How to access multi-tenant data in Azure using a background / daemon application?

Tushar Jasrotia 1 Reputation point
2020-03-24T02:29:07.837+00:00

I have multi-tenant app registered in Azure Active Directory. This app is currently configured to perform following for its own tenant:

  1. Get access token for tenant using tenant's client-id / secret
  2. Create subscription for Outlook calendar events
  3. When calendar events occur, Microsoft calls our API and notifies us of the event-id.
  4. We query event details for that event-id using Graph APIs and store the Calendar event details in our DB.

We want to enhance this process to collect events for other tenants ( i.e. our customers ). Since I am not able to find a documentation to achieve the same, I am looking for pointers to find out the following:

Questions

  1. What set up or configuration is required in Azure from other tenants to allow this app to subscribe to their data?I have read about Consent and Permissions, but don't know how one tenant can give consent to app of other tenant. That's why asking this question.
  2. What updates are required for this app to receive notifications for calendar-events for other tenants? You can assume we have tenant-id for other tenants.

Pre-requisite

  • There is no user intervention, consent should be given in Azure portal itself (cannot do based on user sign in).
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,389 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Patrick 6 Reputation points
    2020-05-22T15:14:22.86+00:00

    Hi Marilee,

    Can you please share more details on how to "During application registration, you need to share secrets or certificates or signed assertions with Azure AD."?

    Thanks,

    1 person found this answer helpful.
    0 comments
  2. Marilee Turscak-MSFT 33,801 Reputation points Microsoft Employee
    2020-04-07T04:12:04.46+00:00

    Hi Tushar,

    Sorry for the late reply on this! Which guide are you currently following?

    In Azure you will need to make sure that each tenant admin provides admin consent in the multi-tenant scenario.

    During application registration, you need to share secrets or certificates or signed assertions with Azure AD. You also need to request application permissions and grant admin consent to use those app permissions.

    More steps are covered in the guidelines here: https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-daemon-overview

    0 comments