Hey guys. I want to talk to you today about a good thing that I’m using a lot at the project that I’m currently working on, the Azure AD apps.
This is not really a new thing, but with the Office 365 and Azure services growing a lot, it becomes a really interesting thing to take a look at.
The Azure AD apps are the way that you have to create applications on Azure to consume Office 365 and Azure services with centralized management, enhanced security (you can use the app to generate the authentication through Azure and Office 365) and easy/flexible configuration in just one place integrated into the Azure Active Directory.
A long time ago we had these apps inside the portal https://apps.dev.microsoft.com/ which is still available to create apps, manage the permissions and so on but it isn’t fully integrated to Azure AD, so we can do it better on the Azure portal, through the App registrations menu,
Through this page, you can register a new app on Azure AD and this app will be available for the current tenant and you can also create apps that will be available and will be allowed to be used on multiple tenants.
It can give us a way to develop solutions to work for multiple tenants, consuming services like Microsoft Graph (getting data and performing actions on all Office 365 products), Microsoft Intune, Azure Active Directory and so on, with a secure way to get tokens and connect our applications, using an environment provided by Microsoft.
Sample App registeredWith this app registered, you can create a web application to use the App Id, App Secret, or even configure the web application inside Azure to use this app as the authorization app. You can use this app just to authorize and get the Microsoft account for the current user or use it to integrate your applications with Azure and Office 365 applications.
You can see a simple sample below,
So, in the sample above, when the user opens our web application (it could be an Asp.net core API, Node, anything that can call REST APIs), then with this web application we can request the token to access Office 365 services through the Azure AD App connecting to the Azure Active Directory, it generates a token for the current user getting his permission to access and perform actions to Office 365 services, then the web application get access and performs actions on behalf of this current user.
All the security management for each service can still happen on each service, and as our Azure AD app is using the current user impersonation, it will respect the permissions of the user, and we can override it if it’s necessary to generate an App token as well.
I’ll try to give more details about this scenario in the next posts so we can start to develop our first app using the authentication and the app registration.
Hope it can help you and see you soon!