Introduction:
This post will show you to change a displayName of a registered web application from another application using client credentials flow with Application Permission
Walk Through steps:
1) In Azure AD’s App Registration portal, create 2 new app registrations called TestAppA and TestAppB. We will use TestAppA to change the display Name of TestAppB. It is not important what permission you configure for TestAppB. For TestAppA make sure you configure Microsoft Graph’s Application.ReadWrite.OwnedBy permission (check the option for “Manage apps that this app creates or owns) under Application Permission and also click on the “Grant Permission” button to provide admin consent to TestAppA
Also note the Application ID for both TestAppA and TestAppB
2) For TestAppA create a new key and note its value:
3) Get the Object ID of TestAppA’s Service Principal from the Enterprise applications blade
4) Use Microsoft Graph Explorer tool to make the TestAppA’s Object ID obtained in step 3 the owner of TestAppB by issuing the following POST request:
POST https://graph.microsoft.com/applications/{id of App2}/owners/$ref
POST Body:
{
“@odata.id”:”https://graph.microsoft.com/v1.0/servicePrincipals/{SP ObjectId of App1}“
}
Note: Wait at least 20 minutes to perform the steps below:
5) For demo purposes I am using PostMan in this step to get an access token for TestAppA.
POST request to https://login.microsoftonline.com/<Directory ID>/oauth2/v2.0/token
POST body:
grant_type=client_credentials&scope=https://graph.microsoft.com/.default&client_id=<TestAppA App ID>&client_secret=xxx
6) Use PostMan to issue a PATCH request with an access token obtained above to change TestAppB’s displayName
PATCH https://graph.microsoft.com/beta/applications/<TestAppB App ID>
Body:
{
“displayName”: “new name”
Summary:
The steps above demonstrates the concept of how to change an application’s property such as displayName from another application. You can use the same technique to change an application’s other properties. The key here is that in order to change an application’s property, the calling app needs to have Application.ReadWrite.OwnedBy MS Graph permission and it needs to be an owner of the callee app. For demo purposes, this post uses PostMan to get an access token and issues an MS Graph call to change the property. In practice the calling application can use ADAL library to get an access token and make the same MS Graph call.