Microsoft Graph Proxy Function
Summary
Microsoft Graph contains an enormous amount of information that might be useful to show in a Power BI report. Up until May 31st, 2018 this was possible out of the box, but it stopped working (issue report).
This solution is a temporary workaround until Microsoft fixes the issue or releases a dedicated Microsoft Graph connector for Power BI.
How it works
The code is an Azure Function that accepts any get request and passes the request on to the Microsoft Graph. Upon receiving the result, some transformation is done to make sure subsequent requests (eg. paging) get send through the Azure Function (instead of directly to the Microsoft Graph).
Examples
GET https://{function-app-name}.azurewebsites.net/v1.0/users
GET https://{function-app-name}.azurewebsites.net/v1.0/users?$select=id,displayName
GET https://{function-app-name}.azurewebsites.net/beta/teams/{teamId}
More information
Detailed explanation coming soon in a blogpost on https://yannick.reekmans.be
Disclaimer
THIS CODE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT.
Getting started
Installation
- Create an Azure Function App in the Azure Portal
- Clone the repository
- Deploy the code into the newly created Azure Function App
- In the Azure Portal, open the Function App
- Underneath Settings, open Identity
- Select tab System assigned
- Set Status to 'On'
- Save
- Open Authentication
- Select: 'Add an identity provider':
- Identity provider: 'Microsoft'
- App registration type: 'Create new app registration'
- Supported account types: 'Current tenant - Single tenant'
- Restrict access: 'Require authentication'
- Unauthenticated requests: 'HTTP 401'
- Select: 'Add'
- Open Authentication
- Edit the identity provider that was created in the previous step:
- Allowed token audiences, make sure you have two entries (amek sure you use the correct URL of your function app):
- Save
- In the Azure Portal, create a KeyVault
- While creating
- Open Access policies
- Add new
- Select principal: 'Name of your Function App'
- Secrets permissions: 'Get'
- Close blades, click Create
- Open the new Azure Key Vault
- Copy and store the url for later
- Secrets
- Click Generate/Import
- Upload options: 'Manual'
- Name: 'ClientSecret'
- Value: 'the secret from the Azure AD Application step'
- Content type: 'leave empty'
- Set activation date? 'Unchecked'
- Set expiration date? 'Unchecked'
- Enabled? 'Yes'
- Click Create
- In the Azure Portal, open the Azure Function App
- Open Platform features
- Open Application settings, add the following keys with values:
Assign permissions to Microsoft Graph
- In the Azure Portal, open Azure Active Directory
- Open App registrations, and find Microsoft Graph Proxy Function in the list
- Open the Settings and go into Permissions
- Add Microsoft Graph as API and select the required permissions.
- Application Permissions when UseApplicationPermissions is true, and you want the Azure Function to connect to the Microsoft Graph
- Delegated Permissions when UseApplicationPermissions is set to false, and you want to access the Microsoft Graph on behalf of the logged in user
Using in Power BI Desktop
- Add a data source, select OData.
- Enter the url of the Azure Function and append the Microsoft Graph query
- When asked for authentication, select Organizational Account and enter the credentials of a user account.
Known issues
- Access reports as JSON from the /beta endpoint results in a parsing issue in Power BI. Since the function is just passing through information, this issue is probably caused by Microsoft Graph or Power BI
- Accessing large datasets might result in a
429 Too Many Requests response. Power BI doesn't handle this gracefully and just errors out.