Configure Azure AD API Permissions
- Last UpdatedDec 09, 2021
- 2 minute read
When you configure and register your app, it will only have limited permissions granted. You must add additional permissions manually.
-
Select API Permissions from the resource menu (left pane).
The Microsoft Graph API will show only User.Read permissions.
-
Click on Microsoft Graph. The Request API permissions pane opens.
-
Delegated permissions: At the top of pane, under the question "What type of permissions does your application require?," select Delegated permissions.
-
To choose permissions, type the first few letters of the following permissions in the Select permissions text box until the applicable permissions group appears. Then, expand the permissions group and select the matching permission to enable it.
-
Under OpenId permissions: Add openid (sign users in)
-
Under User permissions: Add User.Read (sign in and read user profile) - this is automatically selected
-
-
Click the Update permissions button.
-
Application permissions: At the top of pane, under the question "What type of permissions does your application require?," select Application permissions.
-
To choose permissions, type the first few letters of the following permissions in the Select permissions text box until the applicable permissions group appears. Then, expand the permissions group and select the matching permission to enable it.
-
Under Directory permissions: Add Directory.Read.All (read directory data)
-
Under Group permissions: Add Group.Read.All under Group (read all groups)
-
Under User permissions: Add User.Read.All (read all users' full profiles)
-
-
Click the Update permissions button.
-
Click Grant admin consent for <tenant name>. All configured permissions you added in the previous step should now be listed, as shown below.
