Skip to content
This repository has been archived by the owner on Mar 12, 2020. It is now read-only.

Web application for showing all the application registrations in a Azure tenant

License

Notifications You must be signed in to change notification settings

foppenm/Microsoft-Graph-Applications

Repository files navigation

Microsoft Graph API AAD Application Registrations Demo

Table of contents

Introduction

This demo app retrieves all the registered applications from your Azure Active Directory. For each registration, it also retrieves the permissions, expiration of secrets and certificates and the registered owner. The purpose of this demo is to get a quick inside into which permissions are assigned to every app.

Blog: Coming soon with an explanation of the code.

Features

  • Overview of all your Application Registrations
  • View expiry date of Secrets and Certificates
  • View registered Owner
  • Direct deep-link to the specific application
  • Export to CSV

Prerequisites

This sample requires the following:

  1. Visual Studio 2017 or higher

Getting started with the demo app

  1. Download or clone the source code from this repository.

Register the application

  1. Navigate to the Azure portal > App registrations to register your app.

  2. Select New registration.

  3. When the Register an application page appears, enter your app's registration information:

    1. In the Name section, enter a meaningful name that will be displayed to users of the app. For example: MyWebApp
    2. In the Supported account types section, select Accounts in this organizational directory only.
  4. Select Register to create the app.

  5. On the app's Overview page, find the Application (client) ID value and record it for later. You'll need this value to configure it in the config file later.

  6. From the Certificates & secrets page, in the Client secrets section, choose New client secret.

    1. Enter a key description (of instance app secret).
    2. Select a key duration of either In 1 year, In 2 years, or Never Expires.
    3. When you click the Add button, the key value will be displayed. Copy the key value and save it in a safe location.

You'll need this key later to configure the project in Visual Studio. This key value will not be displayed again, nor retrievable by any other means, so record it as soon as it is visible from the Azure portal.

  1. In the list of pages for the app, select API permissions.
    1. Click the Add a permission button and then make sure that the Microsoft APIs tab is selected.
    2. In the Commonly used Microsoft APIs section, select Microsoft Graph.
    3. In the Application permissions section, make sure that the following permissions are checked: Directory.Read.All. Use the search box if necessary.
    4. Select the Add permissions button.

Grant Admin consent to view Directory data

Assign Scope (permission)

  1. Provide your Administrator the Application Id and the Redirect URI that you used in the previous steps. The organization’s Azure Active Directory Tenant Administrator is required to grant the required consent (permissions) to the application.

  2. As the Tenant Administrator for your organization, open a browser window and paste the following URL in the address bar (after adding values for TENANT_ID, APPLICATION_ID, and REDIRECT_URL): https://login.microsoftonline.com/TENANT_ID/adminconsent?client_id=APPLICATION_ID&state=12345&redirect_uri=REDIRECT_URL.

  3. After authenticating, the Tenant Administrator will be presented with a dialog like the following (depending on the permissions the application is requesting)

  4. By clicking on "Accept" in this dialog, the Tenant Administrator is granting consent to all users of this organization to use this application. Now this application will have the correct scopes (permissions) need to access the directory data for reading application registrations.

Build and run the sample

  1. Open the GraphApplications.sln project.
  2. To run locally, In appsettings.Development.json file, Enter the values for TenantId, ClientId and ClientSecret with the application ID and password that you copied during app registration.
  3. Run the application.

Deploy the sample to Azure

Do not do this! Since we use a Client and Secret your Azure Active Directory Application Registrations will be publicly available because there is no sign-in required. In my opinion, you should run this demo app only on your local machine.

User interface

ui

Comments or Issues

If you have any issues or comments, please let me know! This can be done by:

  • Sending a DM to @foppenma on twitter
  • Creating an issue here on GitHub

About

Web application for showing all the application registrations in a Azure tenant

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published