvalidMsaTicket","requestId":"c644ebdc-8969-e1fc-f31a-40d302245dad","date":"2023-08-23T06:07:51"}}}