Hi Team,

We are developing a Azure AD application, 

in our program we need to check customers' Office 365 user/groups,  we found a way that use Certificate + Tenant Id (app-only application) ,reference this link : http://www.andrewconnell.com/blog/user-app-app-only-permissions-client-credentials-grant-flow-in-azure-ad-office-365-apis 

to check customer's user/group,  we use self-signed certificate , and the tenant id is a Office 365 tenant id.

if we know a Office 365 tenant id , we can check the Office 365 group/users even that Office 365 tenant didn't consent our application,  i would like to know if this is normal or if this is a recommended way used in Azure AD Application.

any feedback will be appreciate, thanks in advance.

• Edited by Baker.aveinc Thursday, September 03, 2015 10:12 AM
• Moved by Manu RekharMicrosoft contingent staff, Moderator Thursday, September 03, 2015 10:36 AM Moving to appropriate queue

Hi Baker,

If you are trying to revoke consent from your application, you should use AAD PowerShell to delete the service principal that represents your application in the tenant.

https://msdn.microsoft.com/en-us/library/azure/dn194113.aspx

Let me know if this resolves your issue.

Thanks,

Shawn Tabrizi