Grant Graph API permissions to app registration
App Registration provision
App Registrations are containers that allow user-independent permission assignment and are therefore ideally suited for automation. App Registrations can be created in Azure Portal → Microsoft Entra ID → App Registrations. App Registrations should be preferred to service accounts whenever possible.
The following variables are used to authenticate to the Graph API using application permissions. The ClientSecret must not be stored as clear text in scripts or applications under any circumstances, but must be stored in designated containers (e.g. Azure Runbook Credential Store, Azure Key Vault or Windows Credential Store).
Variables used
$TenantID: This is the identity of the tenant, which is unique.
$ClientID: The ClientID can be used to uniquely identify the App Registration.
$ClientSecret: The ClientSecret expires every max. 24 months (2 years) and is like the password for the App Registration.
Read ClientID & TenantID
The ClientID & TenantID can be read out on the start page of the App Registration itself.
Client Secret erstellen
For the ClientSecret you have to switch to the "Certificates & Secrets" tab. A ClientSecret can be added via "New client secret". Then a name can be given there. Attention: Afterwards the ClientSecret is valid for 24 months (2 years) and expires after a certain time. In addition, the value is only displayed once. Save the ClientSecret as the first step in your password safe.