From what I understand, adding permissions in the 'permissions to other applications' section of an Azure AD Application means that any tenant administrator trying to grant access to that application using the Admin consent flow must have all the services requested. E.g. if requesting Office 365 'Read users email' permission and CRM Online 'Access CRM Online as organization users' permission the requesting tenant must have both of those Microsoft Services linked to their Azure AD.

If you don't have access to all requested services you receive the following error:

'AADSTS65005: The application needs access to a service that your organization [Organization name here] has not subscribed to. Please contact your Administrator to review the configuration of your service subscriptions.

I have attached a diagram playing out a simple example. This will not work for ISV's who would like to provide optional integrations as they will need to create an Azure AD application (and associated ASP.NET application instance) per potential combination of Microsoft services a tenant could have, just to work around this issue that permissions are mandatory.

Dear,

I like everything azure and angular 2...

I'm the developer of adal-ts. The goal of adal-ts is to enable typescript developers, to write apps that allow their end-user to authenticate against azure active directory.

It is a npm module that developer can install, and integrate into angular2 application.

It has currently a code-coverage of 80+ percent. But their is still a lot of work to do. If you know someone who is willing to help me out?
How can we make it feature rich? (internal logging, automatic token refresh, support poup, etc...) Who can aid in developer manpower?

thx in advance...

I followed the document at https://identity.microsoft.com/Docs/Web for oauth and integrated in my web app. The login works fine from android devices as when clicked on the login button it opens a new page for taking office365 login details. Once done this page closes on it's own and the first page office365 callback function is called which we use to send id_token and other details of the user from this page to our web server. On IOS devices (MAC Book pro/IPAD) the second page gets the comes back to given redirect URI with the id token but the registered callback function doesn't get called hence the login page cannot complete the login process.

This is how I have declared:
function office365_login() {
/* START Office 365 login code */
var ADAL = new AuthenticationContext({
instance: 'https://login.microsoftonline.com/',
tenant: 'common', //COMMON OR YOUR TENANT ID
clientId: document.getElementById('office365Id').value, //This is your client ID
redirectUri: window.location.href, //This is your redirect URI
callback: office365UserSignedIn,
popUp: true
});
console.log("ADAL:", ADAL);
ADAL.login();
}

Currently Azure AD comes in three pricing Tiers with a heavy focus on Office 365 interoperability.

Azure Web Applications - particularly ones built using Cloud Services have no need of most of these features but do have need for
==> Authentication and Identity management
==> Brand Management
==> LDAP /Oauth 2.0 Federation

Self-service password reset is also a Nice to have feature.

Yet for a startup developer or someone building their first app on AzureAD, it makes no sense whatsoever to upgrade to either Basic or Premium since that involves signing an Enterprise Agreement, which often is not viable at the departmental level.

Essentially the current pricing and feature structure suggests that AD SHOULD NOT be used by Azure Cloud Service application developers and that instead they should use their own authentication and ACL mechanism or rely on an external oAuth 2.0 authenticator.

Remember that currently FaceBook sets the value of each customer at roughly $4.00/yr.... so the $6.00/yr/user fee for AD Premium ONLY makes sense if I am managing internal corporate identities and resources . NOT Web clients

Hi,

I had a UWP app working with OneDrive, allowing users to read and write to a file.

Then I accidentally deleted my app from the Application Registration Portal and now any OneDrive related code throws an authentication error.

How can I re-register my app with the Registration Portal to get it working with OneDrive again?

I can add anew app but cant see a way of getting the Windows Store platform back. All my other apps have this platform by default.

I've attached an image illustrating the platform that I want to add.

Thanks for any help anyone can offer!