Graph API Concealed Username and Groups

By Style Sync
| Published on

In late 2021, Microsoft introduced encryption by default to the Office 365 Graph APIs. The effect of this is to conceal the data on the API’s reports by default.

A screenshot taken from a graph API report shown below illustrates how the data is concealed when the API call is sent:

Manual Unconceal – Configuration

As mentioned, the above API request return is normal; for some use cases it is providing the required information. However, what do you do if you need more information out of the report; for example, cross referencing with usernames for example? The solution is simple, you have two options to achieve this. The first option is to browse the Office365 admin portal. Go to Setting –> Org Setting –>Reports and uncheck the tickbox for “Display concealed user, group, and site names in all reports” See the figure below.

By following the above procedure, you can now see the new data that you need. The data was always there, now you can see it as shown in the following screenshot:

Use an API to enable/disable concealed data

When it comes to automation and DevOps, I always like to use some sort of automation to keep my workload very low; then I can fit more tasks to my busy day. In this instance, and during my work on my new Office365 analysis tool (Sonaros.io), I want to use APIs to conceal or unconceal some data. The reasons i want an automated method is the logic I want to implement, which is, the data will be concealed all the time, until I use the Sonaros read, where the data must remained unconcealed until the operation is complete before it return to the concealed state. To achieve, this I use the following two API calls:

Unconcealed:

curl --location --request PATCH https://graph.microsoft.com/beta/admin/reportSettings'  --header 'Content-Type: application/json'  --header 'Authorization: Bearer eyJ0eXAiOiJKV1'  --data '{"displayConcealedNames": false}'

Concealed:

curl --location --request PATCH https://graph.microsoft.com/beta/admin/reportSettings'  --header 'Content-Type: application/json'  --header 'Authorization: Bearer eyJ0eXAiOiJKV1'  --data '{"displayConcealedNames": true}'

Summary:

Security of your data is critical. Using APIs the data must remain secure. To avoid data breaches, Microsoft added the concealed data option. The data is concealed by default; but as a developer or Administrator, you might wish to expose these data for your ligament reporting. In this article, I presented the two commonly used ways to unconceal the data. I personally use this on my new reporting tool.

What do you think?

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to Our Newsletter

Table of Contents

Related Insights