Microsoft Active Directory and Microsoft Entra ID provide identity and access management for organizations of all sizes. Microsoft Graph API is the unified REST API gateway for accessing and managing Microsoft Entra ID (formerly Azure Active Directory), including users, groups, applications, devices, conditional access policies, identity governance, and directory administration. The Microsoft Graph API enables IT administrators, identity engineers, and security teams to automate user lifecycle management, enforce zero trust policies, and integrate identity data into security operations.
URL: Visit APIs.json
Run: Capabilities Using Naftiko
- Active Directory, Authentication, Authorization, Directory Services, Identity Management, Microsoft Entra, Zero Trust
- Created: 2024-01-01
- Modified: 2026-04-19
Manage the entire lifecycle of users in Microsoft Entra ID, including creating, reading, updating, and deleting user accounts, managing licenses, group memberships, authentication methods, and profile photos. Supports both v1.0 and beta endpoints.
Human URL: https://learn.microsoft.com/en-us/graph/api/resources/users
- Directory Services, Identity Management, Users
Create and manage Microsoft Entra security groups, Microsoft 365 groups, and distribution lists. Manage group memberships, owners, and settings. Groups enable efficient entitlement management for users, licensing, and resource access.
Human URL: https://learn.microsoft.com/en-us/graph/api/resources/groups-overview
- Directory Services, Groups, Identity Management
Register and manage Microsoft Entra applications and their associated service principals programmatically. Configure app permissions, OAuth2 permission grants, app role assignments, certificates, federated identity credentials, and app consent policies.
Human URL: https://learn.microsoft.com/en-us/graph/api/resources/applications-api-overview
- Applications, Identity Management, OAuth2, Service Principals
Manage devices registered or joined to Microsoft Entra ID, including Entra joined, Entra registered, and hybrid Azure AD joined devices. Retrieve BitLocker recovery keys and Local Admin Password Solution (LAPS) credentials for managed devices.
Human URL: https://learn.microsoft.com/en-us/graph/api/resources/device
- Devices, Endpoint Management, Identity Management
Manage Microsoft Entra built-in and custom directory roles, role assignments, and role-scoped administrative units. Assign administrator roles to users, groups, or service principals, and create scoped role assignments via administrative units.
Human URL: https://learn.microsoft.com/en-us/graph/api/resources/directoryrole
- Authorization, Directory Services, Role Management
Create and manage Microsoft Entra Conditional Access policies that enforce access controls based on user, location, device, and risk signals. Configure named locations, authentication context class references, and evaluate policy impact using what-if analysis.
Human URL: https://learn.microsoft.com/en-us/graph/api/resources/conditionalaccesspolicy
- Authorization, Conditional Access, Security, Zero Trust
Manage Microsoft Entra ID Governance features including access reviews, entitlement management (access packages, catalogs, and policies), Privileged Identity Management (PIM) for just-in-time role activation, and lifecycle workflows for joiner/mover/leaver employee identity lifecycle automation.
Human URL: https://learn.microsoft.com/en-us/graph/api/resources/identitygovernance-overview
- Governance, Identity Management, Lifecycle Management, Privileged Identity Management
Detect, investigate, and remediate identity-based risks using Microsoft Entra ID Protection. Access risk detections, risky users, risky service principals, and risk events, and feed data into SIEM tools for security correlation and incident response.
Human URL: https://learn.microsoft.com/en-us/graph/api/resources/identityprotection-overview
- Identity Protection, Risk Management, Security
Manage authentication methods registered for users in Microsoft Entra ID, including FIDO2 security keys, Microsoft Authenticator, phone (SMS/voice call), email OTP, Windows Hello for Business, and temporary access passes. Configure authentication method policies and authentication strength requirements.
Human URL: https://learn.microsoft.com/en-us/graph/api/resources/authenticationmethods-overview
- Authentication, MFA, Passwordless, Security
Access audit logs, sign-in logs, provisioning logs, and identity-related reports for monitoring, compliance, and troubleshooting. Stream logs to Azure Monitor and Log Analytics or to third-party SIEM tools for security operations.
