Share via

Granting Power Platform users read-only access to Azure AD via app registration

AndyChou-4617 41 Reputation points
2022-09-16T20:10:09.89+00:00

Sorry for the newbie question. I have developers using Power Platform to connect to Azure AD using the "Azure AD Connector - PowerApps and Flow" app in Azure App Registrations. They want to be able to have READ-ONLY access Azure AD directory info through the app registration. From what I understand, I as an Azure admin have to use PowerShell to grant individual access as outlined in https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/grant-consent-single-user#grant-consent-on-behalf-of-a-single-user. My question is:

Is this the only and proper way to grant individual users to Azure AD via the app registration?

Thank you.

Microsoft Security | Microsoft Graph
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. CarlZhao-MSFT 46,371 Reputation points
    2022-09-19T08:23:54.39+00:00

    Hi @AndyChou-4617

    If you want to grant consent on behalf of a specific user, then using Microsoft Graph PowerShell is undoubtedly one of the most standard methods.

    Of course, you can also meet this requirement by restricting your app to specific users, but this method is more restrictive, which means that users in your tenant who are not assigned to an app will no longer be able to sign in to the app.

    242446-image.png

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.