give me all the examples of GET requests with Azure AD concerning the resource service principals

The Azure AD REST API is a set of web services that allow you to interact with Azure Active
Directory (Azure AD) using HTTP requests. You can use the Azure AD REST API to perform
various operations on resources such as users, groups, applications, roles, service principals, etc.

To use the Azure AD REST API, you need to follow these steps:

- Register an application in Azure AD that will act as a client for calling the API.
- Assign the appropriate permissions to the application based on the scope and role of your
operations.
- Acquire an access token from Azure AD using one of the supported authentication flows².
- Send HTTP requests to the Azure AD REST API endpoints with the access token in the
Authorization header using the Bearer scheme³.
- Handle the responses from the Azure AD REST API according to your business logic.

The Azure AD REST API supports GET, HEAD, PUT, POST, and PATCH methods¹. The format of
the request and response body depends on the resource type and operation. You can find more details
about each resource type and operation in the official documentation.

Source : conversation avec Bing, 17/03/2023(1) Azure Active Directory REST API - authentication |
Microsoft Learn. https://learn.microsoft.com/en-us/azure/azure-app-configuration/rest-api-
authentication-azure-ad Consultée 17/03/2023.
(2) Configuring Authentication and Authorization for REST APIs using Azure ....
https://devblogs.microsoft.com/cse/2022/03/23/configuring-authentication-and-authorization-for-
rest-apis-using-azure-ad-b2c-id-tokens/ Consultée 17/03/2023.
(3) Azure REST API reference documentation | Microsoft Learn.
https://learn.microsoft.com/en-us/rest/api/azure/ Consultée 17/03/2023.

GET, HEAD, PUT, POST, and PATCH are HTTP methods that indicate the type of action you want
to perform on a resource using a REST API. Each method has a different meaning and usage:
GET is used to retrieve data from a server. It does not change the state of the resource. For example,
you can use GET to read a user’s profile or list all groups in Azure AD1.

HEAD is similar to GET but it only returns the headers of the response without the body. It is useful
for checking if a resource exists or getting metadata about it1.

PUT is used to send data to a server to create or update a resource. It replaces the entire resource
with the data in the request body. For example, you can use PUT to create a new user or update an
existing application in Azure AD1.

POST is also used to send data to a server but it creates a new resource as a sub-resource of an
existing one. It does not replace the existing resource but adds to it. For example, you can use POST
to add a member to a group or assign a role to an application in Azure AD1.

PATCH is used to send data to a server to partially update a resource. It only modifies the fields that
are specified in the request body. For example, you can use PATCH to change a user’s display name
or enable an application’s service principal in Azure AD1.

The Azure AD REST API supports all these methods for different resources and operations2. You can
find more details about each method and its syntax in the official documentation.

The GET HTTP method is used to retrieve data from a server. It does not change the state of the
resource. You can use the GET method with Azure AD to read various resources such as users,
groups, applications, roles, etc.

To use the GET method with Azure AD, you need to follow these steps:

- Register an application in Azure AD that will act as a client for calling the API.

- Assign the appropriate permissions to the application based on the scope and role of your
operations.

- Acquire an access token from Azure AD using one of the supported authentication flows².

- Send an HTTP request to the Azure AD REST API endpoint for the resource you want to read with
the access token in the Authorization header using the Bearer scheme³.
- Handle the response from the Azure AD REST API according to your business logic.

The format of the GET request is:

GET {resource_uri}

Authorization: Bearer {access_token}

The format of the response depends on the resource type and may include pagination or filtering
options. You can find more details about each resource type and its syntax in the official
documentation¹.

Some examples of GET requests with Azure AD are:

- Get a user by ID: GET https://graph.microsoft.com/v1.0/users/{id}

- List all groups: GET https://graph.microsoft.com/v1.0/groups

- Get an application by ID: GET https://graph.microsoft.com/v1.0/applications/{id}

- List all role assignments: GET

https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments

Source : conversation avec Bing, 17/03/2023(1) Azure Active Directory REST API - authentication |
Microsoft Learn. https://learn.microsoft.com/en-us/azure/azure-app-configuration/rest-api-
authentication-azure-ad Consultée 17/03/2023.

(2) HTTP with Azure AD | Microsoft Power Automate. https://powerautomate.microsoft.com/en-

US/connectors/details/shared_webcontents/http-with-azure-ad/ Consultée 17/03/2023.

(3) Azure REST API reference documentation | Microsoft Learn.

https://learn.microsoft.com/en-us/rest/api/azure/ Consultée 17/03/2023.

