Getting started with Logic Apps: Part 2 - Querying MS Graph using an Azure app
In this post we will see how to query Intune resource from a Logic App by using an Azure app registration.
Blog series
In the first part we ave seen how to create our first Logic App.
Now we will use it to authenticate to MS Graph through an Azure app.
Creating the Azure Application
1. Go to App registrations
2. Click on New registration
3. Type a name
4. Let other fields by default
5. Click on Register
Adding permissions
Here we want to add some permissions to our Azure Application.
Those permissions will be used by our Logic App to execute some MS Graph request.
This way the Logic App will use the Azure app to execute some actions instead of using some specific credentials.
Here we want to get information about devices in Intune. For this the appropriate resource to use is DeviceManagementManagedDevices.
We want to to get info meaning read info, so the appropriate permission is the following one: DeviceManagementManagedDevices.Read.All
We will proceed as below:
1. Go to API permissions
2. Click on Add a permission
3. Choose Microsoft Graph
4. Choose Application permissions
5. Choose your permission
6. Click on Add permissions
7. Click on Grant admin consent
Creating a secret
Here we want to configure a secret for our Azure Application.
This secret will be used as a password in our Logic App to execute MS Graph request.
We will proceed as below:
1. Go to Certificates & Secrets
2. Go to Clients secrets
3. Click on New client secret
4. In description type a name
5. Choose when it should expire
6. Click on Add
Ok you will say it's not really safe to store the secret like this, that's why in the next posts we see how to secure it by using secret from a key vault or authenticating through a managed identity.
Graph query in Logic App
Now let's create the Logic App first. We will proceed as below:
1. Go to Logic Apps
2. Click on Add
3. Choose a subscription
4. Choose a resource group
5. Type a name
6. Choose a Region
7. Select Consumption
8. Click on Review + Create
9. Go to Logic App Designer
10. Click on recurrence
11. Choose your schedule
We will then query MS Graph through our Azure app.
For this, we need to add a new step to do a HTTP request. This step is called HTTP.
We will proceed as below:
1. Click on New step
2. Choose HTTP
3. In Method select GET
4. In URI type the MS Graph resource URL
5. In our case it's https://graph.microsoft.com/beta/deviceManagement/managedDevices
6. Clic on Add new parameter
7. Check Authentication
8. Select Active Directory OAuth
9. In TenantID, type your tenant id
10. In Audience, type https://graph.microsoft.com
11. In Client ID, type the client id of the azure app
12. In Credential type, choose Secret
13. In Secret, type the secret of the azure app
14. Save the app
Now we will run the Logic App to check if the query and HTTP step work. We will also need to copy the body provided by the HTTP step.
We will proceed as below:
1. Click on Run trigger > Run
2. When it's finished go to the HTTP step
3. Go to the Body part
4. Copy content
We will use the body content in the Parse JSON part (just below).
Now we will add a Parse JSON step, as below:
1. Click on New step
2. Type Parse JSON
It's a component of Data operations
3. Select Parse JSON
4. Click on Content
5. Go to Dynamic content and type Body
6. Select Body from Dynamic content
7. Click on Use sample payload to generate schema
8. Paste JSON content copied before
What's next ?
In the next post we will how to use an Azure app for our MS Graph queries without providing in plain text the app info (client id and secret). Indeed we will store those info to a Key Vault and use it in our Logic App.
Enregistrer un commentaire