If we want to access the data across Office 365 cloud services, we should register our application in the App Registration portal, because all services are integrated with the Microsoft Identity Platform to provide secure sign-in and authorization for their services.
Once the app is registered, we can get control to access one or more services from:
- Application authentication and authorization
- User authentication and authorization
- Single Sign-On federation or password
- User provisioning and synchronization
- Role-based access control
- OAuth authorization services
- Application publishing and proxy
Applications can be registered from different places and some of them are.
- Applications registrations in the Azure Portal
- We can create a new application and configure it use Azure AD authentication from Visual Studio
- Add an application from App Gallery
- PowerShell
- Microsoft Graph AP
We mostly use App Registration from Azure Portal for registering the app. In this post, I would like to show you the steps to manage Application objects using Microsoft Graph API from Microsoft Graph Explorer.
Navigate to the Microsoft Graph Explorer and then log in to the tool using the button Sign in Graph Explorer. Managing application operations are supported in both versions (v1.0 and beta) of Microsoft Graph endpoints. Select any version from the Request dropdown.
Get the lists of registered applications
Follow the below steps to get the list of available registered applications,
- Select the GET operation
- Enter the below Graph API endpoint,
https://graph.microsoft.com/v1.0/applications
- Ensure at least the below permission scope is consented
Directory.Read.All
- Under the response preview, we can see all the registered applications.
Get the lists of deleted applications
Follow the below steps to get the list of deleted application objects from App Registrations,
- Choose the GET operation
- Enter the below Graph API endpoint,
https://graph.microsoft.com/v1.0 /directory/deleteditems/microsoft.graph.application
- Ensure at least below permission scope is consented
Directory.Read.All
- Under the response preview, we can see all the deleted applications.
Get the single application
Follow the below steps to view the single application object,
- Choose the GET operation
- Enter the below Graph API endpoint,
https://graph.microsoft.com/v1.0 /application/<application id>
- Ensure at least below permission scope is consented
Directory.Read.All
- Under the response preview we can see the properties of a single application object.
Create a basic new application object
Follow the below steps to create a new basic application object in App Registrations:
- Select the POST method from Request dropdown
- Select the version as v1.0
- Enter the below Graph API endpoint,
https://graph.microsoft.com/v1.0 /applicatons
- Ensure at least below permission scope is consented
Directory.AccessAsUser.All
- Enter the below valid JSON in a Request Body area
- {
- “diplayName”: “Application Name”
- }
- Click Run Query button
- Under the response preview, we can see all the properties of the created application.
Create a new Application object with additional properties
Follow the below steps to create a new application object in App Registrations,
- Select the POST method from Request dropdown
- Enter the below Graph API endpoint
https://graph.microsoft.com/v1.0 /applicatons
- Enter the below valid JSON in a Request Body area
- {
- "displayName": "msgraph-new-appname",
- "web": {
- "redirectUris": ["http://localhost:2020/"],
- "implicitGrantSettings": {
- "enableAccessTokenIssuance": true,
- "enableIdTokenIssuance": true
- }
- }
- }
- Click Run Query button
- Under the response preview, we can see all the properties of the created application.
Update Application object
Follow the below steps to modify the application object in App Registrations,
- Select the PATCH method from Request dropdown
- Enter the below Graph API endpoint,
https://graph.microsoft.com/v1.0 /applicatons/<application-id>
- Ensure at least the below permission scope is consented
Directory.AccessAsUser.All
- Enter the below valid JSON in a Request Body area
- {
- "web": {
- "redirectUris": [
- "http://localhost:2021/"
- ],
- "implicitGrantSettings": {
- "enableAccessTokenIssuance": false
- }
- }
- }
- Click Run Query button
- This will change the redirect URL and un-check the Access Token for the registered App
Delete the registered Application object
Follow the below steps to delete the application object from App Registrations,
- Select the DELETE method from Request dropdown
- Enter the below Graph API endpoint,
https://graph.microsoft.com/v1.0 /applicatons/<application-id>
- Ensure at least the below permission scope is consented:
Directory.ReadWrite.All or Directory.AccessAsUser.All
- Click Run Query button
- This will remove the registered App from the App Registrations
Restore the deleted Application object
Follow the below steps to restore the deleted application object from App Registrations. Once deleted, the apps are moved to the directory object. To restore it, we must select the application based on its id from directory object and use the restore keyword to restore it.
- Select the POST method from Request dropdown
- Enter the below Graph API endpoint,
https://graph.microsoft.com/v1.0 /directory/deletedItems/<application-id>/restore
- Ensure at least the below permission scope is consented
Directory.AccessAsUser.All
- Click Run Query button
- This will restore the registered App from the App Registrations. This enables us to access the app from application objects.
Permanently delete the Application object from App Registration
Follow the below steps to permanently remove the application object from App registrations. After removing from app registrations, the deleted items are stored in a directory.
To permanently remove, we must remove it from both Applications and Directory
- Delete the app from applications
- Select the DELETE method from Request dropdown
- Select the version as v1.0
- Enter the below Graph API endpoint,
https://graph.microsoft.com/v1.0 /directory/deletedItems/<application-id>
- Ensure at least the below permission scope is consented
Directory.AccessAsUser.All
- Click Run Query button
- Now the application object is removed permanently from your tenant.
So far, we have learned how to Create, Read, Update and Delete the Application objects from App Registrations. There are a lot of options available in Microsoft Graph API to work with the Application object. We will explore those options in upcoming posts.