Office365

Configuring Azure AD

Step 1: Sign in to the Azure portal

  • Navigate to the Azure portal.

  • Sign in with your Azure account credentials.

Step 2: Register an Application

  • In the left-hand navigation pane, click on "App registrations."

  • Click on "New registration" to create a new application.

Fill in the required information:

  • Name: Give your application a meaningful name.

  • Supported account types: Choose the appropriate option (e.g., "Accounts in this organizational directory only").

  • Click on "Register" to create the application.

Step 3: Get the Application (Client) ID and Tenant ID

  1. After registering the application, go to the "Overview" page.

  2. Note down the "Application (client) ID" and "Directory (tenant) ID." The client ID is used for authentication, and the tenant ID is needed to identify the Azure AD directory.

Step 4: Generate a Client Secret

  1. In the left-hand navigation pane, click on "Certificates & Secrets."

  2. Under the "Client secrets" section, click on "New client secret."

  3. Enter a description, choose the expiry period, and click "Add."

  4. After creation, note down the secret value. This is your Client Secret. Copy it immediately, as it won't be visible again.

Value is the Client Secret

Step 5: Configure Application Permissions for Microsoft Graph

  • In the Azure portal, go to "App Registrations."

  • Select the app you are configuring.

  • Under "Manage," select "API permissions."

  • Under "Configured permissions," select "Add a permission."

  • Choose "Microsoft APIs" tab, then select "Microsoft Graph."

  • Select "Application permissions."

  • Expand the appropriate permission groups and select the checkboxes for the following permissions:

    • Directory.AccessAsUser.All

    • Directory.ReadWrite.All

    • User.ReadWrite.All

    • UserAuthenticationMethod.ReadWrite.All

  • Select "Add permissions" and wait a few minutes before proceeding to the next step.

  • Select "Grant admin consent for (your tenant name)."

  • If not signed in with a Global Administrator account, sign in with an account in your Azure AD B2C tenant assigned at least the Cloud application administrator role.

  • Select "Grant admin consent for (your tenant name)."

  • Select "Refresh," and verify that "Granted for..." appears under Status. It may take a few minutes for the permissions to propagate.

Last updated