Assigning permissions to an Azure AD Application

The new Azure Portal (https://portal.azure.com) has been up and running for quite some time.  We’re finally seeing some Azure AD love in the new portal, albeit still in preview.  This walkthrough is about how to assign Azure AD application permissions in the new portal.

This post assumes that you’ve already created your Azure AD Application.  If not, check out an easy way to do that, here:  http://blog.jonathanhuss.com/automate-creation-azure-ad-application.  This post will continue with the app that was created in that post.

Assigning Permissions

We’ll start by making our way to the Azure Active Directory Registered Applications blade (https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps).

The new application should already be in the list.  We’ll select it, which takes us to the Application Overview page.  From there, the Required permissions link will allow us to add the various permissions for services.

image_thumb[2]

On the blade that opens from there, click the Add button:

image

On the next blade, choose ‘Select an API’

image

For the sake of this walkthrough, let’s setup permissions for Microsoft Graph.  We’ll choose Microsoft Graph from the list and click Select

image

This will automatically take us to the Select permissions option.  In that window, let’s choose Read directory data and click Select.

image

This will close the blade.  We’ll click Done on the next blade:

image

Finally, and this is important, we need to click ‘Grant Permissions’ to actually enable those permissions.

image

After clicking Grant Permissions, we should see a screen like the following.  Click Yes

image

If all went well, we should see a notification that the permissions grating was successful for the app:

image

That’s it!  Our application now has permissions to query the Microsoft Graph!

Notes

If you are not an admin with sufficient permissions of your own to grant permissions to the application, then you’ll need to find an admin who does have those permissions to consent to these permissions.  Those of us who are tenant admins in our dev environments certainly have sufficient permissions to grant those permissions to ourselves.

If the permissions need to be changed, then we’ll need to go through the Grant Permissions process again.  Same as before, an admin with sufficient permissions will need to consent to the application permissions.

Also, check out this GitHub repository:  https://github.com/JonathanHuss/AzureADAppDemo.  It has both the sample script and a demo .NET application.

Leave a Reply

Your email address will not be published.