There are many examples of GET requests with Azure AD, depending on the resource type and
operation you want to perform. Here are some more examples:

- Get the signed-in user: GET https://graph.microsoft.com/v1.0/me

- List all users: GET https://graph.microsoft.com/v1.0/users

- Get a group by ID: GET https://graph.microsoft.com/v1.0/groups/{id}

- List all applications: GET https://graph.microsoft.com/v1.0/applications

- Get a role definition by ID: GET

https://graph.microsoft.com/v1.0/roleManagement/directory/roleDefinitions/{id}

- List all service principals: GET https://graph.microsoft.com/v1.0/servicePrincipals

You can find more examples and details in the official documentation.
 USERS
There are many examples of GET requests with Azure AD concerning the resource users, depending
on the operation you want to perform. Here are some examples:

- Get a user by ID: GET https://graph.microsoft.com/v1.0/users/{id}

- List all users: GET https://graph.microsoft.com/v1.0/users

- Get the signed-in user: GET https://graph.microsoft.com/v1.0/me

- List all users in a group: GET https://graph.microsoft.com/v1.0/groups/{id}/members

- List all users assigned to a role: GET

https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments?$filter=principalType
eq 'User'

- List all users with a specific display name: GET https://graph.microsoft.com/v1.0/users?

$filter=displayName eq '{name}'

- List all users with a specific email domain: GET https://graph.microsoft.com/v1.0/users?

$filter=mail endswith '@{domain}'

- Get the manager of a user: GET https://graph.microsoft.com/v1.0/users/{id}/manager

- Get the direct reports of a user: GET https://graph.microsoft.com/v1.0/users/{id}/directReports

- Get the photo of a user: GET https://graph.microsoft.com/v1.0/users/{id}/photo/$value

 Groups
There are many examples of GET requests with Azure AD concerning the resource groups,
depending on the operation you want to perform. Here are some examples:

- Get a group by ID: GET https://graph.microsoft.com/v1.0/groups/{id}

- List all groups: GET https://graph.microsoft.com/v1.0/groups

- List all groups that a user is a member of: GET

https://graph.microsoft.com/v1.0/users/{id}/memberOf

- List all groups that a user is an owner of: GET

https://graph.microsoft.com/v1.0/users/{id}/ownedObjects

- List all groups that an application is a member of: GET

https://graph.microsoft.com/v1.0/applications/{id}/memberOf

- List all groups that an application is an owner of: GET

https://graph.microsoft.com/v1.0/applications/{id}/ownedObjects

- List all groups with a specific display name: GET https://graph.microsoft.com/v1.0/groups?

$filter=displayName eq '{name}'

- List all groups with a specific description: GET https://graph.microsoft.com/v1.0/groups?

$filter=description eq '{description}'

- Get the photo of a group: GET https://graph.microsoft.com/v1.0/groups/{id}/photo/$value

 Applications
There are many examples of GET requests with Azure AD concerning the resource applications,
depending on the operation you want to perform. Here are some examples:

- Get an application by ID: GET https://graph.microsoft.com/v1.0/applications/{id}

- List all applications: GET https://graph.microsoft.com/v1.0/applications

- List all applications that a user is a member of: GET

https://graph.microsoft.com/v1.0/users/{id}/memberOf

- List all applications that a user is an owner of: GET

https://graph.microsoft.com/v1.0/users/{id}/ownedObjects

- List all applications that a group is a member of: GET

https://graph.microsoft.com/v1.0/groups/{id}/memberOf

- List all applications that a group is an owner of: GET

https://graph.microsoft.com/v1.0/groups/{id}/ownedObjects

- List all applications with a specific display name: GET

https://graph.microsoft.com/v1.0/applications?$filter=displayName eq '{name}'

- List all applications with a specific sign-in URL: GET

https://graph.microsoft.com/v1.0/applications?$filter=signInUrl eq '{url}'

- Get the service principal of an application: GET

https://graph.microsoft.com/v1.0/applications/{id}/servicePrincipal
 Roles
There are many examples of GET requests with Azure AD concerning the resource roles, depending
on the operation you want to perform. Here are some examples:

- Get a role definition by ID: GET

https://graph.microsoft.com/v1.0/roleManagement/directory/roleDefinitions/{id}

- List all role definitions: GET

https://graph.microsoft.com/v1.0/roleManagement/directory/roleDefinitions

- Get a role assignment by ID: GET

https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments/{id}

- List all role assignments: GET

https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments

- List all role assignments for a specific role definition: GET

https://graph.microsoft.com/v1.0/roleManagement/directory/roleDefinitions/{id}/members

