Share via

How To Call Graph APIs, from Outlook Add-In, for Multiple Tenants, With Single Azure App

Arun Singh 0 Reputation points
2024-10-03T09:47:48.6933333+00:00

Hi,

We are building a web-based, JavaScript Outlook Add-In which is required to call Microsoft Graph APIs to access the Outlook's user's emails and attachments.

For the same, we understand that the prescribed approach is to register an Azure app, set it up for Graph access and, using MSAL libraries, acquire an access token for/from this Azure app. And, using this access token, make calls to Graph APIs.

But, our system is a multi-tenant one. And, as per our understanding of how Graph APIs are to be consumed from within an Outlook Add-In, we believe:

We would require each of our Tenant to register an Azure app, and set it up for Graph access.

  1. Now, to be able to call MSAL libraries for different Azure apps (a different one for each tenant), we would be required to have the Azure app details (such as AppId, Scope, ClientId) for each of our tenants. So that we can pass those details as parameters while calling the MSAL APIs.
  2. So, we need to explore and know if there is a provision where we can have just one Azure app which our Outlook Add-In will interact with. And, that Azure app, in turn, could be configured in a way which could enable it to provide access to Graph APIs for users of multiple tenancy.

Thank you

Arun

Outlook
Outlook
A family of Microsoft email and calendar products.
3,847 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,039 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rohit Raghuwanshi - MSFT 470 Reputation points Microsoft Vendor
    2024-10-03T11:35:42.7333333+00:00

    Hi Arun Singh,

    As mentioned in doc, application permission only works with Web / Daemon type of apps and as an Outlook add-in does not qualify as a Daemon Process, hence it needs to use Delegated Access only.

    Please refer the below doc for more details
    https://learn.microsoft.com/en-us/graph/permissions-overview?tabs=http#comparison-of-delegated-and-application-permissions

    If my answer is helpful to this question, please remember to "Accept as answer" to close this case and this will help people in this forum who have similar questions to yours find the answer easier.

    0 comments
  2. Yakun Huang-MSFT 4,800 Reputation points Microsoft Vendor
    2024-10-04T02:21:53.2433333+00:00

    Hello Arun Singh,

    Thank you for reaching out to Microsoft Support!

    When registering an application, you can choose to register the application as a multi-tenant application, as shown in the following figure:

    Screenshot 2024-10-04 101942

    See this document for more details.

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.