Configure your App Service app to use Microsoft Account login

This topic shows you how to configure Azure App Service to use Microsoft Account as an authentication provider.

Register your app with Microsoft Account

  1. Go to App registrations in the Azure portal. If needed, sign in with your Microsoft account.

  2. Select New registration, then enter an application name.

  3. In Redirect URIs, select Web, and then enter https://<app-domain-name>/.auth/login/microsoftaccount/callback supply the endpoint for your application. Replace <app-domain-name> with the domain name of your app. For example, https://contoso.azurewebsites.net/.auth/login/microsoftaccount/callback. Be sure to use the HTTPS scheme in the URL.

  4. Select Register.

  5. Copy the Application (Client) ID. You'll need it later.

  6. From the left pane, select Certificates & secrets > New client secret. Enter a description, select the validity duration, and select Add.

  7. Copy the value that appears on the Certificates & secrets page. After you leave the page, it won't be displayed again.

    Important

    The password is an important security credential. Do not share the password with anyone or distribute it within a client application.

Add Microsoft Account information to your App Service application

  1. Go to your application in the Azure portal.

  2. Select Settings > Authentication / Authorization, and make sure that App Service Authentication is On.

  3. Under Authentication Providers, select Microsoft Account. Paste in the Application (client) ID and client secret that you obtained earlier. Enable any scopes needed by your application.

  4. Select OK.

    App Service provides authentication, but doesn't restrict authorized access to your site content and APIs. You must authorize users in your app code.

  5. (Optional) To restrict access to Microsoft account users, set Action to take when request is not authenticated to Log in with Microsoft Account. When you set this functionality, your app requires all requests to be authenticated. It also redirects all unauthenticated requests to Microsoft account for authentication.

    Caution

    Restricting access in this way applies to all calls to your app, which might not be desirable for apps that have a publicly available home page, as in many single-page applications. For such applications, Allow anonymous requests (no action) might be preferred so that the app manually starts authentication itself. For more information, see Authentication flow.

  6. Select Save.

You are now ready to use Microsoft Account for authentication in your app.

Next steps