The Microsoft Entra family of identity and network access solutions helps you protect any identity and secure access to any resource. Use the Microsoft Graph APIs to automate identity and access management tasks and integrate with any application.

To skip directly to the API reference, seeMicrosoft Graph APIs for Microsoft Entra features.

Manage user identities and control access to apps, data, and resources

Millions of customers and organizations use Microsoft cloud services like Microsoft 365, Microsoft Azure, and the Enterprise Mobile + Security suite of products. These services use Microsoft Entra ID as their identity and access management solution. You can also integrate Microsoft Entra ID into your custom applications.

Some Microsoft Entra ID capabilities that you can integrate to your apps using Microsoft Graph include:

• User management - Look up and manage user profiles, license assignment, memberships, and privileges in the tenant. Manage organizational relationships, track assignments, or create original solutions that incorporate existing organizational data. Manage authentication methods for users.
• Group management - Create groups to manage users and control access to resources. Use administrative units to organize groups, users, and devices for easier management and delegated administration.
• Application management - Register cloud applications, manage application permissions and privileges, and users who can sign in. Provide secure remote access to on-premises applications.
• Manageadministrative roles, which grant permission to perform specific tasks.
• Automatically provision and manage user identities and roles to other SaaS apps that users need to access.

Tenant management

Microsoft Entra APIs for tenant management allow you to:

• Get information about anorganization (the tenant), such as its business address, technical and notification contacts, active service subscriptions, and the domains associated with it.
• Get information about theservice SKUs that a company is subscribed to.
• Set upcross-tenant synchronization to synchronize user accounts between the multiple Microsoft Entra tenants that your organization owns.
• Identify basic information about other Microsoft Entra tenants.

Partner tenant management

Microsoft partners who resell and manage Microsoft Online Services, such as Microsoft 365 and Microsoft Azure, can view theorganization tenants they currently manage. They can also usegranular delegated administrative privileges for least-privilege access to the tenants they manage.

As a Microsoft partner, you can alsomanage domains associated with a tenant. Domain operations enable Microsoft partners to automate domain registration for services such as Microsoft 365.

Protect, monitor, and audit access to critical assets

Use Microsoft Entra ID Governance APIs to ensure the right people have the right access to the right apps and services at the right time.

• Automatically grant access for internal and external users to resources usingentitlement management APIs. Enforce separation of duties to avoid conflicting access.
• Regularly review access to groups, applications, and privileged roles in your organization. For more information, seeaccess reviews APIs.
• Automate employee onboarding, internal movement, and offboarding using thelifecycle workflows APIs.
• Useprivileged identity management for Microsoft Entra roles APIs to activate time-bound administrator privilege on demand, enforce mandatory justification of role activation, and multifactor authentication for actors in privileged roles.
• Useprivileged identity management for groups APIs to govern access to groups that have privileged access to resources.

Strengthen security for your identities

Use Microsoft Entra ID Protection APIs and Microsoft Entra Workload ID APIs to detect and mitigate identity-based risks before they cause damage.

• Use theauthentication methods APIs to configure multifactor authentication, including phishing-resistant multifactor authentication methods, to reduce risks associated with compromised credentials.
• Enforce risk-basedconditional access policies to adapt near real-time to risk conditions.
• Detect, report, and react to anomalies that indicate potentially compromised accounts.
• Detect risks for both human and nonhuman.

Secure access to apps for external identities

Collaboration with external users like customers and business partners is a common part of daily business for many organizations. Microsoft Entra External ID APIs allow you to:

• Invite external users to your organization.
• Forcustomers, customize their sign-in and sign-up experiences, let them bring their own identity (BYOI) to your application, and secure access to customer-facing applications.
• Forbusiness partners, governcollaboration with other Microsoft Entra ID tenants, secure their access to your applications, and manage the lifecycle of their access to resources in your organization.

Use identity-centric configurations to strengthen network traffic

Use theGlobal Secure Access APIs for identity-centric configurations to secure access to private apps and resources, and protect access to the internet, software as a service (SaaS), and Microsoft 365 apps and resources.

Zero Trust

This feature helps organizations to align their tenants with the three guiding principles of a Zero Trust architecture:

• Verify explicitly
• Use least privilege
• Assume breach

To find out more about Zero Trust and other ways to align your organization to the guiding principles, see theZero Trust Guidance Center.

API reference

Looking for the API reference for this service? Find the relevant links below.

• Manage Microsoft Entra identity and network access capabilities by using Microsoft Graph v1.0
• Manage Microsoft Entra identity and network access capabilities by using Microsoft Graph beta

Next step