Friday, January 22, 2016

Retrieving the list of Service Principals in your Azure subscription(s)

Recently I found that I needed to grant certain users permissions in my applications, specifically I needed to put Service Principals into groups in order to grant them permissions in my application so that they can access protected data.

I found out that in Azure PowerShell, there's the module 'MSOnline', which contains the following pertinent commands:

Connect-MsolService:

Connects your current session to your MSOnline account

Get-MsolServicePrincipal:

Retrieves a listing of all of the Service Principals in your subscription(s)

Monday, January 18, 2016

Enabling manipulation of Azure Active Directory groups through Web Applications via the Azure Graph SDK

In your application(s) (plural if you're using a web / native application delegating to a Web Services API which is doing the actual work), you'll need to go into their pages in the Azure Active Directory management page. Once there, edit the permissions of the applications to include the following:

Under the delegated-to application:

  • Under "Application Permissions", select:
    • Read and write domains
    • Read and write directory data
    • Read directory data
  • Under "Delegated Permissions", select:
    • Read and write directory data
    • Read and write all groups
    • Read all groups
    • Access the directory as the signed-in user
    • Read directory data
Under the top-level application:

  • Under "Delegated permissions", select:
    • Read and write directory data 
    • Read and write all groups 
    • Read all groups 
    • Access the directory as the signed-in user 
    • Read directory data