Managed Access to Microsoft Graph Data in Private Preview

Office Add-ins team

We’re pleased to announce that we are expanding the focus of the Managed Access to Microsoft Graph Data preview, announced this spring at our Build 2018 conference, to include scenarios for Enterprises as well as ISVs.  Managed Access to Graph in Microsoft Azure provides new management and control tools for developing applications that connect to the Microsoft Graph within the Microsoft Azure environment. 

The organizational data that exists within an Office 365 tenant and is accessed through the Microsoft Graph is a fantastic source of raw material for the construction of rich insights that have the power to drive digital transformation.  We understand that the security and privacy of this data is of paramount importance and are committed to taking proactive steps that might limit any unwanted access.  We also understand that companies can and will seek to use Office 365 tenant data for the purpose of deriving insights, and can choose between building those insights using their own IT resources or buying them from an Independent Software Vendor (ISV). 

In either case, administrators must carefully consider the challenges inherent to moving and managing significant amounts of their organizational data.   Managed Access to Microsoft Graph Data is designed to give administrators new controls over the Office 365 data they provide to application developers who forge insights with that data.   There are three primary dimensions to the service:

Granular consent:  Unlike standard consent models, where an administrator can only grant or deny an application access to specific data types, Managed Access to Microsoft Graph Data raises the bar.  Applications can specify exactly what types of data and/or filter content that an application can access.  On the other side of this equation, administrators must give explicit approval to access Office 365 data before access is granted.  The request must specify the level of access requested, describe data policy enforcement, the reason for the request and the exact schema of the data requested.  As a result, applications may use only the data essential to their function, while unrelated content is not provided.  For example, an app may consume email headers, while body content and attachments are excluded.

Data Governance: Microsoft is facilitating rich, connected communication between Office 365 and Azure with respect to the status of customers’ data.  Developers creating applications that leverage Managed Access to Microsoft Graph Data can specify a set of detailed policies with which they intend to comply.   Office 365 administrators may then review and consent to these policies.  This practice minimizes compliance management overhead.  Once consent is given, Microsoft monitors an application’s adherence to policy.  In instances where an application violates (or attempts to violate) a policy established by the organization, Microsoft stops the flow of data to that application. 

Scalable Data Access: Rich applications require access to large amounts of data, often from many users in your organization at once, joined together.  Historically, application developers have needed to build complex infrastructure and make thousands upon thousands of API calls to orchestrate this data delivery.   But Managed Access to Microsoft Graph leverages the power of Azure Data Factory to deliver Office data from the entirety of your organization to your application, on a repeatable schedule, with just a few simple steps.

Discrete Azure services:  Whether you’re leveraging an Azure Managed Application built by others, or an application that you wrote yourself, your application and your data are collocated tightly together in a separately- provisioned Azure instance.  Applications connect to a copy of the specifically requested dataset located within a separately-provisioned Azure instance – never directly to the data sources powering their apps.   From that Azure instance however, developers can use the full range of Azure tools and capabilities to deliver rich experiences – from websites built on best-in-class serving platforms to deep insights driven by our big data and analytics tools – to derive insights, all from within Azure’s compliance boundaries.

Developers interested in creating applications with managed access to Microsoft Graph data can apply to participate in our limited public preview by providing the information requested on this page.


Happy coding!

The Office Ecosystem team

Feedback usabilla icon