- Introduction
- Prerequisites
- Getting started
- Register the application
- Grant Admin consent to view Directory data
- Build and run the sample
- Deploy the sample to Azure
- Demo App Walkthrough
- Comments or Issues
This demo app retrieves all the registered applications from your Azure Active Directory. For each registration, it also retrieves the permissions, expiration of secrets and certificates and the registered owner. The purpose of this demo is to get a quick inside into which permissions are assigned to every app.
Blog: Coming soon with an explanation of the code.
- Overview of all your Application Registrations
- View expiry date of Secrets and Certificates
- View registered Owner
- Direct deep-link to the specific application
- Export to CSV
This sample requires the following:
- Download or clone the source code from this repository.
-
Navigate to the Azure portal > App registrations to register your app.
-
Select New registration.
-
When the Register an application page appears, enter your app's registration information:
- In the Name section, enter a meaningful name that will be displayed to users of the app. For example:
MyWebApp
- In the Supported account types section, select Accounts in this organizational directory only.
- In the Name section, enter a meaningful name that will be displayed to users of the app. For example:
-
Select Register to create the app.
-
On the app's Overview page, find the Application (client) ID value and record it for later. You'll need this value to configure it in the config file later.
-
From the Certificates & secrets page, in the Client secrets section, choose New client secret.
- Enter a key description (of instance
app secret
). - Select a key duration of either In 1 year, In 2 years, or Never Expires.
- When you click the Add button, the key value will be displayed. Copy the key value and save it in a safe location.
- Enter a key description (of instance
You'll need this key later to configure the project in Visual Studio. This key value will not be displayed again, nor retrievable by any other means, so record it as soon as it is visible from the Azure portal.
- In the list of pages for the app, select API permissions.
- Click the Add a permission button and then make sure that the Microsoft APIs tab is selected.
- In the Commonly used Microsoft APIs section, select Microsoft Graph.
- In the Application permissions section, make sure that the following permissions are checked: Directory.Read.All. Use the search box if necessary.
- Select the Add permissions button.
-
Provide your Administrator the Application Id and the Redirect URI that you used in the previous steps. The organization’s Azure Active Directory Tenant Administrator is required to grant the required consent (permissions) to the application.
-
As the Tenant Administrator for your organization, open a browser window and paste the following URL in the address bar (after adding values for TENANT_ID, APPLICATION_ID, and REDIRECT_URL): https://login.microsoftonline.com/TENANT_ID/adminconsent?client_id=APPLICATION_ID&state=12345&redirect_uri=REDIRECT_URL.
-
After authenticating, the Tenant Administrator will be presented with a dialog like the following (depending on the permissions the application is requesting)
-
By clicking on "Accept" in this dialog, the Tenant Administrator is granting consent to all users of this organization to use this application. Now this application will have the correct scopes (permissions) need to access the directory data for reading application registrations.
- Open the
GraphApplications.sln
project. - To run locally, In appsettings.Development.json file, Enter the values for TenantId, ClientId and ClientSecret with the application ID and password that you copied during app registration.
- Run the application.
Do not do this! Since we use a Client and Secret your Azure Active Directory Application Registrations will be publicly available because there is no sign-in required. In my opinion, you should run this demo app only on your local machine.
If you have any issues or comments, please let me know! This can be done by:
- Sending a DM to @foppenma on twitter
- Creating an issue here on GitHub