Introduction:

This post will show you to change a displayName of a registered web application from another application using client credentials flow with Application Permission

Walk Through steps:

1) In Azure AD’s App Registration portal, create 2 new app registrations called TestAppA and TestAppB. We will use TestAppA to change the display Name of TestAppB. It is not important what permission you configure for TestAppB. For TestAppA make sure you configure Microsoft Graph’s Application.ReadWrite.OwnedBy permission (check the option for “Manage apps that this app creates or owns) under Application Permission and also click on the “Grant Permission” button to provide admin consent to TestAppA

clip_image002

Also note the Application ID for both TestAppA and TestAppB

clip_image004

2) For TestAppA create a new key and note its value:

clip_image006

3) Get the Object ID of TestAppA’s Service Principal from the Enterprise applications blade

clip_image008

4) Use Microsoft Graph Explorer tool to make the TestAppA’s Object ID obtained in step 3 the owner of TestAppB by issuing the following POST request:

POST https://graph.microsoft.com/applications/{id of App2}/owners/$ref
POST Body:
{

“@odata.id”:”https://graph.microsoft.com/v1.0/servicePrincipals/{SP ObjectId of App1}

}

clip_image010

Note: Wait at least 20 minutes to perform the steps below:

5) For demo purposes I am using PostMan in this step to get an access token for TestAppA.

POST request to https://login.microsoftonline.com/<Directory ID>/oauth2/v2.0/token

POST body:

grant_type=client_credentials&scope=https://graph.microsoft.com/.default&client_id=<TestAppA App ID>&client_secret=xxx

clip_image012

6) Use PostMan to issue a PATCH request with an access token obtained above to change TestAppB’s displayName

PATCH https://graph.microsoft.com/beta/applications/<TestAppB App ID>
Body:
{

“displayName”: “new name”

}
clip_image014

Summary:

The steps above demonstrates the concept of how to change an application’s property such as displayName from another application. You can use the same technique to change an application’s other properties. The key here is that in order to change an application’s property, the calling app needs to have Application.ReadWrite.OwnedBy MS Graph permission and it needs to be an owner of the callee app. For demo purposes, this post uses PostMan to get an access token and issues an MS Graph call to change the property. In practice the calling application can use ADAL library to get an access token and make the same MS Graph call.

Leave a Comment