How to Create a Graph Schema Extension using Graph Explorer

I've been doing a lot of SPFx, NET Core and Office 365 related development and I have several stories to share.

During the implementation of one of the features in a custom API application, I had to create a schema extension in Microsoft Graph for a Group object, for the purposes of classification. As I stumbled upon a non-intuitive behaviour of the API in Graph Explorer, I hope to save you a couple of hours if you have to do the same.

I went to the extensive Graph documentation to see how to perform such a call to MS Graph. It didn't seem particularly difficult, just a POST with JSON data on the schemaExtensions endpoint.

In Graph Explorer application that I was using, I kept getting "Request denied due to insufficient permissions". I double and triple-checked that my Graph Explorer indeed had the needed permissions (Directory.AccessAsUser.All). No matter what I did, I kept getting the same error.

In the end, it seemed to be a limitation on Graph Explorer client. To overcome it, Microsoft added a workaround:

• Register another Web / API application in Azure Active Directory
• Add the required permissions to create schema extension to that application
• In Graph Explorer, prepare a POST request to schemaExtensions endpoint
• Add "owner" property in the JSON payload, with the value of the authorized application App ID
• Voilà! The schema extension is created.

My schema creation request JSON payload was like this:

{
  "id": "classificationGroup",
  "owner": "937451d2-b057-4d16-8ea0-fd50b9531fef",
  "description": "Custom group classification",
  "targetTypes": \[
    "Group"
  \],
  "properties": \[
    {
      "name": "classificationValue",
      "type": "String"
    }
  \]
}