Edit

Share via

Build Java apps with Microsoft Graph and app-only authentication

Register the app in the portal

In this exercise you will register a new application in Azure Active Directory to enable app-only authentication. You can register an application using the Microsoft Entra admin center, or by using the Microsoft Graph PowerShell SDK.

Register application for app-only authentication

In this section you will register an application that supports app-only authentication using client credentials flow.

  1. Open a browser and navigate to the Microsoft Entra admin center and login using a Global administrator account.

  2. Select Microsoft Entra ID in the left-hand navigation, expand Identity, expand Applications, then select App registrations.

    A screenshot of the App registrations

  3. Select New registration. Enter a name for your application, for example, Graph App-Only Auth Tutorial.

  4. Set Supported account types to Accounts in this organizational directory only.

  5. Leave Redirect URI empty.

  6. Select Register. On the application's Overview page, copy the value of the Application (client) ID and Directory (tenant) ID and save them, you will need these values in the next step.

    A screenshot of the application ID of the new app registration

  7. Select API permissions under Manage.

  8. Remove the default User.Read permission under Configured permissions by selecting the ellipses (...) in its row and selecting Remove permission.

  9. Select Add a permission, then Microsoft Graph.

  10. Select Application permissions.

  11. Select User.Read.All, then select Add permissions.

  12. Select Grant admin consent for..., then select Yes to provide admin consent for the selected permission.

    A screenshot of the Configured permissions table after granting admin consent

  13. Select Certificates and secrets under Manage, then select New client secret.

  14. Enter a description, choose a duration, and select Add.

  15. Copy the secret from the Value column, you will need it in the next steps.

    Important

    This client secret is never shown again, so make sure you copy it now.

Note

Notice that, unlike the steps when registering for user authentication, in this section you did configure Microsoft Graph permissions on the app registration. This is because app-only auth uses the client credentials flow, which requires that permissions be configured on the app registration. See The .default scope for details.