Windows Azure AD Development

Hi Team,

We are developing a Azure AD application, 

in our program we need to check customers' Office 365 user/groups,  we found a way that use Certificate + Tenant Id (app-only application) ,reference this link : http://www.andrewconnell.com/blog/user-app-app-only-permissions-client-credentials-grant-flow-in-azure-ad-office-365-apis 

to check customer's user/group,  we use self-signed certificate , and the tenant id is a Office 365 tenant id.

if we know a Office 365 tenant id , we can check the Office 365 group/users even that Office 365 tenant didn't consent our application,  i would like to know if this is normal or if this is a recommended way used in Azure AD Application.

any feedback will be appreciate, thanks in advance.



September 3rd, 2015 6:11am

Hello,

We are researching on the query and would get back to you soon on this.

I apologize for the inconvenience and appreciate your time and patience in this matter.

Regards,
Neelesh

Free Windows Admin Tool Kit Click here and download it now
September 3rd, 2015 11:09am

Hi Baker,

I am slightly confused at this comment you made:

"if we know a Office 365 tenant id , we can check the Office 365 group/users even that Office 365 tenant didn't consent our application"

This should NOT be the case.

If you are creating an application which calls in the App Only context, then an admin MUST consent to your applicatoin before you are able to query informtion.

The exception here is if YOU are an admin, and you create the applicatoin in your own tenant, then the applicaotin is preconsented for that tenant, and you will not need to consent to query your own information.

Can you clarify if this is the situation you are referring to?

Thanks,

Shawn Tabrizi

September 3rd, 2015 5:05pm

Thanks guys, 

the steps we did are the following:

1. We configure an app-only Aure AD Application

2.Use a Office 365 account contoso.com to  login our application and consent our application

   after the consent, there will be an icon in our Office 365 my apps.

3.we delete the icon from office 365 , this should revoke the consent (it should be ?)

4.we still can use the Graph API to get the user/groups under this Office 365 tenant.

Thanks. 

Free Windows Admin Tool Kit Click here and download it now
September 3rd, 2015 11:58pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics