Reregistering Graph API
This section describes how to reregister Microsoft Graph API.
You are to reregister Graph API when the expiration date of Graph API is approaching or confidential information (Azure AD Client Secret) of Graph API has leaked.
[ Note ]
Perform reregistration of Graph API before Graph API expires.
If Graph API has expired, provisioning with Microsoft 365 (Azure AD) will fail and data inconsistency will occur between the IIJ ID Service and Microsoft 365.
Moreover, a job of an error saying "There is a problem with the settings of the Graph API" will occur. Refer to "Troubleshooting Failed Jobs" for more information.
[ Reference ]
The expiration date of Graph API can be checked in "Application Management" on IIJ ID Console. As shown in the images in steps 2 and 4 below, it is displayed in "Graph API status" or "Azure AD Client Secret expiration date" of the relevant application.
As the expiration date of Graph API approaches, an email that informs you of the fact that the expiration date is approaching is sent to "Mail destination from the system."
- Click "Application" and then "Application Management."
- Click "Microsoft 365" and then "Edit."
- Click "Graph API."
Click "Edit."
- Click "Download PowerShell Script."
- Run PowerShell on a Windows computer.
Use the following command to run the PowerShell script as illustrated in the example.
[ Reference ]
Write down the Graph API information displayed after execution of the PoswerShell script because the information will be used in the next step.
Example command line display)
powershell -ExecutionPolicy bypass -File '.\setup_graph_api.ps1
[ Reference ]
The following window may be displayed at the time of execution.
If this window is displayed, click "Accept" without checking the "Consent on behalf of your organization" box.Enter the Graph API information obtained in step 7 in IIJ ID Console and click "Configure."
Option Description Comments Azure AD Tenant ID Azure AD tenant ID you use Azure AD Client ID Azure AD client ID used for Graph API Azure AD Client Secret Azure AD client secret used for Graph API This information is sensitive. Exercise care in the handling of this information. [ Note ]
If you reregister Graph API during provisioning processing, the provisioning may end up in failure (A job indicating that the provisioning has failed will be generated). For this reason, we recommend executing "Reregistration of Graph API" and then "Reissue" when no provisioning job is generated.
When the reregistration has been completed, confirm that the provisioning task will succeed.
Refer to "Verifying Provisioning Jobs of Microsoft 365 Applications" for how to check it.[ Reference ]
Because provisioning is performed periodically, it may take some time before it is executed.