This chapter introduces why it is important to master protecting a web application protected by Azure AD in an Office365 tenancy, and what scenarios it is useful in.
And in this module, we're not even going to call Microsoft Graph. Now you might ask, then why are we even bothering to learn this? Well this scenario is quite useful. For instance, branding Office 365, especially when you want 100% control of the page, can be quite challenging. In fact, Microsoft doesn't want you taking 100% control of the page. They want a SharePoint page to look like SharePoint. So, sometimes when you want that 100% control, but you want to offer SSO experience between Office 365 and your application, perhaps your application is a very highly-branded intronic or extronic, then you may want to control the branding and layout and your application may need to co-exist inside Office 365.
And soon as you start doing that, the natural next scenario is that now your application, because it's part of the same tenancy, the user experiences a single sign-on experience, your application may want to call Office 365 resources, specifically Microsoft Graph. And why just stop at Microsoft Graph? Maybe your application wants to call other web APIs that you write. The interesting thing is that Microsoft Graph API is just a web API that Microsoft wrote.
But let's say that you have a in-house, on-premises system that you want to expose in a similar manner. You can do that as well, and your application can call it using the same concepts that I will demonstrate later in this course. Additionally, your application can expose web APIs itself. And then other applications in your organization can call your application. You'll find this scenario to be extremely useful when you are trying to write single page applications, lot of them that co-exist on the same page, like web parts, and you want to avoid frequent redirects.
Because every application, as I'll show in the next module, that every application, a single page application, tries to do a redirect in order to get the access token. That may lead to poor user experience, so you can coalesce all of them into a single resource ID that could be represented by your app. I know this may sound like gibberish right now, but I assure you that by the end of this course, it'll all become very clear. That said, I think I've driven the point home enough that this is an important scenario to learn, writing a simple web application protected by Azure AD.
So let's get started learning that.
- What is Microsoft Graph?
- Registering a web application in Azure AD
- Adding authentication logic and authentication UI
- Native applications calling Graph
- Reviewing scenarios where web apps involving Graph are useful
- Web applications with application identity and delegated identity calling Graph
- Daemons calling Graph