question

TusharJasrotia-4927 avatar image
0 Votes"
TusharJasrotia-4927 asked ·

How to access multi-tenant data in Azure using a background / daemon application?

I have multi-tenant app registered in Azure Active Directory. This app is currently configured to perform following for its own tenant:

  1. Get access token for tenant using tenant's client-id / secret

  2. Create subscription for Outlook calendar events

  3. When calendar events occur, Microsoft calls our API and notifies us of the event-id.

  4. We query event details for that event-id using Graph APIs and store the Calendar event details in our DB.

We want to enhance this process to collect events for other tenants ( i.e. our customers ). Since I am not able to find a documentation to achieve the same, I am looking for pointers to find out the following:

Questions



  1. What set up or configuration is required in Azure from other tenants to allow this app to subscribe to their data?I have read about Consent and Permissions, but don't know how one tenant can give consent to app of other tenant. That's why asking this question.

  2. What updates are required for this app to receive notifications for calendar-events for other tenants? You can assume we have tenant-id for other tenants.


Pre-requisite

  • There is no user intervention, consent should be given in Azure portal itself (cannot do based on user sign in).

azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered ·

Hi Tushar,

Sorry for the late reply on this! Which guide are you currently following?

In Azure you will need to make sure that each tenant admin provides admin consent in the multi-tenant scenario.

During application registration, you need to share secrets or certificates or signed assertions with Azure AD. You also need to request application permissions and grant admin consent to use those app permissions.

More steps are covered in the guidelines here: https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-daemon-overview

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

WaldnerLongwood-7808 avatar image
1 Vote"
WaldnerLongwood-7808 answered ·

Hi Marilee,

Can you please share more details on how to "During application registration, you need to share secrets or certificates or signed assertions with Azure AD."?

Thanks,

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.