Highlights from the GA of the Intune APIs in Microsoft Graph

On Wednesday we announced that the Microsoft Intune APIs being surfaced through Microsoft Graph have been moved from “preview” to Generally Available.

We are really excited about this milestone, and we look forward to learning how to make it even better as you give us feedback and direction on the way you want to use the APIs.

What is Microsoft Graph?

The easiest way to describe Microsoft Graph is to think of it as the new API for our services. If you are looking for a command line interface (CLI) or the APIs to build your own custom administrative console for the Office 365 or EMS services, the Microsoft Graph is what you will use.

In modern cloud services, one of the fundamental architectural principles is that you have separate micro services for the control plane and the data plane. These two things scale at very different rates and, as usage grows to millions (or tens/hundreds of millions) of users and devices, you have to be able to scale efficiently in order to survive. Efficiently scalability will improve user experience, streamline adoption, and help you manage costs.

The Office 365 and EMS teams have been working together to integrate our control planes into the Microsoft Graph so that there is just one place for IT Pros and developers to access all of the APIs that integrate with the cloud services. This is a first for us at Microsoftnever before have the Office, management, identity, and security APIs been brought together like this.

This GA will dramatically reduce the difficulty associated with integrating across the breadth of the services customers are using.

Here’s How the Microsoft Graph Works

First, there are a lot of ways for a device to access the Microsoft Graph, e.g. through the Azure console, or through a command line interface, or a custom console that is developed by a customer or partner, and also via an application. Access and authentication is, of course, done through Azure Active Directory. The various Microsoft Cloud services all register APIs with the Microsoft Graph and, when a call is made to the Microsoft Graph, the Graph knows which service is needed to fulfill the request. If you want to get a sense of the Intune capabilities that are now being surfaced up through Microsoft Graph check out this overview.

The work we did with the Intune for Education console is a great example of the work we’ve done to streamline the flow of requests. The Intune for EDU console is built specifically for use inside schools, and we dramatically simplified the console experience by customizing it for a school environment – e.g. instead of “users” we have “students” and “teachers,” and the groups are called “classes, “ and we removed the features/capabilities that are typically not used in schools. This provides a customized, tailored experience for a specific customer need.

One of the ways the new Intune APIs in the Microsoft Graph are being used is seen in how other 3rd party MDM solutions are integrating Intune capabilities into their administrative consoles.  This will enable IT Professionals using MDM solutions other than Intune to configure the Intune App Protection policies from their MDM console. A request for this functionality has been brought up by a number of customers – and, in many cases, these customers are looking to move entirely to Intune and EMS. These customers are looking for a comprehensive Enterprise Mobility solution, and they are looking at utilizing the Intune MAM capabilities alongside their existing MDM as a first step in the migration to the Intune MDM and the broader EMS capabilities.

Here is a view of how the communication occurs in both the Intune for EDU console and the 3rd party MDM consoles:

We have been working hard to build and deliver the features and functionality that bring Microsoft 365 to life. Microsoft 365 is the complete, intelligent, secure solution to empower employees, and we have delivered incredibly valuable end-to-end scenarios (such as conditional access, among others) that demonstrate how thoroughly M365 has been engineered as a complete solution.

The work we have done to deliver a common API through the Microsoft Graph is another example of how Microsoft 365 is being engineered as a complete product.

While we take pride in our console, we also realize that the best solution is the one that allows you to be in control. Whether its browser UI, command-line, or server – we are there for you!