Office deployment tool -Importing cloud id user data from external tenant

1 Background
2 How to use the deployment tool
- 2.1 Using Office Deployment tool
- 2.2 Exporting the user list using the tool
3 Getting user list directly from Graph API
4 Getting details of a specific user by UPN with graph API
5 Import users process :

Background

For some cases, there is a need to transfer external cloudID data of users to our DB , when the information is not available. This is needed for example when communicating between a GGCH and a commercial tenant.

The software should be run by the external tenant to create a list mapping cloudID with other user info such as email and UPN and then imported into SphereShield Admin portal DB.

How to use the deployment tool

Exporting the list should be done by the external tenant. External tenant admin can use directly Graph explorer as explain below or use SphereShield Office deployment tool when you have many users.

Using the Deployment tool requires to create an azure app by the external tenant admin as explained below.

Using Office Deployment tool

At first you need to create an Azure app and then run the tool

Setting up Azure app

Sign in to the Azure portal.
At the top, you'll see a search box. Find App Registrations and click it

Click on New Registration:

When the Create page appears, enter your application's registration information:

Name: Enter a meaningful application name such as “SphereShield export users”

Redirect URI: Public client/native: "https://localhost"

When finished, click Register.

4. Click on API permission in the side menu

5. Click the Add a permission button

6. Select Microsoft Graph and then Delegated Permissions

7.Make sure you have added all of these permissions:

8. Don't forget to grant admin consent - at the top right of the picture above.

9.Click on Authentication in the side menu

10. Add platform at the top of the page

11 . Choose mobile and desktop applications

12. In the Redirect URIs section, select https://login.microsoftonline.com/common/oauth2/nativeclient and in Custom redirect URIs add ms-appx-web://microsoft.aad.brokerplugin/{client_id} where {client_id} is the application (client) ID of your application.

13.Select Configure

14.Scroll down to the Advanced Settings section. Set Enable the following mobile and desktop flows to Yes

15. Don’t forget to click save

Exporting the user list using the tool

Download and extract the tool from here. https://downloads.agatsoftware.com/Office Deployment Tool 1.1.0.0.zip
When starting the tool , At the “configuration” tab don’t forget to put Client id of the azure app and Tenant id in the required area.
Then in the “Get Users” tab you can either get all users by clicking the “Get all users ” button or filter to specific users by using the “Get user by UPN”.
After running the get click on the export to file and send the file to the customer

Getting user list directly from Graph API

Instead of using the tool, you can run a query directly in Graph API and copy the results into a text file .

This is only if you have less then a 1000 users. If you have more than a 1000 users you should either use the tool or append other users to the same file while removing the headers of the extra file so all elements are under the value node.

Go to here:
https://developer.microsoft.com/en-us/graph/graph-explorer

Sign in

Then past the following

https://graph.microsoft.com/v1.0/users/?$select=id,mail,userPrincipalName,displayName&$top=999

into the query field and press Run.

Copy the results into a file and send to the customer .