Exercise - Configure a Microsoft Entra app to connect to Microsoft 365

  • 5 minutes

In this module, you'll show a user’s files retrieved from Microsoft 365 using Microsoft Graph. Before you can do that, they need to sign in to your app with their Microsoft 365 account. Then using OAuth, you'll retrieve an access token for your app. With this access token, you can call Microsoft Graph and retrieve data from Microsoft 365 for the user.

To start, you need to register your Microsoft 365 application. You can do that by creating an application registration in Microsoft Entra ID. For this module, you'll need an application with the following settings:

  • Name: ASP.NET Core MS Graph App
  • Platform: Web
  • Supported account types: Accounts in any organizational directory (Any Microsoft Entra directory - Multitenant)
  • Redirect URIs: https://localhost:5001 and https://localhost:5001/signin-oidc
  • Logout URL: https://localhost:5001/signout-oidc
  • API permissions: Microsoft Graph User.Read (delegated)

Create a new Microsoft Entra application registration by following these steps:

  1. In the web browser, go to the Microsoft Entra admin center (https://aad.portal.azure.com) and sign-in using your Microsoft 365 developer account.

  2. On the menu, select Microsoft Entra ID.

    Screenshot showing Microsoft Azure portal Microsoft Entra ID.

  3. Select App registrations from the left menu.

  4. Create a new app registration by selecting New registration in the toolbar.

    Screenshot showing selecting an app registration in Microsoft Entra ID.

  5. On the Register an application screen, enter the following values:

    • Name: enter a name for your application.

    • Supported account types: select Accounts in any organizational directory (Any Microsoft Entra directory - Multitenant).

    • Redirect URI (optional): select Web and enter https://localhost:5001.

    • Select Register.

      Screenshot showing how to register a web app in Microsoft Entra ID.

  6. Once the app is created, copy the Application (client) ID value and save it. You'll need the value later. This value can be found on the Overview screen.

    Screenshot showing the app overview information.

  7. Select Authentication under Manage.

    Screenshot showing how to select the Authentication option.

  8. On the app's Authentication screen, enter the following values:

    • Web / Redirect URIs: select Add URI and enter a value of https://localhost:5001/signin-oidc.

    • Front-channel logout URL: enter https://localhost:5001/signout-oidc.

    • Implicit grant and hybrid flows: select ID tokens.

    • Select Save on the toolbar.

      Screenshot showing how to redirect U R I's and select I D tokens.

  9. Select Certificates & secrets under Manage.

  10. Select New client secret. Enter a value of App Client Secret in the Description and select any of the options for Expires. Select Add to create the secret.

    Screenshot showing how to create a client secret.

  11. Copy the client secret Value before you leave this page. You'll need it later.

    Screenshot showing how to copy the client secret.