Creating Azure AD App

Introduction

 
MSFT Graph API  is the unified programmability model developed by MSFT that can be used to build apps that interact with the data of millions of users. It implements many of the OData query parameters.  This graph API is program independent, which means this service can be consumed in applications programmed in any language (C#, Java, PHP, JavaScript, etc..). You can also sign up for a developer tenant from MSFT if you do not have access to a tenant to configure the Azure AD app. Please go to the references section for signing up for developer tenant.  
 
To start working with graph API, I am dividing the article into 2 series. 
  1. Creating Azure AD application and configuring with right API permissions (this article)
  2. Consuming the Graph API from a console application using .net core
The Graph API can be used to get the data from the tenant, such as user's data, user's contacts, users' groups, Tenant data such as O365 groups, O365 sites, etc. to consume that data in your applications.  
 

Creating Azure AD application and configuring with right permission role

 
For this article, I have taken developer tenant and performed the below steps. The same steps can be done in PROD tenant. This requires Global Admin rights to create an application and configure it with the right permissions. 
 
Step 1
 
Log in to the Azure AD portal at https://portal.azure.com with global admin rights.
 
Step 2
 
Click on ‘Azure AD’
 
Creating Azure AD App
 
Step 3
 
Under manage look for ‘App Registration’.
 
Creating Azure AD App
 
Step 4
 
Click on ‘New Registration’ 
 
Creating Azure AD App 
 
Step 5
 
Name your application as ‘graph console app’ and select the account types as ‘Accounts in this organization directory only. Leave rest all default and click on ‘Register’
 
Creating Azure AD App
 
Step 6
 
After the application is created, go to ‘Graph Console App’ and click on ‘Certificates & secrets’ under ‘Manage’. Click on ‘New client secret’ under the ‘Client secrets’ section.
 
Creating Azure AD App
 
Creating Azure AD App
 
Step 7
 
Enter the description as ‘graphconsoleappsecret’ and you can leave the default option as ‘Recommended: 6 months’. Click on ‘Add’. Please note that the secret expires and the graph application will get 401 unauthorized error. Follow your organization's recommendation.
 
Creating Azure AD App
 
Step 8
 
You will have the value populated and make sure to copy it by clicking on the little copy symbol. Please note that once you go outside and come back to this application, the secret value gets hidden. so make sure to copy a safe place.
 
Creating Azure AD App
 
At the end of this section, you should have the following values. These values are needed in the .net console app to consume the Graph API services. 
  • Tenant ID: This can be found from the home page of the azure portal or from the application overview
  • Application ID: can be found from the application
  • App Secret: got from the client secrets section after the secret is created. 
Creating Azure AD App 
 
Step 9
 
Configure API Permissions and click on ‘Add a permission’ and select ‘Microsoft Graph’
 
Creating Azure AD App
 
Creating Azure AD App
 
Step 10
 
In the ‘Request API Permissions’ select ‘Application permissions’.
 
Creating Azure AD App
Step 11
 
In the select permissions look for ‘User.R’ and click enter. Select under user ‘User.Read.All’
 
Creating Azure AD App
 
Step 12
 
Grant Admin Consent. After configuring permission, it requires admin consent. you should be seeing a warning yellow symbol, ‘Not granted for Contoso’ (this is your company name. in this case I was referring to Contoso).
 
Creating Azure AD App 
 
Once clicked on Grant admin consent, you should be getting a pop-up, do you want to grant consent for the requested permissions for all the accounts in your tenant? select ‘Yes. you should be getting a ‘Grant Consent’ successful message. 
 
Creating Azure AD App
 
Creating Azure AD App 
 
Step 13
 
Validate that now for the Azure AD application ‘Graph console app’ that is created you should see the API configured permissions Users.Read.All and the admin consent status is set as ‘Green check mark’.  
 
Creating Azure AD App
 
These steps confirm the Azure AD application is successfully created and the right API permissions or configured.
 

Conclusion

 
Thus in this article, we have seen how to create an Azure AD app and configure the API permissions for the App. In the next article, we will see how can we get the data in your console applications using the Graph API. 
 
References
  • https://developer.microsoft.com/en-us/microsoft-365/dev-program
  • https://docs.microsoft.com/en-us/graph/use-the-api