Microsoft Graph provides programmatic access to a wealth of data that can be used to better inform decision-making during threat detection and response. You can use information such as Outlook emails, organizational structure, advanced threat analytics, and more in your security automation program.
First, create an Microsoft Graph Credential in Tines
Login to your Tines tenant
Navigate to the team that will be using the API and click "Credential"
Click "+ New Credential" and select "OAuth 2.0"
Copy the "Callback URL"
Next, create an Azure application
Next, you'll need to register a new Azure application in app registrations.
Under "Redirect URI (optional)", select "Web" and paste your "Callback URL" you copied earlier.
Next, in your application, navigate to Certificates & secrets > Client secrets and click on the "New client secret" button to create a client secret. Copy the secret to use later.
Next, navigate to API permissions and click on "Add a permission" to add the required permission (see Microsoft Graph permissions).
Microsoft Graph exposes two types of permissions: Delegated and Application (see Overview of Microsoft Graph permissions)Delegated permissions (also called scopes) are permissions that allow an application to act on behalf of a signed-in user. However, the application will never be able to access anything the signed-in user couldn't access.
If you select delegated permissions, you'll need to use the grant type "Authorization code" when configuring the OAuth 2.0 credential in Tines.
Always include “offline_access” permissions. This scope will allow Tines to request fresh access tokens as necessary.
Application permissions (also called app roles) are permissions without a signed-in user present. The application will be able to access any data that the permission is associated with.
If you select application permissions, you'll need to use the grant type "Client credentials" when configuring the OAuth 2.0 credential in Tines.
Next, you may need to click “Grant Consent” as an administrator for some or all permissions, i.e. application permissions and high-privilege delegated permissions (see Consent).
Next, navigate to Overview and click "Endpoints".
Copy the endpoints for "OAuth 2.0 authorization endpoint (v2)" and "OAuth 2.0 token endpoint (v2)".
Lastly, finish creating the Microsoft Graph credential in Tines
Authorization code grant type
Input the values for the Microsoft Graph credential
Name: Required
Description: Optional
Client ID: "Client ID" found in your application (see screenshot below)
Client secret: "Client secret" created earlier
Scope: <this should reflect your applications API permissions created earlier, with each scope separated by a space>
OAuth Provider: Manual
Grant type: Authorization code
OAuth authorization request URL:
https://login.microsoftonline.com/<Directory tenant ID>/oauth2/v2.0/authorize<the OAuth 2.0 authorization endpoint (v2) you copied earlier>PKCE challenge method: None
OAuth token URL:
https://login.microsoftonline.com/<Directory tenant ID>/oauth2/v2.0/token<the OAuth 2.0 token endpoint (v2) you copied earlier>
Domains:
graph.microsoft.comAccess: What other teams can also use the API
When you click "Save", you will asked to pick an Microsoft account to authorize.
Client credentials grant type
Input the values for the Microsoft Graph credential
Name: Required
Description: Optional
Client ID: "Client ID" found in your application (see screenshot below)
Client secret: "Client secret" created earlier
Scope:
https://graph.microsoft.com/.defaultOAuth Provider: Manual
Grant type: Client credentials
OAuth token URL:
https://login.microsoftonline.com/<Directory tenant ID>/oauth2/v2.0/token<the OAuth 2.0 token endpoint (v2) you copied earlier>
Domains:
graph.microsoft.comAccess: What other teams can also use the API
Click "Save"
For more on creating credentials in Tines, click here.
You can find a selection of Microsoft Graph stories in the story library