Microsoft Graph Academy & Sandbox
Welcome to the interactive Graph portal. Execute REST queries to explore and learn how the Microsoft Graph API exposes Microsoft 365 services.
1. Core Architecture & Concepts
What is Microsoft Graph?
Microsoft Graph is a unified REST API endpoint (https://graph.microsoft.com) providing access to data across Microsoft 365, Windows 11, and Enterprise Mobility + Security services. It consolidates multiple legacy APIs into a single gateway.
Delegated vs Application Permissions
Delegated permissions are used by apps that have a signed-in user present. The app can only act on behalf of the signed-in user. Application permissions are used by background daemons or services without any signed-in user (requires tenant administrator consent).
Managing Permissions & Scope Consent
Scopes are requested during login. To add scopes, request them in your auth request (e.g. Mail.Read). To remove or revoke granted permissions from the app, users must sign in to their Microsoft My Apps portal at myapplications.microsoft.com and select "Revoke Permissions".
API Versions: v1.0 vs Beta
The v1.0 endpoint includes APIs that are ready for production use. The beta endpoint (e.g. /beta/me) contains APIs that are currently in preview and may undergo breaking changes before release.
2. Interactive API Endpoint Directory
Get Authenticated User Profile
GET /v1.0/me
Retrieves the primary profile metadata of the signed-in user, such as displayName, jobTitle, mail, and officeLocation.
List Users in Tenant Directory
GET /v1.0/users
Queries organization members in the tenant. Demonstrates directory searching and group structures.
Retrieve Signed-In User's Manager
GET /v1.0/me/manager
Returns the profile of the manager assigned to the signed-in user in Entra ID/Active Directory.
List Direct Reports
GET /v1.0/me/directReports
Returns profiles of organization employees reporting directly to the signed-in user.
List Tenant Groups
GET /v1.0/groups
Lists security, distribution, and Microsoft 365 groups configured inside the active directory tenant.
Query Inbox Outlook Mails
GET /v1.0/me/messages
Fetches recent email items. Details date received, subjects, and previews.
Send Outlook Email
POST /v1.0/me/sendMail
Sends a real email message to recipients using the mail-sending scope.
Read Calendar Meetings
GET /v1.0/me/events
Lists calendar appointments and events. Illustrates time-zone mapping and locations.
Explore OneDrive Storage Files
GET /v1.0/me/drive/root/children
Queries OneDrive node children. Displays file name nodes, size bytes, and type classification.
3. Custom API Explorer Sandbox
Just like the official **Microsoft Graph Explorer**, GraphShell allows you to run any arbitrary REST request using the request CLI command. This includes querying beta features, Planner tasks, Microsoft Teams, and more.
Waiting for Command
Run a directory command in the shell to visualize results here. Try me, users --list, or mail --list.
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"id": "mock-user-id-000",
"displayName": "System Admin",
"givenName": "System",
"surname": "Admin",
"userPrincipalName": "admin@contoso.onmicrosoft.com",
"jobTitle": "Tenant Administrator",
"mail": "admin@contoso.onmicrosoft.com",
"mobilePhone": null,
"officeLocation": "Building 1"
}