Get Azure AD groups assigned to login user on windows machine

Question

I am using office 365 credentials to login to windows 10 machine. I have written a desktop winform application in c# where I just want to get email address and ad group assigned to that login user.

I don't want to relaunch login from desktop app. Just want to use existing user info to get email address and user groups. I am only able to get local groups assigned to that user but required AD groups too.

Answer 1

You must throw login challenge from your desktop app at least once to get the auth token to be able to query graph api (details in the next para) and keep the token cache so that it does not prompt the user again next time onwards. There is no other way I am aware of. You need to create a native client app in AD (or if you want to reuse some existing one, that will do too) and grant Graph API user.read permission to it. Here is an end-to-end guide for that. https://docs.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-windows-desktop (well, the example is for WPF, but Winforms would be very similar except the XAML part). If you follow this example, the login screen which will show for the first time will automatically have O365 Windows logged-in user populated (because of .WithPrompt(Prompt.SelectAccount) part in the bootstrapping) if that gives a bit of relief to you app users.

Once you get the access token, you need to query Graph API for that. Here is the programmatic way (C# based on your tag in the question) to get the user details for a logged in user (me) and to get the user groups for the user (me) .