title | description | ms.localizationpriority | author |
---|---|---|---|
Access national cloud deployments with the Microsoft Graph SDKs |
Provides instructions for accessing national cloud deployments using the Microsoft Graph SDKs. |
medium |
jasonjoh |
By default, the Microsoft Graph SDKs are configured to access data in the Microsoft Graph global service, using the https://graph.microsoft.com
root URL to access the Microsoft Graph REST API. Developers can override this configuration to connect to Microsoft Graph national cloud deployments.
You will need the following information to configure a Microsoft Graph SDK to connect to a national cloud deployment.
- Application registration details, such as client ID, tenant ID, and client secret or certificate. The application registration MUST be created in the Microsoft Entra admin center that corresponds to the national cloud deployment. See App registration and token service root endpoints for details.
- The token endpoint for the national cloud deployment.
- The Microsoft Graph service root endpoint for the national cloud deployment. See Microsoft Graph and Graph Explorer service root endpoints for a list of endpoints.
In order to connect to a national cloud deployment, you must configure your authentication provider to connect to the correct token service endpoint. Then you must configure the SDK client to connect to the correct Microsoft Graph service root endpoint.
Any permission scope value (including the .default
scope) that contains the Microsoft Graph domain MUST use the domain of the Microsoft Graph service root endpoint for the national cloud deployment. The shortened permission scope names, such as User.Read
or Mail.Send
, are also valid.
- For incremental or dynamic consent,
User.Read
andhttps://graph.microsoft.us/User.Read
are equivalent for the US Government L4 national cloud. - For statically defined permissions, or if you are using client credentials flow for app-only permissions,
https://graph.microsoft.us/.default
is the correct.default
scope value.
The following example configures an Interactive authentication provider with the Microsoft Graph SDK to connect to the Microsoft Graph for US Government L4 national cloud.
:::code language="csharp" source="./snippets/dotnet/src/SdkSnippets/Snippets/NationalClouds.cs" id="NationalCloudSnippet":::
:::code language="go" source="./snippets/go/src/snippets/national_clouds.go" id="ImportSnippet":::
:::code language="go" source="./snippets/go/src/snippets/national_clouds.go" id="NationalCloudSnippet":::
:::code language="java" source="./snippets/java/app/src/main/java/snippets/NationalClouds.java" id="NationalCloudSnippet":::
:::code language="php" source="./snippets/php/snippets/NationalClouds.php" id="NationalCloudSnippet":::
Connect-MgGraph -Environment USGov -ClientId 'YOUR_CLIENT_ID' `
-TenantId 'YOUR_TENANT_ID' -Scopes 'https://graph.microsoft.us/.default'
:::code language="python" source="./snippets/python/src/snippets/national_clouds.py" id="NationalCloudSnippet":::
:::code language="csharp" source="./snippets/typescript/src/snippets/nationalClouds.ts" id="NationalCloudSnippet":::