Create Azure App Registration for Accessing Office 365 Service Communications API

In order to create an App Registration in Azure to allow Oauth methods when contacting the Office 365 Service Communications API follow these steps if using delegated permissions.

NB: Grant any permission your current task requires.

  • Open portal.azure.com and go to App Registrations.
  • Choose + New registration
  • In the Register an application form provide a name (O365ServiceApi)
  • Select Accounts in this organizational directory only
  • Choose Register

Here is a visual representation of those steps:

Now let's give the app some permissions.

Read More

Connect-PnPOnline Unattended Using Azure App-Only Tokens

There are lot's of reasons why unattended authentication is handy using modern authentication methods. This is true in Azure, Exchange Online, Azure AD, SharePoint & more. Azure Automation is the main reason I tend to use them but more regularly, I create scripts, functions & modules that will be used by my colleagues. If I set up authentication using a service principal/Azure App registration, I can then pre-configure the less sensitive data within, leaving my colleagues to pass the certificate password, secret or perhaps thumbprint to the script via the console. This keeps the sensitive data safe but takes away they need for the MFA prompts and permission checks.

In this example, I am going to walk through how I set up an Azure App registration that can be used in this way. There is a very helpful post at PnP-PowerShell covering Connect Using App Permissions that is probably worth a read. This approach is more simple but works very well and it uses a self signed certificate. I have found it pretty easy to put the certificate in a shared area making it simple for the code to access when colleagues use my PowerShell offerings too.

Here is the code

$Password = "P4ssW0rd"

$SecPassword = ConvertTo-SecureString -String $Password -AsPlainText -Force

$Params = @{
    Out                 = "C:\temp\LabSPOAccess.pfx" 
    ValidYears          = 30 
    CertificatePassword = $SecPassword 
    CommonName          = "LabSPOAccess" 
    Country             = "GB" 
    State               = "Scotland" 
    Locality            = "Glasgow"
}

$Cert = New-PnPAzureCertificate @Params
Read More

Register an App in the Azure Active Directory Oauth v1.0

There are several uses for Apps in Azure Active Directory but in the most, you are opening yourself a gateway to harness the power of an API.

Below I will walk you through the required steps in order to create an app called O365ServiceAPI. Once we have this app created you will then be able to make API calls to the Office 365 Management APIs.

Once this has been created, you will have 2 bits of information, your  Application ID or ClientID and your key, or SecretID.

In addition to the ClientID & SecretID you will require your Directory ID or TenantID and here is how to go about getting that.

Go to Azure Active Directory Admin Console at http://portal.azure.com and log in as a Global Administrator.

Click Azure Active Directory, and under Manage click Properties.

Look for Directory ID and copy it to your clipboard.

Open a new .txt file (or similar) and keep a record of this value which will refer to now as TenantID.

Read More