Grant Graph API permissions to app registration

App Registration provision

App Registrations are containers that allow user-independent permission assignment and are therefore ideally suited for automation. App Registrations can be created in Azure Portal → Microsoft Entra ID → App Registrations. App Registrations should be preferred to service accounts whenever possible.

The following variables are used to authenticate to the Graph API using application permissions. The ClientSecret must not be stored as clear text in scripts or applications under any circumstances, but must be stored in designated containers (e.g. Azure Runbook Credential Store, Azure Key Vault or Windows Credential Store).

Variables used

$TenantID: This is the identity of the tenant, which is unique.

$ClientID: The ClientID can be used to uniquely identify the App Registration.

$ClientSecret: The ClientSecret expires every max. 24 months (2 years) and is like the password for the App Registration.

Read ClientID & TenantID

The ClientID & TenantID can be read out on the start page of the App Registration itself.