The Power Architect
⌘K
Subscribe Sign in
The Power Architect
Azure

Azure App Registration for Select SharePoint Sites

How to create an Azure App Registration and configure it to provide your application access to only select SharePoint sites.
💡
Azure App Registrations allow developers to register their applications with Microsoft Entra. This registration enables applications to authenticate with Azure AD, access Azure services, and secure their APIs. It provides an Application ID and enables permission and consent configuration for accessing resources in the Azure ecosystem.

The Azure App Registration provides your application the permissions it needs to various sources, in this example, SharePoint. This eliminates the need to run your application using a user account.

In this specific example, rather than giving our app complete control over all of SharePoint, we want it to have access only to select SharePoint sites. We can use PowerShell to specify exactly which sites the application should have permissions to.

Create the App Registration in Azure

Follow the following steps to create an Azure App Registration using a self-signed certificate.

  • First, create a Create a self-signed Certificate using PowerShell.
  • Save the .cer and .pfx files and the information used to create the certificate.
  • Create an Azure App Registration from Azure AD.
    • Search for App Registrations, then click on the App Registrations result.
    • Click New Registration.
    • Enter a user-friendly name.
    • Select your Account types.
    • Click Register.
  • Select Certificates & Secrets in the left menu.
  • Upload the .cer file created earlier.
  • Select API Permissions.
  • Select Add a permission.
  • Select SharePoint.
  • Select Application permissions.
  • Select Sites.Selected.
  • Click the Add Permissions button to save.
  • As an administrator, click the Grant admin consent for {Your Organization}.
  • Click Yes to confirm.

Next, you'll use the PowerShell below to set which SharePoint sites the App Registration is allowed to access.

Grant permissions to select sites using PowerShell

$targetSiteUrl = ‘{sharepoint site url}’
Connect-PnPOnline $targetSiteUrl -Interactive
Grant-PnPAzureADAppSitePermission -AppId ‘{app (client) id}’ -DisplayName ‘{app display name}’ -Site $targetSiteUrl -Permissions Write

Get site permission for a selected site

Get-PnPAzureADAppSitePermission -Site $targetSiteUrl

Revoke Permission via PowerShell

$targetSiteUrl = '{sharepoint site url}'
Connect-PnPOnline $targetSiteUrl -Interactive
Revoke-PnPAzureADAppSitePermission -PermissionId '{permissionid}' -Site $targetSiteUrl -Force

Get-PnPAzureADAppSitePermission -Site $targetSiteUrl
Subscribe to receive every post in your email inbox.

No spam, no sharing to third party. Only you and me.

More like this

Create a self-signed Certificate using PowerShell

Create a self-signed Certificate using PowerShell

Run the following PowerShell to create a self-signed certificate using Windows and PowerShell. Helpful in creating certificates to use in an Azure App Registration.