Register an application in Azure Active Directory
An application must be registered in Azure AD to allow AzureCP to make queries in your tenant:
- Sign-in to the Azure portal and browse to your Azure Active Directory tenant
- Go to “App Registrations” > “New registration” > Type the following information:
Name: e.g. AzureCP
Supported account types: “Accounts in this organizational directory only (TenantName)”
- Click on “Register”
Note: Copy the “Application (client) ID”: it is required by AzureCP to add a tenant.
- Click on “API permissions” and remove the permission added by default.
- Click on “Add a permission” > Select “Microsoft Graph” > “Application permissions” > Directory > Directory.Read.All > click “Add permissions”
- Click on “Grant admin consent for TenantName” > Yes
Note: “After this operation, you should have only the Microsoft Graph > Directory.Read.All permission, of type “Application”, with admin consent granted.
- Click on “Certificates & secrets” > “New client secret”: Type a description, choose a duration and validate.
Note: Copy the client secret value: it is required by AzureCP to add a tenant.