Register an App in the Azure Active Directory Oauth v1.0

For a more up to date approach please see: Create Azure App Registration for Accessing Office 365 Service Communications API.

There are several uses for Apps in Azure Active Directory but in the most, you are opening yourself a gateway to harness the power of an API.

Below I will walk you through the required steps in order to create an app called O365ServiceAPI. Once we have this app created, you will then be able to make API calls to the Office 365 Management APIs.

When you have completed the process and created the app, you will have 2 bits of the authentication requirement. Your  Application ID or 'ClientID' and your secret, or 'SecretID' as I have named them.

In addition to the 'ClientID' & 'SecretID', you will require your Directory ID or 'TenantID' and here is how we go about getting these.

Go to Azure Active Directory Admin Console via the link or navigate through http://portal.azure.com and log in as a Global Administrator.

Click Azure Active Directory, and under Manage click Properties.

Would you like to buy Alan a coffee?

Visit the AlanPs1 Ko-fi page

Look for Directory ID and copy it to your clipboard.

Open a new .txt file (or similar) and keep a record of this value which will refer to now as 'TenantID'.

Create Azure App Registration

We can now create the 'ClientID' and 'SecretID', so you’ll need to first register an App in the Azure Active Directory:

  • Click Azure Active Directory
  • Select App Registrations
  • Click the +New Application Registration button
  • Name for your app something like O365ServiceAPI
  • Select Web App / API for the Application Type since this is actually a web application
  • Enter an arbitrary URL made up from your application name, such as http://O365ServiceAPI
  • Click Create at the bottom of the panel

Once the App has been created, you will now see the IDs for your App. As stated above, the Application ID is our ClientID. Copy and save that value and paste it to your .txt file.

Now click the Settings, and then Keys.

Let's name the key APIKey then click save after choosing an expiry date. I set never expire but your security requirments may differ.

Now copy the value and save it to your .txt file as 'SecretID'.

NB: This key value will be shown to you only once. You cannot go back to this page and retrieve the 'SecretID' again later, so you must take a note.

We now have the values we require but the app needs permissions so we will address that now.

Add the App Permissions

Click Required Permissions.

  • In the Required Permissions page, click +Add then click Select an API
  • Select Office 365 Management APIs and click Select
  • Click Select Permissions and then select all Application Permissions and Delegated Permissions
  • Click Save

All of the permissions for the Office 365 Management APIs require an administrator to explicitly grant these permissions to the App. This is done by entering a carefully constructed URL in the browser, logging in as an Office 365 global administrator and clicking Accept to grant the selected permissions to the App.

Enter the following URL into a new browser window:

https://login.windows.net/common/oauth2/authorize?response_type=code&resource=https%3A%2F%2Fmanage.office.com&client_id={ClientID}&redirect_uri={ReplyURL}

NB: the {ClientID} in the URL and the {ReplyURL} values in the URL must be replaced with the values configured in your App.

NB: The reply url will be https%3A%2F%2FO365ServiceAPI

Login with the Office 365 global administrator credentials

Click Accept on the following screen which appears to grant the permissions listed to your App:

You have now fully set up and have a working app.

For a more up to date approach please see: Create Azure App Registration for Accessing Office 365 Service Communications API.

Alan