Introduction
For branding purposes, you can customize the logo for your app registration. Normally, this is done manually through the portal:
However, if you have a scenario where you have many tenants to update, this can be a very tedious process and so automation can come in handy. The purpose of this blog post is to show you how this can be updated via code. Since the endpoint requires a Stream, I will present to you a simple C# application that handles the update. I will then show you how this can be done using Postman as well.
Update the logo with C# .Net Core code
AAD Graph has the ability to update or upload the application logo or icon that you see in the portal.
Our documentation for the application endpoint: https://docs.microsoft.com/en-us/previous-versions/azure/ad/graph/api/entity-and-complex-type-reference#application-entity
The property that needs to be modified is “mainLogo.” Although the documentation states that you can perform a POST, GET and PATCH operation on this property, you can only perform a GET and a PUT operation (documentation is wrong and not being updated). Currently, updating the logo is not yet possible in Microsoft Graph.
- Create an app registration for the c# application to authenticate with permissions for Azure Active Directory Graph / Application.ReadWrite.All and grant admin consent – you will need the app id for this new registration.
- Create a client secret on this app registration and be sure to record the value as you will need it.
Download the .NetCore GitHub project here: https://github.com/RayGHeld/Update_AppImage
AuthSettings.cs
[gist id=”55e73d594b006c7efed4d3662945c82c” file=”AuthSettings.cs”]
In the AuthSettings.cs file, you will need to plug in your client_id (application id), the client_secret and your tenant_id ( or tenant name ).
Program.cs
[gist id=”55e73d594b006c7efed4d3662945c82c” file=”Program.cs”]
In the Program.Cs file, you will need to put the application id for the app that is to receive the new logo into the property AppId_toUpdate.
Build the project if not already built. Then, copy and paste your image file that you are going to use into the root of the Debug.Bin folder (unless you are using a different build). Since this is a .Net Core app, it needs to be located either in the root or a subfolder of the root. The file must conform to the limitations of the icon as defined in the portal:
Update the property NewImage_Path in the Program.cs file with the file name (or folder/filename if in a sub folder).
Build and run. It may take a few seconds for the icon to load to the portal and you will have to refresh the page to see the updated icon.
Update the logo using Postman
You can also perform this task with Postman, however, it does require the extra step of obtaining an access token. Please see this blog about how to get an access token but use the app registration you’ve created in this blog for the access token and the resource set to https://graph.windows.net (the endpoint for aad graph).
Our postman setup
You will be making a PUT call to: https://graph.windows.net/{tenant_id}/applicationsByAppId/{app_id_to_update}/mainLogo?api-version=1.6
Setup your postman like so but for {{access_token}} replace that with your access token you’ve acquired a few moments ago:
The Content-Type must be set to “application/x-www-form-urlencoded”
Click on the “Body” tab and then select the “binary” radial button, then click the button to “Choose Files”
Once the file is chosen, click the Send button!
You should get a status of 204 No Content
Check the Branding for the app registration and…
Conclusion
As you can see, we can use the AAD Graph endpoint programmatically to update the app registrations logo for branding purposes. If you are only doing a single app here and there, this is probably way too much work to accomplish this task, it would be easier to just go to the portal and select a file there. But, if you have a need to update many tenants, then this would be your best solution.
Thank you for using Microsoft Azure!
Ray Held
Microsoft Azure AD Developer Support Engineer
Team Blog: https://blogs.aaddevsup.xyz
Facebook: https://www.facebook.com/AzureADDevSupport
Twitter: @AadDeveloper
This is a perfect example of an article which demonstrates how making simple changes can be so unnecessarily complex in a Microsoft environment. Perhaps Google or Apple can add a Microsoft enterprise APP to enable Microsoft enterprise application logo changes after the fact.
Great article, thx Ray, I know this now could be achieved using MS Graph APIs as well, through the /applications endpoint, couldn’t find a way through the service principal!