Human URL: https://learn.microsoft.com/en-us/graph/api/resources/report-identity-access
- Audit Logs, Compliance, Monitoring, Reports
- Portal
- GettingStarted
- Documentation
- Authentication
- APIReference
- RateLimits
- SDK
- CLI
- Blog
- StatusPage
- Support
- TermsOfService
- PrivacyPolicy
- Pricing
- ChangeLog
- GitHubOrganization
- GitHubRepository
- StackOverflow
- Training
- SpectralRules
- NaftikoCapability
- Vocabulary
- JSON-LD
| Name | Description |
|---|---|
| Unified Identity API | Single REST endpoint (graph.microsoft.com) for all Microsoft Entra identity and directory operations. |
| User Lifecycle Management | Full CRUD operations for user accounts including bulk operations, license assignment, and guest management. |
| Group Management | Create and manage security groups, Microsoft 365 groups, and dynamic membership groups. |
| Application Registration | Programmatic app registration, permission configuration, and service principal management. |
| Conditional Access Automation | Create, update, and evaluate Conditional Access policies via API for Zero Trust enforcement. |
| Privileged Identity Management | Just-in-time role activation, time-bound access, and PIM policy management via API. |
| Identity Protection | Access risk signals, risky users, and risk detections for automated threat response. |
| Authentication Method Management | Manage MFA and passwordless authentication methods registered for users. |
| Audit and Sign-in Logs | Programmatic access to audit logs, sign-in logs, and provisioning logs for SIEM integration. |
| Identity Governance | Access reviews, entitlement management, and lifecycle workflows for automated IAM. |
| Name | Description |
|---|---|
| User Provisioning Automation | Automate user account creation, attribute updates, and deprovisioning for HR-driven identity lifecycle. |
| Zero Trust Policy Enforcement | Programmatically deploy and manage Conditional Access policies across the organization. |
| SIEM Integration | Stream audit logs and sign-in events to security information and event management systems. |
| Application Access Management | Automate app registration, permission grants, and app role assignments for developer self-service. |
| Identity Risk Remediation | Detect and respond to risky sign-ins and compromised accounts via Identity Protection APIs. |
| Compliance Reporting | Generate access reviews, entitlement reports, and audit logs for regulatory compliance. |
| Privileged Access Governance | Enforce just-in-time privileged access and audit role assignments via PIM APIs. |
| Name | Description |
|---|---|
| Azure Active Directory | Microsoft Entra ID (formerly Azure AD) is the cloud identity backbone accessed via Microsoft Graph. |
| Microsoft 365 | Microsoft Graph provides unified access to Microsoft 365 user data alongside identity operations. |
| Azure Monitor | Stream Microsoft Entra sign-in and audit logs to Azure Monitor Log Analytics for analysis. |
| Microsoft Sentinel | Feed identity risk signals and audit logs into Microsoft Sentinel SIEM for threat hunting. |
| Intune | Microsoft Graph Intune APIs integrate device management with identity policies. |
| SCIM Providers | Automate user provisioning to SaaS applications using Microsoft Entra SCIM provisioning. |
| SAML and OIDC Applications | Register and manage federated applications using SAML 2.0 and OpenID Connect via Microsoft Graph. |
Machine-readable API specifications organized by format.
- Microsoft Graph Users API
- Microsoft Graph Groups API
- Microsoft Graph Applications and Service Principals API
Naftiko capabilities organized as shared per-API definitions composed into customer-facing workflows.
- Active Directory Users — 5 operations for user lifecycle management
- Active Directory Groups — 3 operations for group management
- Active Directory Applications — 4 operations for application and service principal management
| Workflow | APIs Combined | Tools | Persona |
|---|---|---|---|
| Identity Management Operations | Users, Groups, Applications | 10 | IT Administrator, Identity Engineer, Security Analyst |
- Active Directory Vocabulary — Unified taxonomy mapping 12 resources, 9 actions, 1 workflow, and 3 personas across operational (OpenAPI) and capability (Naftiko) dimensions
- Active Directory Spectral Rules — 30+ rules across 10 categories enforcing Microsoft Graph API conventions
FN: Kin Lane
Email: kin@apievangelist.com