readme.md

Call Microsoft Graph from Azure Function using Azure Managed Identity

This scenario demonstrates how you can use Azure Managed Identity to return a list of Office 365 Groups from the Microsoft Graph without needing to pass any credentials.

It also guides you through how you can create and configure a service principal for local development.

Prerequisites

This scenario requires

• Active Azure Subscription
• Azure PowerShell Module
• Windows PowerShell
• Azure CLI v2.8.0
• Office 365 CLI v2.11.0

Azure Function App Deployment

Active login to Azure CLI & Office 365 CLI is assumed

1. Open PowerShell prompt
2. Execute .\deploy.ps1 to deploy Azure resources

Azure Function App Managed Identity

1. Managed Identity is enabled as part of the deployment

Grant Microsoft Graph App Role to Managed Identity Service Principal

1. App Role is assigned as part of the deployment

Create Service Principal & Self Signed Certificate for Local Development (Windows)

1. Connect to Azure using Connect-AzAccount cmdlet
2. Execute ./localcert.ps1
3. Take a copy of the output values

Do not use PowerShell Core for this script, it will complete but the identity will not work

Update Development Settings

1. Open local.settings.json
2. Update LocalDevAppId value with App Id
3. Update LocalTenantId value with Tenant Id
4. Update LocalThumbprint value with Thumbprint