- List all role assignments for a specific principal (user, group or service principal): GET
https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments?$filter=principalId eq
'{id}'

- List all role assignments for a specific resource scope (directory or application): GET
https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments?$filter=resourceScope
eq '{scope}'

- List all role assignments for a specific directory object type (user, group or service principal): GET
https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments?$filter=principalType
eq '{type}'
 Service principals
There are many examples of GET requests with Azure AD concerning the resource service
principals, depending on the operation you want to perform. Here are some examples:

- Get a service principal by ID: GET https://graph.microsoft.com/v1.0/servicePrincipals/{id}

- List all service principals: GET https://graph.microsoft.com/v1.0/servicePrincipals

- List all service principals that a user is a member of: GET

https://graph.microsoft.com/v1.0/users/{id}/memberOf

- List all service principals that a user is an owner of: GET

https://graph.microsoft.com/v1.0/users/{id}/ownedObjects

- List all service principals that a group is a member of: GET

https://graph.microsoft.com/v1.0/groups/{id}/memberOf

- List all service principals that a group is an owner of: GET

https://graph.microsoft.com/v1.0/groups/{id}/ownedObjects

- List all service principals with a specific display name: GET

https://graph.microsoft.com/v1.0/servicePrincipals?$filter=displayName eq '{name}'

- List all service principals with a specific app ID: GET

https://graph.microsoft.com/v1.0/servicePrincipals?$filter=appId eq '{appId}'

- Get the application of a service principal: GET

https://graph.microsoft.com/v1.0/servicePrincipals/{id}/application
One example of a POST request with Azure AD concerning the resource users is creating an Azure
AD user using Microsoft Graph REST API. Here is a code sample for your reference ⁶:

```

POST https://graph.microsoft.com/v1.0/users

Authorization: Bearer {token}

Content-type: application/json

        "accountEnabled": true,

        "displayName": "displayName-value",

        "mailNickname": "mailNickname-value",

        "userPrincipalName": ...

```

Is there anything else you would like to know?

Source : conversation avec Bing, 18/03/2023(1) How to create Azure AD user programmatically? -
Stack Overflow. https://stackoverflow.com/questions/44756742/how-to-create-azure-ad-user-
programmatically Consultée 18/03/2023.
(2) Http Request Resource and Azure AD Resource URI.
https://powerusers.microsoft.com/t5/Building-Flows/Http-Request-Resource-and-Azure-AD-
Resource-URI/td-p/961898 Consultée 18/03/2023.

(3) Authorize requests to Azure Storage (REST API) | Microsoft Learn.

https://learn.microsoft.com/en-us/rest/api/storageservices/authorize-requests-to-azure-storage
Consultée 18/03/2023.

(4) HTTP with Azure AD - Failed with error: 'AADSTS500011: The resource ....
https://powerusers.microsoft.com/t5/General-Power-Automate/HTTP-with-Azure-AD-Failed-with-
error-AADSTS500011-The-resource/td-p/450769 Consultée 18/03/2023.

(5) Working with Azure Active Directory resources in Microsoft Graph.

https://learn.microsoft.com/en-us/graph/api/resources/azure-ad-overview?view=graph-rest-1.0
Consultée 18/03/2023.

(6) Calling the Microsoft Graph API. https://learn.microsoft.com/en-us/graph/call-api Consultée

18/03/2023.
Sure, here is example 1 from :

To create a user in Azure AD, you need to send a POST request to the /users endpoint with an access
token in the Authorization header. The request body should contain a JSON representation of the
user object with the required properties: accountEnabled, displayName, mailNickname,
userPrincipalName, and passwordProfile. You can also include optional properties such as
givenName, surname, jobTitle, etc.

Here is an example of a POST request to create a user:

```

POST https://graph.microsoft.com/v1.0/users

Content-type: application/json

Authorization: Bearer {access-token}

    "accountEnabled": true,

    "displayName": "Adele Vance",

    "mailNickname": "AdeleV",

    "userPrincipalName": "AdeleV@contoso.com",

    "passwordProfile" : {

        "forceChangePasswordNextSignIn": true,

        "password": "{password}"

  }

```

Here is an example of a response:

```

HTTP/1.1 201 Created

Content-type: application/json

        "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",

        "id": "e3d0513b-449e-4198-ba6f-bd97ae7cae85",

        "businessPhones": [],

        "displayName": "Adele Vance",

        ...

```