Certain User Attributes may not show up in Graph Query

The Problem Azure AD Connect Sync Tool is often used to sync on prem Active Directory users and their attributes to Azure Active Directory. To query for these user and other directory objects, the Graph REST endpoint (Azure AD Graph or Microsoft Graph) can be used. An example Microsoft Graph query to get a User is the following: https://graph.microsoft.com/beta/users/john@contoso.com In certain scenario, some attributes, whether they are synced as Directory…

Read More

How to Add an Azure AD Role to a Enterprise Application (Service Principal)

Introduction This post is to help users be able to assign administrative roles to Enterprise Applications/Service Principals so that they can perform duties that would otherwise require a user with elevated permissions to accomplish. This is convenient when a user wishes to use a service principal in order to reset a password, or to perform some activity that requires admin privileges programmatically without an interactive sign in (using client credentials…

Read More

How to Create a New Schema Extension Using the Microsoft Graph Explorer

Introduction This post is to provide a tutorial on how to create a schema extension utilizing the Microsoft Graph Explorer. In this post we will, login to Microsoft Graph Explorer, create the V1 AAD Application, and make the Microsoft Graph Schema Extension call.   Getting the Access Token Please navigate to the Microsoft Graph Explorer at : https://developer.microsoft.com/en-us/graph/graph-explorer Once the page loads, on the left, below authentication you will see…

Read More

GUID Table for Windows Azure Active Directory Permissions

Introduction This blog is meant to help users who need to get the Windows Azure Active Directory Permissions (WAAD) Globally Unique Identifiers (GUIDs) in order to create AAD Applications using the Microsoft Graph API, or for other reasons where they just need to get the GUID for a certain WAAD permission. For further information regarding AAD permissions please refer to the blog post : https://blogs.msdn.microsoft.com/aaddevsup/2018/05/21/finding-the-correct-permissions-for-a-microsoft-or-azure-active-directory-graph-call/   Note: That these GUIDs…

Read More

Receiving AADSTS90094: The grant requires admin permission.

Introduction This post is to help provide guidance when receiving the error : AADSTS90094: The grant requires admin permission. Typically this error is received when trying to get access to an AAD application registration. Please note that there are two different Microsoft application portals: https://portal.azure.comĀ  (v1 application portal) and the https://myapps.microsoft.com (v2 application portal). For details on the different application models, please visit the following link: What’s different about the…

Read More