How to retrieve Azure Users, password requirements, guest users, custom roles using API

Rahul Nair 86 Reputation points
2022-01-13T07:53:32.067+00:00

Hey everyone, I'm working on Azure CSPM. I have few checks to code.. One being "Ensures that all Azure passwords require uppercase characters". I know this information is stored in the users api which is "https://graph.windows.net/myorganization/users?api-version=1.6"

Now, for the other APIs, I used this code:

import http.client
import json
import requests


def get_token():
    r = requests.post("https://login.microsoftonline.com/TenantID/oauth2/token",data={"grant_type": "client_credentials","client_secret": "xxxxxxxxxxxx","client_id": "xxxxxxxxxx","resource": "https://management.azure.com"})
    ret_body = r.json()
    return ret_body['access_token']

token = get_token()
headers = {'Authorization': 'Bearer ' + token}
conn = http.client.HTTPSConnection('management.azure.com')
conn.request("GET", '/subscriptions/subscriptionid/providers/Microsoft.DBforPostgreSQL/servers?api-version=2017-12-01', "", headers)
response = conn.getresponse()
server_data = response.read()
server_data = server_data.decode('utf-8')
server_data = json.loads(server_data)
print(server_data)

and yes i havent written the tenant id, client id etc here. But I've written it on my code. Can somebody help me retrieve the user data? It has to be done only using python btw.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,847 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,398 questions
{count} votes

1 answer

Sort by: Most helpful
  1. CarlZhao-MSFT 41,286 Reputation points
    2022-01-13T09:13:10.777+00:00

    Hi @Rahul Nair

    You can call https://graph.microsoft.com/beta/users?$expand=appRoleAssignments api endpoint to list all users of Azure ad (including guest users), custom appRoles and passwordProfile.

    First, you need to grant the User.ReadWrite.All application permission to your application, and then modify the key parameters in your script.
    1.
    164646-image.png
    2.
    164647-image.png

     import http.client  
     import json  
     import requests  
                  
     def get_token():  
         r = requests.post("https://login.microsoftonline.com/TenantID/oauth2/token",data={"grant_type": "client_credentials","client_secret": "xxxxxxxxxxxx","client_id": "xxxxxxxxxx","resource": "https://graph.microsoft.com"})  
         ret_body = r.json()  
         return ret_body['access_token']  
          
     token = get_token()  
     headers = {'Authorization': 'Bearer ' + token}  
     conn = http.client.HTTPSConnection('graph.microsoft.com')  
     conn.request("GET", '/beta/users?$expand=appRoleAssignments', "", headers)  
     response = conn.getresponse()  
     server_data = response.read()  
     server_data = server_data.decode('utf-8')  
     server_data = json.loads(server_data)  
     print(server_data)  
    

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.