Azure Active Directory - Service to Service calls using Client Credentials

The Trusted Application API only accepts an AAD Oauth token issued to an application identity. In order that your application gets such a token from AAD, you need to either upload your application's credentials ( a certificate ) to AAD, and use that certificate whenever you need an Oauth token, or use a client secret.

When challenged for authentication by Skype for Business Online service, your application must perform authentication against Azure AD to receive an Oauth token.

Trusted Application API requires use of HTTPS and certificates for both AAD Service-to-service authentication and SSL.We require the use of publicly-signed certificates. If needed, you should be able to create a record or CName to point your own custom domain to your Azure cloud service.

For example, create a DNS CName, and that DNS CName points to (This allows you to avoid creating a certificate with SN:, but use a certificate with SN:

Please refer to the following information and examples for how to get an Oauth token and implement service to service calls.

Additional information

Building service aps in Office 365

Active Directory authentication scenarios

Active Directory Certificate Credentials

Configuring a custom domain name for an Azure cloud service

Authorize access to web applications using OAuth 2.0 and Azure Active Directory

Authentication Scenarios for Azure AD