1

I have an Enterprise Application(which uses Graph api) in Azure Ad which was created from System assigned managed identity. This application was not showing in App Registration. How to add Graph Api permissions to Enterprise application?

I am getting the error "Insufficient privileges to complete the operation."

Please help me.

Harry
  • 323
  • 1
  • 6
  • 12

1 Answers1

0

As far as I know, we can not add permissions to app when you open it in enterprise application. And according to my test, if we just enable the status of System assigned from "off" to "on", we can just find it when choose "All applications"(shown as below screenshot). enter image description here

If you want to add permissions to the app, you need to register it in azure ad. You can follow the steps in this tutorial or refer the step I provide below:

  1. Go to your app and click "Authentication/Authorization" --> enable "App Service Authentication" --> "Azure Active Directory". enter image description here

  2. Then you can create your app in azure ad. enter image description here

  3. After that, you can go to azure ad "App registrations" and find your app, add permissions to it.

Hury Shen
  • 14,948
  • 1
  • 9
  • 18
  • Thank you very much – Harry Apr 07 '20 at 06:03
  • I don't want to create an app .I already have it and it is not an app service .It was automatically created.I just want to add permissions to it. – Harry Apr 07 '20 at 14:59
  • @Harry Sorry, you mentioned in your question that you add the app to ad by enable the "System assigned" from off to on. But according to my test, it will just add the app to "Enterprise applications" --> "All Applications". And as far as I know, we can't add permissions to it in this case as I mentioned at the beginning of my answer. If you want to add permissions to it, we can just register it to ad. Open it in ad(App registrations) and then add permissions. – Hury Shen Apr 08 '20 at 02:32
  • @Harry May I know what's the type of your app ? You said it is not an app service, is it a logic app ? or function app ? – Hury Shen Apr 08 '20 at 02:32
  • Function app..I don't want to worry you.I am verifying your answer since it may help others – Harry Apr 10 '20 at 15:51
  • But please help me if you know any solution – Harry Apr 10 '20 at 15:51
  • Hi @Harry I think it is unnecessary for us to enable "System assigned" to generate a app in AD enterprise. I think you can just refer to this [tutorial](https://learn.microsoft.com/en-us/azure/azure-functions/functions-bindings-microsoft-graph#webhook-trigger---c-script-example) and this [page](https://techcommunity.microsoft.com/t5/windows-dev-appconsult/using-microsoft-graph-in-an-azure-function/ba-p/317434) if you want to request graph api from your function app. – Hury Shen Apr 13 '20 at 09:09