Introduction: This post will show you to change a displayName of a registered web application from another application using client credentials flow with Application Permission Walk Through steps: 1) In Azure AD’s App Registration portal, create 2 new app registrations called TestAppA and TestAppB. We will use TestAppA to change the display Name of TestAppB. It is not important what permission you configure for TestAppB. For TestAppA make sure you…
Read MoreUsing Postman to Call the Microsoft Graph API Using Client Credentials
Introduction This blog post is to help users stand up an Azure Active Directory Application Registration, explain what permissions will be needed to added to the AAD Application Registration, how to make rest calls to get an access token, and then finally call the Microsoft Graph API to do whatever call you would like to do. Please note, that not all permissions are going to be within Azure. i.e.…
Read MoreFinding the Correct Permissions for a Microsoft or Azure Active Directory Graph Call
Introduction This post is to help define how one can find out which permissions are needed for a specific Graph API call. Assuming you want to have granular control over each AAD Application Registration, having the exact permissions required to do exactly what you need helps to secure your environment from users abusing permissions that you may have granted in excess. Whenever someone wants to utilize the Microsoft or AAD…
Read MoreReceiving CORS Redirection Error when Signing into App Service using Azure AD
Introduction This post is to help explain what is occurring when the CORS redirection error occurs when trying to navigate back to the login page after logging in. This doesn’t occur when the user is using a private browsing method/mode. The error that is typically received is error : “Failed to load https://login.windows.net/{GUID} (index):{GUID}/oauth2/autho…{GUID}&state=redir%3D%252F.auth%252Fme%253Fv%253D1518029528427: Redirect from ‘https://login.windows.net/…{GUID}&oauth2/autho…{GUID}&state=redir%3D%252F.auth%252Fme%253Fv%253D1518029528427′ to ‘https://login.microsoftonline.com/{GUID}/oaut…{GUID}&state=redir%3D%252F.auth%252Fme%253Fv%253D158029528427′ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present…
Read MoreReceiving AADSTS90094: The grant requires admin permission.
Introduction This post is to help provide guidance when receiving the error : AADSTS90094: The grant requires admin permission. Typically this error is received when trying to get access to an AAD application registration. Please note that there are two different Microsoft application portals: https://portal.azure.com (v1 application portal) and the https://myapps.microsoft.com (v2 application portal). For details on the different application models, please visit the following link: What’s different about the…
Read MoreGranting Tenant Admin Consent for Microsoft Graph Explorer
Introduction This post is meant for users who are trying to utilize the Microsoft Graph Explorer but are getting an error regarding admin consent. This error is described in the picture below : Giving Consent for All Users for Microsoft Graph Explorer This error is occurring because the user trying to use the graph explorer is trying to utilize a v2 permission that requires admin consent. The permissions/scopes regarding…
Read MoreHow to Get to the Keys/Secrets From Azure Active Directory
Introduction This article has been written to help find where the keys/secrets are in the Azure portal depending on how you have set up your application. It will also provide some help in regards to extending/changing the Client Secret for an Enterprise Application in a Multi-Tenanted Scenario. Custom AAD Registration Keys/Secrets In order to access the keys for an AAD application registration, you can follow the steps highlighted…
Read MoreQuery String is not allowed in redirect_uri for Azure AD
Problem: See update at the end. This is no longer an issue. Customer configures the following redirect URLs for his registered application in Azure AD and issues the following request to authenticate to Azure AD: GET https://login.microsoftonline.com/<tenant id>/oauth2/authorize?client_id=<app id>&redirect_uri=https%3a%2f%2flocalhost%3a44396%2fbac%2faad%3freqId%3dA123&response_mode=form_post&…. After logging in he is redirected to https://localhost:44396/bac/aad instead of https://localhost:44396/bac/aad?reqId=A123. The redirected URL does not have anything after the query string. Root Cause: The behavior is by design. This is…
Read MoreV2 App Registration is missing an “Add Owner” button
Problem: Customer registers an application in the app registration portal (https://app.dev.microsoft.com). He is not able share the application with other users since the “Add Owner” button is missing. Root cause: This problem can happen if the user registers the application in the app registration portal (V2 portal) under his personal MSA account. The behavior is documented in the following link: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-limitations Resolution: Re-register the application under an Azure AD account…
Read MoreImplementing Service to Service Authorization and Getting the Access Token with Postman Utilizing Client Credential Grant Type
Introduction This article is meant to show how one can set up a client application to obtain a service to service access token, to get access to a web API from a web App. This document will be following the grant type client credential flow to do this, and will utilize Postman to get the access token via client credentials. This tutorial will not set up the backend web API,…
Read More