The new Azure portal app registration experience
There are many improvements in the new App registrations experience in the Azure portal. If you're more familiar with the Application registration portal (apps.dev.microsoft.com) experience for registering or managing converged applications, referred to as the old experience, this training guide will get you started using the new experience.
What's not changing?
Your applications and related configurations can be found as-is in the new experience. You do not need to register the applications again and users of your applications will not need to sign-in again.
You must sign-in with the account you used to register applications to find them in the Azure portal. We recommend you check the signed in user in the Azure portal matches the user that was signed into the Application registration portal by comparing the email address from your profile.
In some cases, especially when you sign in using personal Microsoft accounts(e.g. Outlook, Live, Xbox, etc.) with an Azure AD email address, we found out that when you go to the Azure portal from the old experience, it signs you into a different account with the same email in your Azure AD tenant. If you still believe your applications are missing, sign out and sign in with the right account.
Live SDK apps created using personal Microsoft accounts are not yet supported in the Azure portal and will continue to remain in the old experience in near future.
In the old experience, apps were by default registered as converged apps supporting all organizational accounts (multitenant) as well as personal Microsoft accounts. This could not be modified through the old experience, making it difficult to create apps that supported only organizational accounts (either multitenant or single tenant). The new experience allows you to register apps supporting all those options. Learn more about app types.
In the new experience, if your personal Microsoft account is also in an Azure AD tenant, you will see three tabs--all applications in the tenant, owned applications in the tenant as well as applications from your personal account. So, if you believe that apps registered with your personal Microsoft account are missing, check the Applications from your personal account tab.
In the new experience, you can easily switch between tenants by navigating to your profile and choosing switch directory.
List of applications
The new app list shows applications that were registered through the legacy app registrations experience in the Azure portal (apps that sign in Azure AD accounts only) as well as apps registered though the Application registration portal (apps that sign in both Azure AD and personal Microsoft accounts).
The new app list has two additional columns: Created on column and Certificates & secrets column that shows the status (current, expiring soon, or expired) of credentials that have been registered on the app.
New app registration
In the old experience, to register a converged app you were only required to provide a Name. The apps that were created were registered as converged apps supporting all organizational directory (multitenant) as well as personal Microsoft accounts. This could not be modified through the old experience, making it difficult to create apps that supported only organizational accounts (either multitenant or single tenant). Learn more about supported account types
In the new experience, you must provide a Name for the app and choose the Supported account types. You can optionally provide a redirect URI. If you provide a redirect URI, you'll need to specify if it's web/public (native/mobile and desktop). For more info on how to register an app using the new app registrations experience, see this quickstart.
App management page
The old experience had a single app management page for converged apps with the following sections: Properties, Application secrets, Platforms, Owners, Microsoft Graph Permissions, Profile, and Advanced Options.
The new experience in the Azure portal represents these features into separate pages. Here's where you can find the equivalent functionality:
Properties - Name and Application ID is on the Overview page.
Application Secrets is on the Certificates & secrets page
Platforms configuration is on the Authentication page
Microsoft Graph permissions is on the API permissions page along with other permissions
Profile is on Branding page
Advanced option - Live SDK support is on the Authentication page.
Application secrets/Certificates & secrets
In the new experience, Application secrets have been renamed to Certificates & secrets. In addition, Public keys are referred to as Certificates and Passwords are referred to as Client secrets. We chose to not bring this functionality along in the new experience for security reasons, hence, you can no longer generate a new key pair.
Platforms/Authentication: Reply URLs/redirect URIs
In the old experience, an app had Platforms section for Web, native, and Web API to configure Redirect URLs, Logout URL and Implicit flow.
In the new experience, Reply URLs can be found on an app's Authentication section. In addition, they are referred to as redirect URIs and the format for redirect URIs has changed. They are required to be associated with an app type (web or public client - mobile and desktop). Learn more
Web APIs are configured in Expose an API page.
Try out the new Authentication settings experience where you can configure settings for your application based on the platform or device that you want to target. Learn more
Microsoft Graph permissions/API permissions
When selecting an API in the old experience, you could choose from Microsoft Graph APIs only. In the new experience, you can choose from many Microsoft APIs including Microsoft Graph, APIs from your organization and your APIs, this is presented in three tabs: Microsoft APIs, APIs my organization uses, or My APIs. The search bar on APIs my organization uses tab searches through service principals in the tenant.
You won't see this tab if your application isn't associated with a tenant. For more info on how to request permissions using the new experience, see this quickstart.
The old experience did not have a Grant permissions button. In the new experience, there's a Grant consent section with a Grant admin consent button on an app's API permissions section. Only an admin can grant consent and this button is enabled for admins only. When an admin selects the Grant admin consent button, admin consent is granted to all the requested permissions.
In the old experience, Profile had Logo, Home page URL, Terms of Service URL and Privacy Statement URL configuration. In the new experience, these can be found in Branding page.
In the new experience, Manifest page allows you to edit and update app's attributes. For more info, see Application manifest.
There's new UI for properties that could previously only be set using the manifest editor or the API, or didn't exist.
Implicit grant flow (oauth2AllowImplicitFlow) can be found on the Authentication page. Unlike the old experience, you can enable access tokens or ID tokens, or both.
Scopes defined by this API (oauth2Permissions) and Authorized client applications (preAuthorizedApplications) can be configured through the Expose an API page. For more info on how to configure an app to be a web API and expose permissions/scopes, see this quickstart.
The new experience has the following limitations:
The new experience does not yet support App registrations for Azure AD B2C tenants.
The new experience does not yet support Live SDK apps created with personal Microsoft accounts.
Changing the value for supported accounts is not supported in the UI. You need to use the app manifest unless you're switching between Azure AD single-tenant and multi-tenant.
If you're a personal Microsoft account user in Azure AD tenant, and the tenant admin has restricted access to Azure portal, you may get an access denied. However, if you come through the shortcut by typing App registrations in the search bar or pinning it, you'll be able to access the new experience.