Sign in Subscribe
1 min read SharePoint

Azure App Registration for Select SharePoint Sites

Learn how to set up an Azure App Registration to provide your application access to specific SharePoint sites, without granting full control.

This post explains how to create an Azure App Registration and configure it to provide your application access to specific SharePoint sites.

The Azure App Registration provides your application permissions to various sources, like SharePoint, removing the need to run it using a user account.

Instead of giving full control to all of SharePoint, we want our app to access select sites. We can use PowerShell to set which we want the application to have permissions for.

Create the App Registration in Azure.

Follow these steps to create an Azure App Registration using a self-signed certificate.

  • First, create a self-signed certificate.
  • Save the .cer and .pfx files and the information used to create the certificate.
  • Create an Azure App Registration from Azure AD.
    • Search for App Registrations and click on the result.
    • Click New Registration.
    • Enter a name that is easy to understand.
    • Select your account types.
    • Click Register.
  • Select Certificates & Secrets in the left menu.
  • Upload the earlier .cer file.
  • Select API Permissions.
  • Select Add a permission.
  • Select SharePoint.
  • Select Application permissions.
  • Select Sites.Selected.
  • Click the Add Permissions button to save.
  • As an administrator, click Grant admin consent for {Your Organization}.
  • Click Yes to confirm.

Next, use the PowerShell below to set the SharePoint sites the App Registration can access.

Grant permissions to select sites using PowerShell.

$targetSiteUrl = ‘{sharepoint site url}’
Connect-PnPOnline $targetSiteUrl -Interactive
Grant-PnPAzureADAppSitePermission -AppId ‘{app (client) id}’ -DisplayName ‘{app display name}’ -Site $targetSiteUrl -Permissions Write

Get site permission for a selected site.

Get-PnPAzureADAppSitePermission -Site $targetSiteUrl

Revoke Permission via PowerShell.

$targetSiteUrl = '{sharepoint site url}'
Connect-PnPOnline $targetSiteUrl -Interactive
Revoke-PnPAzureADAppSitePermission -PermissionId '{permissionid}' -Site $targetSiteUrl -Force

Get-PnPAzureADAppSitePermission -Site $targetSiteUrl

You might also like...

05
Aug

Azure Web App authenticating to SharePoint with an App Registration and Certificate

3 min read
05
Aug

Azure App Registration for Select SharePoint Sites

1 min read
05
Aug

Create a self-signed Certificate using PowerShell

2 min read
27
Jul

Hide commands from a SharePoint list or library toolbar

1 min read
27
Jul

Enable Custom Scripts in SharePoint Sites

1 min read

Member discussion