Member-only story
Using Azure Multi-Tenant App Registrations

App Registrations in Azure are the key to accessing resources in both Azure and Office 365 programmatically, but yet I find they are often confusing and misunderstood by so many! In the last few days, I’ve fielded questions from both teammates and customers alike where there was a requirement for an app in one tenant to be able to retrieve information about another tenant.
Taking a step back, why do we need an App Registration? App Registrations are a component of the Microsoft identity platform and Identity and Access Management (IAM). Whether it’s a client application like a web or mobile app, or it’s a web API that backs a client app, registering it establishes a trust relationship between your application and the identity provider, the Microsoft identity platform.
Using Microsoft’s Graph API as an example, there are two ways app registrations can interact with the graph API:
- Delegated permissions: apps that have a signed-in user present.
- Application permissions: apps that run without a signed-in user present.
But what if we need to access data from an external tenant? That’s where multi-tenant App Registrations come in. A multi-tenant application is basically a way for any Azure AD tenant to use your application, by creating passwordless trusts between the tenants…