Common Microsoft First Party Apps resource table

The information below is taken from the manifest file in the App Registration portal Azure Resource Resource URL Resource App ID Azure AD Graph https://graph.windows.net/ 00000002-0000-0000-c000-000000000000 Microsoft Graph https://graph.microsoft.com/  00000003-0000-0000-c000-000000000000 Azure Key Vault https://vault.azure.net cfa8b339-82a2-471a-a3c9-0fc0be7a4093 Azure Service Management https://management.azure.com/ 797f4846-ba00-4fd7-ba43-dac1f8f63013 Power BI Service https://analysis.windows.net/powerbi/api/ 00000009-0000-0000-c000-000000000000 Azure Storage https://storage.azure.com/ e406a681-f3d4-42a8-90b6-c2b029497af1 Azure DevOps https://app.vssps.visualstudio.com/ 499b84ac-1321-427f-aa17-267ca6975798 Office 365 Management API https://manage.office.com/ c5393580-f805-4401-95e8-94b7a6ef2fc2 Intune https://api.manage.microsoft.com/ c161e42e-d4df-4a3d-9b42-e7a3c31f59d4 SharePoint https://microsoft.sharepoint-df.com/ 00000003-0000-0ff1-ce00-000000000000 Exchange https://outlook.office365.com/ 00000002-0000-0ff1-ce00-000000000000 Note: for…

Read More

AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application

Last Updated: August 23 2019 Let’s get started… When your developing or integrating an application with Azure AD, you might see the following similar error… AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: ‘XXX’. This is because the redirect_uri (when using OpenID Connect) or AssertionConsumerServiceUrl (when using SAML2) being passed to Azure Active Directory to sign-in, does not exist in…

Read More

How to Use the .Net Microsoft Graph SDK to Get Users and Get Next Page of Results

Introduction This post will explain how to use the .Net Microsoft Graph SDK in order to get users. This article is assuming that you have already gotten an Access Token using ADAL .NET. In order to learn more on how to get the Adal .NET token, please reference : How to Use the ADAL .NET library to Acquire a Token Interactively in a Console Application (Authorization Code Flow) Link Warning…

Read More

How to Use the ADAL .NET library to Call the Microsoft Graph API in a Console Application (Using Authorization Code Flow)

Introduction This post is to show how to use the ADAL .NET library to acquire a token interactively in a console application. It will go through setting up an Azure Active Directory Application, setting up the .net console application, acquiring an access token, and then make a HTTP request using the token acquired from the ADAL .net library to get 5 users using the Microsoft Graph API.   Setting up your…

Read More

Unable to Delete Azure Active Directory Application Registration

Introduction This post is meant to go over the issue when the Azure Active Directory Application Registration delete button is grayed out. This issue could occur for a few reasons, and this document will go over the current known issues with Azure Active Directory Portal issues. This post will mainly go over the issues detailed in the v1.0 endpoint (portal.azure.com).       Context Some users will find that they…

Read More

Unable to Modify User Email, Phone Number, Password or Other Personal Information for Azure Active Directory Users

Introduction This post is in regards to the issues in regards to users having issues modifying Azure Active Directory User attributes such as mail, phone number, resetting passwords, or other personal attributes in user accounts. This will review the reason behind these changes and how to resolve the issue. For many users this was something that was working before and only recently stopped working properly.   Reason Behind Change There…

Read More

How to Add an Azure AD Role to a Enterprise Application (Service Principal)

Introduction This post is to help users be able to assign administrative roles to Enterprise Applications/Service Principals so that they can perform duties that would otherwise require a user with elevated permissions to accomplish. This is convenient when a user wishes to use a service principal in order to reset a password, or to perform some activity that requires admin privileges programmatically without an interactive sign in (using client credentials…

Read More

How to Create and Add Keys to Enterprise Applications for Expired Keys

Introduction This article is broken up into a couple of different sections based on what you are trying to do. Trying to modify the service principals credentials typically is meant for accessing an application that is multi-tenanted and the client secret has expired and they need a fix to resolve a wide outage due to an expired client secret. This typically has to do with a key expiring, many people…

Read More

Finding the Correct Permissions for a Microsoft or Azure Active Directory Graph Call

Introduction This post is to help define how one can find out which permissions are needed for a specific Graph API call. Assuming you want to have granular control over each AAD Application Registration, having the exact permissions required to do exactly what you need helps to secure your environment from users abusing permissions that you may have granted in excess. Whenever someone wants to utilize the Microsoft or AAD…

Read More