Introduction This post should show how to create an app service, configure authentication for the service, and then configure the authentication to get permissions to the AAD Graph API on behalf of the logged-in user. This post is an extension of the Azure App Service Token Store, the link to that can be found here. This is the entire setup scenario from scratch, starting with creating the web app, and…
Read MoreTracing All Network Machine Traffic Using MITMProxy for Mac OSX
Introduction This article is meant to help you configure your Mac OS X to be able to track all your network traffic using MITMProxy. This is a free and open source alternative to Fiddler, Charles, and other network tracing alternatives for Linux/mac OS X systems. Also in addition MITMProxy is a more robust system that gives the user more configurability and programmability as there is a Python API for MITMProxy…
Read MoreV2 App Registration is missing an “Add Owner” button
Problem: Customer registers an application in the app registration portal (https://app.dev.microsoft.com). He is not able share the application with other users since the “Add Owner” button is missing. Root cause: This problem can happen if the user registers the application in the app registration portal (V2 portal) under his personal MSA account. The behavior is documented in the following link: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-limitations Resolution: Re-register the application under an Azure AD account…
Read MoreHow to Get to the Keys/Secrets From Azure Active Directory
Introduction This article has been written to help find where the keys/secrets are in the Azure portal depending on how you have set up your application. It will also provide some help in regards to extending/changing the Client Secret for an Enterprise Application in a Multi-Tenanted Scenario. Custom AAD Registration Keys/Secrets In order to access the keys for an AAD application registration, you can follow the steps highlighted…
Read MoreFinding the Correct Permissions for a Microsoft or Azure Active Directory Graph Call
Introduction This post is to help define how one can find out which permissions are needed for a specific Graph API call. Assuming you want to have granular control over each AAD Application Registration, having the exact permissions required to do exactly what you need helps to secure your environment from users abusing permissions that you may have granted in excess. Whenever someone wants to utilize the Microsoft or AAD…
Read MoreHow to change a display Name of a registered application from another application
Introduction: This post will show you to change a displayName of a registered web application from another application using client credentials flow with Application Permission Walk Through steps: 1) In Azure AD’s App Registration portal, create 2 new app registrations called TestAppA and TestAppB. We will use TestAppA to change the display Name of TestAppB. It is not important what permission you configure for TestAppB. For TestAppA make sure you…
Read MoreHow to Create and Add Keys to Enterprise Applications for Expired Keys
Introduction This article is broken up into a couple of different sections based on what you are trying to do. Trying to modify the service principals credentials typically is meant for accessing an application that is multi-tenanted and the client secret has expired and they need a fix to resolve a wide outage due to an expired client secret. This typically has to do with a key expiring, many people…
Read MoreGUID Table for Windows Azure Active Directory Permissions
Introduction This blog is meant to help users who need to get the Windows Azure Active Directory Permissions (WAAD) Globally Unique Identifiers (GUIDs) in order to create AAD Applications using the Microsoft Graph API, or for other reasons where they just need to get the GUID for a certain WAAD permission. For further information regarding AAD permissions please refer to the blog post : https://blogs.msdn.microsoft.com/aaddevsup/2018/05/21/finding-the-correct-permissions-for-a-microsoft-or-azure-active-directory-graph-call/ Note: That these GUIDs…
Read MoreTesting B2C Resource Owner Password Credentials ( ROPC ) policies using PostMan
Below are the basic steps for using PostMan to test a B2C Resource Owner Password Credentials ( ROPC ) policy. You will need a set of user credentials along with a Application ID of a B2C Native application that will be used to retrieve the token. Obtain the token endpoint from the B2C ROPC Policy 1. In the portal, locate the B2C blades by searching for B2C, then locate the…
Read MoreHow to Create a New Schema Extension Using the Microsoft Graph Explorer
Introduction This post is to provide a tutorial on how to create a schema extension utilizing the Microsoft Graph Explorer. In this post we will, login to Microsoft Graph Explorer, create the V1 AAD Application, and make the Microsoft Graph Schema Extension call. Getting the Access Token Please navigate to the Microsoft Graph Explorer at : https://developer.microsoft.com/en-us/graph/graph-explorer Once the page loads, on the left, below authentication you will see…
Read More