Office deployment tool -Importing cloud id user data from external tenant
Background
For some cases, there is a need to transfer external cloudID data of users to our DB , when the information is not available. This is needed for example when communicating between a GGCH and a commercial tenant.
The software should be run by the external tenant to create a list mapping cloudID with other user info such as email and UPN and then imported into SphereShield Admin portal DB.
How to use the deployment tool
Exporting the list should be done by the external tenant. External tenant admin can use directly Graph explorer as explain below or use SphereShield Office deployment tool when you have many users.
Using the Deployment tool requires to create an azure app by the external tenant admin as explained below.
Using Office Deployment tool
At first you need to create an Azure app and then run the tool
Setting up Azure app
Sign in to the Azure portal.
At the top, you'll see a search box. Find App Registrations and click it
Click on New Registration:
When the Create page appears, enter your application's registration information:
Name: Enter a meaningful application name such as “SphereShield export users”
Redirect URI: Public client/native: "https://localhost"
When finished, click Register.
4. Click on API permission in the side menu
5. Click the Add a permission button
6. Select Microsoft Graph and then Delegated Permissions
7.Make sure you have added all of these permissions:
8. Don't forget to grant admin consent - at the top right of the picture above.
9.Click on Authentication in the side menu
10. Add platform at the top of the page
11 . Choose mobile and desktop applications
12. In the Redirect URIs section, select https://login.microsoftonline.com/common/oauth2/nativeclient
and in Custom redirect URIs add ms-appx-web://microsoft.aad.brokerplugin/{client_id}
where {client_id}
is the application (client) ID of your application.
13.Select Configure
14.Scroll down to the Advanced Settings section. Set Enable the following mobile and desktop flows to Yes
15. Don’t forget to click save
Exporting the user list using the tool
Download and extract the tool from here. https://downloads.agatsoftware.com/Office Deployment Tool 1.1.0.0.zip
When starting the tool , At the “configuration” tab don’t forget to put Client id of the azure app and Tenant id in the required area.
Then in the “Get Users” tab you can either get all users by clicking the “Get all users ” button or filter to specific users by using the “Get user by UPN”.
After running the get click on the export to file and send the file to the customer
Getting user list directly from Graph API
Instead of using the tool, you can run a query directly in Graph API and copy the results into a text file .
This is only if you have less then a 1000 users. If you have more than a 1000 users you should either use the tool or append other users to the same file while removing the headers of the extra file so all elements are under the value node.
Go to here:
https://developer.microsoft.com/en-us/graph/graph-explorer
Sign in
Then past the following
https://graph.microsoft.com/v1.0/users/?$select=id,mail,userPrincipalName,displayName&$top=999
into the query field and press Run.
Copy the results into a file and send to the customer .
Getting details of a specific user by UPN with graph API
Go to here:
https://developer.microsoft.com/en-us/graph/graph-explorer
Sign in
Past the following query:
https://graph.microsoft.com/v1.0/users/[yourUPN]
For example:
https://graph.microsoft.com/v1.0/users/davide@agatsoftware.com
Import users process :
This should be done by the internal company.
1.Download and extract the tool from here.
2. In the tool “configuration” tab , please add connection string .
3. In “Get users tab” please choose “Import to db” and select the requested .txt file.
4. If from any reason you struggle to import to db , exit and re enter to tool please.