Assigning Application Permissions

This section provides details about assigning application permissions from Portal and using PowerShell.

Assigning Application Permission from Portal

  • Select API permissions section registered App in Azure Active Directory console. Select Add a permission.

  • On the Request API permissions page a list of supported APIs is listed.

    • Microsoft Graph can be found under Commonly used Microsoft API

  • Select the type of permission as Delegated or Application under What type of permissions does your application require?

  • Under Select permissions, select the required permissions.

  • Select Add permissions.

In Grant consent, select Grant Admin Consent for your configuration and directory. On the pop-up dialog box, select Yes.

Assigning Application Role using PowerShell

The following are the prerequisite for the PowerShell commands.

Note
These prerequisites are not required for the Azure Active Directory Connector to function. These can be installed on any system for temporary use to provide required role to the application on Azure.

After installing the prerequisites, open Azure Active Directory Module for Windows PowerShell console and execute the following commands:

  • Connect-msolservice, press enter, provide Azure administrator credentials.

  • Execute Get-MsolServicePrincipal | ft DisplayName, AppPrincipalId -Autosize

  • Locate your application name and copy the ObjectId value.

  • Execute $ClientObjID = '<copied objectId of the application in the previous step>'

  • Execute $webApp = Get-MsolServicePrincipal –AppPrincipalId $ClientObjID

  • Execute Add-MsolRoleMember –RoleName "Global Administrator" –RoleMemberType ServicePrincipal –RoleMemberObjectId $webapp.ObjectId