Microsoft Security | Microsoft Graph
An API that connects multiple Microsoft services, enabling data access and automation across platforms
User.ReadBasic.All when using any organizational directory and personal account
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 7.000000000000001%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJH%3C/text%3E%3C/svg%3E)
Jon Harper
0
Reputation points
Hi, when using the /common oauth2 endpoint (any organization or personal account) to log in users,
is it possible to fetch the firstname/lastname of other users that have used my application? I can get the name of the current logged in user from the openidconnect userinfo endpoint. But when I try to request the User.ReadBasic.All scope, the returned token doesn't contain it. And When I call the graph API,
GET https://graph.microsoft.com/v1.0/users/XXXX
it only returns information about the currently logged in user no matter what user id id I use in the path.
What is the recommended approach to show to my users the names of the other users that have used my app ? A workaround is to always copy the information of the logged in user one user at a time, but this feels like a bad practice.
Microsoft Security | Microsoft Graph
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 7.000000000000001%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC3%3C/text%3E%3C/svg%3E)
Carolyne-3676 1,136 Reputation points2025-02-11T18:54:04.35+00:00 In deed the User.ReadBasic.All permission allows an application to read the full profile of all users in the directory. This includes their first name, last name, and any other fields exposed by the User resource in Microsoft Graph. As far as I have used Graph, there is no way currently to directly pull users who have ever signed in to the application. You would need to implement code to fetch user details periodically and store them somewhere each time a user signs in. The sign in logs are limited at the moment to 30 days unless you would like to pull these reports every thirty days and continue to monitor application sign in logs-the remove duplicates if need be.
Sign in to comment
Sign in to answer