Microsoft Active Directory
Microsoft Active Directory and Microsoft Entra ID provide identity and access management for organizations of all sizes. Microsoft Graph API is the unified REST API gateway for accessing and managing Microsoft Entra ID (formerly Azure Active Directory), including users, groups, applications, devices, conditional access policies, identity governance, and directory administration. Legacy on-premises Active Directory is managed through LDAP, Kerberos, and PowerShell protocols; cloud identity is managed through Microsoft Graph.
APIs
Microsoft Graph Users API
Manage the entire lifecycle of users in Microsoft Entra ID, including creating, reading, updating, and deleting user accounts, managing licenses, group memberships, authenticati...
Microsoft Graph Groups API
Create and manage Microsoft Entra security groups, Microsoft 365 groups, and distribution lists. Manage group memberships, owners, and settings. Groups enable efficient entitlem...
Microsoft Graph Applications and Service Principals API
Register and manage Microsoft Entra applications and their associated service principals programmatically. Configure app permissions, OAuth2 permission grants, app role assignme...
Microsoft Graph Devices API
Manage devices registered or joined to Microsoft Entra ID, including Entra joined, Entra registered, and hybrid Azure AD joined devices. Retrieve BitLocker recovery keys and Loc...
Microsoft Graph Directory Roles and Administrative Units API
Manage Microsoft Entra built-in and custom directory roles, role assignments, and role-scoped administrative units. Assign administrator roles to users, groups, or service princ...
Microsoft Graph Conditional Access API
Create and manage Microsoft Entra Conditional Access policies that enforce access controls based on user, location, device, and risk signals. Configure named locations, authenti...
Microsoft Graph Identity Governance API
Manage Microsoft Entra ID Governance features including access reviews, entitlement management (access packages, catalogs, and policies), Privileged Identity Management (PIM) fo...
Microsoft Graph Identity Protection API
Detect, investigate, and remediate identity-based risks using Microsoft Entra ID Protection. Access risk detections, risky users, risky service principals, and risk events, and ...
Microsoft Graph Authentication Methods API
Manage authentication methods registered for users in Microsoft Entra ID, including FIDO2 security keys, Microsoft Authenticator, phone (SMS/voice call), email OTP, Windows Hell...
Microsoft Graph Identity and Access Reports API
Access audit logs, sign-in logs, provisioning logs, and identity-related reports for monitoring, compliance, and troubleshooting. Stream logs to Azure Monitor and Log Analytics ...
Capabilities
Microsoft Active Directory Identity Management Operations
Unified workflow for managing Microsoft Entra ID (Active Directory) identity and access operations including user lifecycle management, group management, and application registr...
Run with NaftikoFeatures
Single REST endpoint (graph.microsoft.com) for all Microsoft Entra identity and directory operations.
Full CRUD operations for user accounts including bulk operations, license assignment, and guest management.
Create and manage security groups, Microsoft 365 groups, and dynamic membership groups.
Programmatic app registration, permission configuration, and service principal management.
Create, update, and evaluate Conditional Access policies via API for Zero Trust enforcement.
Just-in-time role activation, time-bound access, and PIM policy management via API.
Access risk signals, risky users, and risk detections for automated threat response.
Manage MFA and passwordless authentication methods registered for users.
Programmatic access to audit logs, sign-in logs, and provisioning logs for SIEM integration.
Access reviews, entitlement management, and lifecycle workflows for automated IAM.
Use Cases
Automate user account creation, attribute updates, and deprovisioning for HR-driven identity lifecycle.
Programmatically deploy and manage Conditional Access policies across the organization.
Stream audit logs and sign-in events to security information and event management systems.
Automate app registration, permission grants, and app role assignments for developer self-service.
Detect and respond to risky sign-ins and compromised accounts via Identity Protection APIs.
Generate access reviews, entitlement reports, and audit logs for regulatory compliance.
Enforce just-in-time privileged access and audit role assignments via PIM APIs.
Integrations
Microsoft Entra ID (formerly Azure AD) is the cloud identity backbone accessed via Microsoft Graph.
Microsoft Graph provides unified access to Microsoft 365 user data alongside identity operations.
Stream Microsoft Entra sign-in and audit logs to Azure Monitor Log Analytics for analysis.
Feed identity risk signals and audit logs into Microsoft Sentinel SIEM for threat hunting.
Microsoft Graph Intune APIs integrate device management with identity policies.
Automate user provisioning to SaaS applications using Microsoft Entra SCIM provisioning.
Register and manage federated applications using SAML 2.0 and OpenID Connect via Microsoft Graph.