How to Register an Application with Microsoft Entra(Azure AD) and SharePoint Graph API Access Permission
3 min readJul 3, 2024
Welcome to the SharePoint Archiving Solution Series:
This blog is divided into multiple sections, each focusing on a crucial aspect of the migration process. Below are links to navigate directly to each section:
- Introduction
- Pre-requisites
- Application Registration and API Permissions
- PowerShell Script Workflow
- Understanding the PowerShell Script — Part 1
- Understanding the PowerShell Script — Part 2
- Understanding the PowerShell Script — Part 3
- Get Full Script from GitHub
Register an Application
- Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
- Browse to Identity > Applications > App registrations and select New registration.
- Enter a name for your application. Under Supported account types, select the appropriate option (Accounts in this organizational directory only).
- Leave Redirect URI (optional) Empty
- Click on Register.
Retrieve Tenant ID and Application (Client ID)
Configure API Permissions
- After registering the application, navigate to API permissions.
- Click on Add a permission.
- Select Microsoft Graph.
- Select Application permissions.
- In the search box, type
Sites.ReadWrite.All
and select it. - Click on Add permissions.
- Click on Grant admin consent for [your tenant] to grant admin consent for the permissions. This step ensures that the permissions are applied across your organization.
Generate Client Secrets
- In the Azure AD app registration overview, navigate to Certificates & secrets.
- Under Client secrets, click on New client secret.
- Enter a description, select an expiration period (recommended to choose an appropriate period), and click Add.
- Note: Copy the client secret value immediately as it will be hidden later for security reasons.