App Registration
The prerequisite for accessing the Microsoft Graph API is an Azure application.
Creating the application is also a prerequisite for running the setup.
The following values are required to run the Azure Service Connector setup:
- Application ID
- Tenant ID
- Client Secret
The following steps describe how to perform the App Registration and generate the Client Secret.
Performing App Registration in Azure
-
The first step is to register a new app.
- For this, a name must be assigned, for example Azure Service Connector, and the creation must be confirmed with OK.
Add API permissions
-
The following permissions are required to access the Microsoft Graph API:
- User Read All
- Group Read All
- Directory Read All
- Organization Read All
On the API Permissions page the required permissions are added.
-
In the next dialog, select Microsoft Graph from the Microsoft APIs tab.
-
The access should be in the context of the Azure Service Connector App.
-
User permissions: Read All
-
Group permissions: Read All
-
Directory permissions: Read All
-
Organization permissions: Read All
- Device Management Configuration: Read All
- Device Management Managed Devices: Read All
- Device Management Service Config: Read All
Generate Client Secret
A client secret is sensitive security information.
The Client Secret is only visible in plain text when it is created, so a copy should be created for further configuration.
- To create a client secret, select Add Certificate or secret in the Azure Service Connector App Overview under the Client Credentials item.
- In the Client secret tab, a new client secret can be generated at any time.
-
A validity period must be specified during creation and a description can be added.
If several different instances/installations are used to access the Microsoft Graph API, it is recommended to use a separate client secret for each instance/installation.
- The Client Secret is only visible in clear text when it is created, so a copy should be created for further configuration.
