How to Create a Graph Schema Extension using Graph Explorer

I’ve been doing a lot of SPFx, NET Core and Office 365 related development and I have several stories to share.

During the implementation of one of the features in a custom API application, I had to create a schema extension in Microsoft Graph for a Group object, for the purposes of classification. As I stumbled upon a non-intuitive behaviour of the API in Graph Explorer, I hope to save you a couple of hours if you have to do the same.

I went to the extensive Graph documentation to see how to perform such a call to MS Graph. It didn’t seem particularly difficult, just a POST with JSON data on the schemaExtensions endpoint.

In Graph Explorer application that I was using, I kept getting “Request denied due to insufficient permissions”. I double and triple-checked that my Graph Explorer indeed had the needed permissions (Directory.AccessAsUser.All). No matter what I did, I kept getting the same error.

In the end, it seemed to be a limitation on Graph Explorer client. To overcome it, Microsoft added a workaround:

  • Register another Web / API application in Azure Active Directory
  • Add the required permissions to create schema extension to that application
  • In Graph Explorer, prepare a POST request to schemaExtensions endpoint
  • Add “owner” property in the JSON payload, with the value of the authorized application App ID
  • Voilà! The schema extension is created.

My schema creation request JSON payload was like this:



Azure App Services and SharePoint 2016

Yesterday Microsoft announced the availability of Azure App Services, a new high-level grouping of services for building apps on Azure cloud platform. According to the announcement blog post:

App Service is a new, one-of-a kind cloud service that enables developers to build web and mobile apps for any platform and any device. App Service is an integrated solution that streamlines development while enabling easy integration with on-premises and SaaS systems while providing the ability to quickly automate business processes.

I immediately saw “On-Prem SharePoint Server” in the list of the available connectors for Logic Apps and API Apps.


Also, SharePoint is visible in the API Apps catalog in Azure, too.

API Apps Marketplace

It has made me think that a SharePoint 2016 could, in theory, use the new Azure App infrastructure to run workflows (now called Logic Apps, similar to BizTalk orchestrations) that span multiple services: SharePoint, Exchange, public and private social networks, data stores and so on. The logic of the workflow would be based in Azure and it would consume the other services through the connectors. The authentication clould be brokered by the Azure AD.

I like the idea. Only the Ignite will let us know how much of the idea holds true.