Update README.md

Author: TylerLu

README.md

@@ -8,6 +8,7 @@ School data is kept in sync in O365 Education tenants by [Microsoft School Data
 
 - [Sample Goals](#sample-goals)
 - [Prerequisites](#prerequisites)
+- [Generate a self-signed certificate](generate-a-self-signed-certificate)
 - [Register the application in Azure Active Directory](#register-the-application-in-azure-active-directory)
 - [Run the sample locally](#run-the-sample-locally)
 - [Deploy the sample to Azure](#deploy-the-sample-to-azure)
@@ -31,6 +32,7 @@ The sample demonstrates:
 - Getting schools, classes, teachers, and students from Office 365 Education:
 
   - [Office 365 Schools REST API reference](https://msdn.microsoft.com/office/office365/api/school-rest-operations)
+  - A [Differential Query](https://msdn.microsoft.com/en-us/library/azure/ad/graph/howto/azure-ad-graph-api-differential-query) is used to sync data that is cached in a local database by the SyncData Web Job.
 
 This sample is implemented with the Python language and [Django](https://www.djangoproject.com/) web framework.
 
@@ -350,18 +352,19 @@ O365 users authentication is implemented with Open ID Connect.
 
 **Data Access**
 
-In this sample, [Django's built-in ORM](https://docs.djangoproject.com/en/1.11/topics/db/) is used to access data from the backend SQLite database.
+In this sample, [Django's built-in ORM](https://docs.djangoproject.com/en/1.11/topics/db/) is used to access data from the backend MySQL database.
 
 Below are the tables:
 
-| Table                          | Description                              |
-| ------------------------------ | ---------------------------------------- |
+| Table                          | Description                                                  |
+| ------------------------------ | ------------------------------------------------------------ |
 | auth_user                      | Django built-in user table which contains users' authentication information: username, email, password... |
 | user_roles                     | Contains users' roles. Three roles are used in this sample: admin, teacher, and student. |
 | profiles                       | Contains users' extra information: *favoriteColor*, *organization_id*,  *o365UserId*, and *o365Email*. The later two are used to connect the local user with an O365 user. |
 | organizations                  | A row in this table represents a tenant in AAD.<br>*isAdminConsented* column records if the tenant consented by an administrator. |
-| token_cache                    | Contains the users' access/refresh tokens. |
-| classroom_seating_arrangements | Contains the classroom seating arrangements data. |
+| token_cache                    | Contains the users' access/refresh tokens.                   |
+| classroom_seating_arrangements | Contains the classroom seating arrangements data.            |
+| data_sync_records              | Stores data sync records like the delta link.                |
 
 Models are defined in **/models/db.py**.
 
@@ -419,6 +422,12 @@ Users from any Azure Active Directory tenant can access this app. Some permissio
 
 For more information, see [Build a multi-tenant SaaS web application using Azure AD & OpenID Connect](https://azure.microsoft.com/en-us/resources/samples/active-directory-dotnet-webapp-multitenant-openidconnect/).
 
+**SyncData WebJob**
+
+The sync data WebJob is a standalone Python app. It is located in `/webjobs/sync_data` folder and will be deployed to `/App_Data/jobs/triggered/` folder of the Web App after the deployemnt.
+
+This app was created to demonstrate differential query. Please check [Differential query](differential-query) section for more details.
+
 ### Office 365 Education API
 
 The [Office 365 Education APIs](https://msdn.microsoft.com/office/office365/api/school-rest-operations) return data from any Office 365 tenant which has been synced to the cloud by Microsoft School Data Sync. The APIs provide information about schools, classes, teachers, students, and rosters. The Schools REST API provides access to school entities in Office 365 for Education tenants.
@@ -488,6 +497,16 @@ Below are some screenshots of the sample app that show the education data.
 
 ![](Images/edu-class.png)
 
+### Differential Query
+
+A [differential query](https://msdn.microsoft.com/en-us/Library/Azure/Ad/Graph/howto/azure-ad-graph-api-differential-query) request returns all changes made to specified entities during the time between two consecutive requests. For example, if you make a differential query request an hour after the previous differential query request, only the changes made during that hour will be returned. This functionality is especially useful when synchronizing tenant directory data with an application’s data store.
+
+The related code is in `/webjobs/sync_data/user_data_sync_service.py`.
+
+Below is the log generated by the SyncData WebJob:
+
+[![img](https://github.com/TylerLu/EDUGraphAPI/raw/master/Images/sync-data-web-job-log.png)](https://github.com/TylerLu/EDUGraphAPI/blob/master/Images/sync-data-web-job-log.png)
+
 ### Authentication Flows
 
 There are 4 authentication flows in this project.
@@ -514,6 +533,18 @@ This flow is implemented in the AdminController.
 
 ![](Images/auth-flow-admin-login.png)
 
+**Application Authentication Flow**
+
+This flow in implemented in the SyncData WebJob.
+
+![](Images/auth-flow-app-login.png)
+
+An X509 certificate is used. For more details, please check the following links:
+
+- [Daemon or Server Application to Web API](https://docs.microsoft.com/en-us/azure/active-directory/active-directory-authentication-scenarios#daemon-or-server-application-to-web-api)
+- [Authenticating to Azure AD in daemon apps with certificates](https://azure.microsoft.com/en-us/resources/samples/active-directory-dotnet-daemon-certificate-credential/)
+- [Build service and daemon apps in Office 365](https://msdn.microsoft.com/en-us/office/office365/howto/building-service-apps-in-office-365)
+
 ### Two Kinds of Graph APIs
 
 There are two distinct Graph APIs used in this sample: