Reading Time: 3 minutes

Delve is a great feature for all the users who wants a new way to discover and work with their documents stored in their Office 365 tenant. But all customers not willing to offer Delve to all their users. If you disabled delve by default it will disable Office 365 graph.

Disable Delve on the Office 365 tenant

If you don’t want to use Delve in your company, it’s possible to disable it for all the users. To do it and as a tenant administrator, you have to connect to the SharePoint Admin Center then go the “Settings” section then move to Office Graph and select the ‘Don’t allow access to the office Graph’ as you can see in the screenshot below and click OK to save the settings.

– https://tenant-admin.sharepoint.com/_layouts/15/online/TenantSettings.aspx

Then save your modification and after a short time(In few minutes), Delve and Office Graph will be disabled/unusable for all the users of your Office 365 tenant.

Solution: To access Microsoft Graph API via Azure Application permissions and PowerShell

Step:1  – Register a new application using the Azure portal

  • Sign in to the Azure portal using either a work or school account or a personal Microsoft account
  • In the left-hand navigation pane, select the Azure Active Directory service, and then select App registrations > New registration

  • When the Register an application page appears, enter your application’s registration information
    • Name – TeamsGraph
    • Supported account types – Accounts in the organizational directory only

  • Once you registered ,Click on API Permissions

  • Add a Permission – – > Select Microsoft Graph

  • Select Delegated permissions and enable Group.ReadAll,Group.ReadWriteAll and Add Permissions.

Note:

  • Two types of permissions: 
    • User delegated permissions for when there is a user present
    • Application permissions for when there isn’t
  • Teams APIs require Group.Read.All or Group.ReadWrite.All
    • For user delegated, means all groups the user can read/write
    • For application permissions, means all groups in the tenant
    • Admin consent required for both user delegated and application permissions
  • Select Application permissions and enable
    • Group.ReadAll
    • Group.ReadWriteAll
  • then add Permissions

  • then Grant admin consent

  • Now all Permissions are Granted, as you can see in the screenshot below

  • Navigate to Certificates & Secrets and create New client secret to prove the identity

  • Click New client secret button under Client secrets section

Now you completed the prerequisites to execute the pnp powershell to create Team.

#Connect with the Microsoft Graph via PnP PowerShell
Connect-PnPOnline -Scopes "Group.ReadWrite.All"
$accesstoken = Get-PnPAccessToken
$creategroup = @'
{
"description": "MyFirstGraphTeam",
"displayName": "MyFirstGraphTeam",
"groupTypes": [
"Unified"
],
"mailEnabled": true,
"mailNickname": "MyFirstGraphTeam",
"securityEnabled": false
}
'@
$response = Invoke-RestMethod -Uri https://graph.microsoft.com/v1.0/groups -Body
$creategroup -ContentType "application/json" -Headers @{Authorization = "Bearer $accesstoken"} -Method Post
$groupid = $response.'id';
$createteam = @'
{
"memberSettings": {
"allowCreateUpdateChannels": true
},
"messagingSettings": {
"allowUserEditMessages": true,
"allowUserDeleteMessages": true
},
"funSettings": {
"allowGiphy": true,
"giphyContentRating": "strict"
}
}
'@
$createteamuri = "https://graph.microsoft.com/v1.0/groups/" + $groupid + "/team"
Invoke-RestMethod -Uri $createteamuri -Body $createteam -ContentType "application/json"
-Headers @{Authorization = "Bearer $accesstoken"} -Method PUT