Enabling Microsoft Azure portal access to manage applications using the OAuth2 protocol

In my previous post about OAuth2 access to Calendar, Contact and Mail APIs I explained that applications need to be registered and configured in Microsoft Azure Active Directory (AAD). Furthermore, administrators for Office 365 organizations use Microsoft Azure Active Directory to manage OAuth2-enabled applications used by users in their organization. This management includes seeing which web applications users consented to, or revoking access to web applications.

 

The management user interface for AAD is available within the Microsoft Azure portal. While all Office 365 organizations automatically have AAD available, currently the Microsoft Azure portal requires additional sign-up to get access to the management user interface.

 

We are actively working on changing this so that no sign-up is required. In the meantime, be aware that no Office 365 organization will be charged additional fees for signing-up to Microsoft Azure as long as no additional services other than AAD are subscribed to. Be assured that AAD comes with any Office 365 subscription for free.

 

I thought it is worth a blog guiding through the sign-up experience to get to the Microsoft Azure portal to start registering, configuring and managing applications for your Office 365 organization.

 

Step 1: Launching the Microsoft Azure management portal

 

In your browser of choice simply navigate to https://manage.windowsazure.com/. You should be prompted to provide a user account. Here you should enter any organizational account that is an administrator of your Office 365 organization.

 

A screenshot of the Azure login page.

 

In the next step you will be asked to provide the password for the account that you specified.

 

A screenshot of the Azure password entry page.

 

 

Step 2: Starting the sign-up for Microsoft Azure portal

 

After successful sign-on with an administrative organizational account of your Office 365 organization, a screen is displayed that will indicate that this account has no Microsoft Azure subscription associated. By selecting "Sign up for Windows Azure" you start the process of enabling your Office 365 organization to manage AAD within Microsoft Azure Portal.

 

A screenshot of the error page that displays when there is no Azure subscription for the account. This page has a link to the Azure sign-up page.

 

Step 3: Providing and verifying contact information

 

In this step you can provide and change contact information for the Microsoft Azure subscription. Some of the information will be prefilled based on the account information of the organizational account that was used to sign-on.

 

Don't worry about the words "Free Trial", you will actually get a fully functional subscription with no additional charges at the end of this process. Note that additional charges only apply if additional Microsoft Azure services are subscribed to.

 

A screenshot of the Azure sign-up page.

 

Provide a valid verification before continuing to the next step. Below is an example using text messages.

 

A screenshot of the "Mobile verification" section of the Azure sign-up page.

 

Step 4: Add payment information and confirm the sign-up to Microsoft Azure

 

Although the AAD services are available at no charges, including the management of those in the Microsoft Azure portal you will be asked to provide a valid payment information. Again, rest assured that there will be no charges against this payment option unless at a later time you add non-AAD Microsoft Azure services that require payment.

 

A screenshot of the "Payment information" section of the Azure sign-up page.

 

We're almost there. Simply check the checkboxes to agree to the Microsoft Azure terms of use and optionally to be contacted for additional Microsoft Azure offers and click on "Sign up".

 

A screenshot of a completed Azure sign-up page.

 

Step 5: Change the free trial to a pay-as-you-go subscription

 

In Step 3 I told you to not worry about the wording of "Free Trial". But at this point if you don't do anything the Microsoft Azure subscription will expire in 30 days. So why did I tell you to not worry?

 

Well, first of all, even if you choose to not do anything, at this point you can start using the Microsoft Azure portal for 30 days to register, configure and/or manage applications using the OAuth2 framework. But what happens after the 30 days you might wonder. The answer is you can't manage AAD anymore in the Microsoft Azure portal as your subscription is expired. But all the applications are still there as AAD itself remains active and fully functional. AAD is unaffected by the expiration of the Microsoft Azure subscription and the Microsoft Azure subscription only governs the user's ability to sign in to the Microsoft Azure Portal for our purposes.

 

To avoid doing the sign-up again after these 30 days, I recommend to convert the "Free Trial" to a "Pay-as-you-Go" subscription by selecting the "Upgrade Now" option. Doing this upgrade will ensure a non-interruptive management experience in the Microsoft Azure portal for all your applications in AAD.

 

Again: no additional charges will apply for this upgrade unless you subscribe to non-AAD Microsoft Azure services.

 

A screenshot of the Azure subscriptions page after signing up for a new subscription. The page indicates that there is a free trial that expires in 29 days.

 

After selecting the "Upgrade Now" option, select "Yes, upgrade my subscription" and give it a friendly name such as "Pay-As-You-Go" and click the checkmark in the right lower corner to complete the upgrade process.

 

A screenshot of the Azure subscriptions page while upgrading the free trial to a pay-as-you-go subscription.

 

Step 6: Confirmation of the upgrade

 

After you go through the upgrade process you should see a screen similar to this, indicating you have 30 days to try additional Azure services, and after these 30 days the subscription will continue. The message also indicates that you will not be charged for services that are included in the subscription. AAD is one of these services that are included.

 

A screenshot of the Azure subscriptions page after successfully upgrading to a pay-as-you-go subscription.

 

Step 7: Start managing AAD in the Microsoft Azure portal

 

To finish this blog, let me guide you through getting to the AAD management user interface in Microsoft Azure. In the last step the screenshot shows in the upper left corner a link called "Portal". By selecting this link you will launch the Microsoft Azure portal. Since this is the first time, you will be greeted with a tour that explains some more things regarding management of services within Microsoft Azure. You can select the arrow key to browse through this sequence or simply close it.

 

A screenshot of the tour that is presented when you login to the Azure management portal for the first time.

 

To get to the AAD management user interface, select "All Items" in the left navigation bar. You should see your Office 365 organization listed there as type "Directory".

 

A screenshot of the "All Items" section in the Azure management portal.

 

By selecting this you launch the Microsoft Azure Active Directory management interface and can see "Applications" as one of the tabs to choose from.

 

A screenshot of the Azure management portal after selecting the directory.

 

Congratulations, you did it! You are ready to manage applications your users or administrators installed or consented to, or start registering and configuring your own applications for some cool development of new apps for Office 365 using OAuth2!

 

What's next: You can read how to register and configure an application for Office 365 APIs here.