Search

Updating Azure AD Permissions for Enterprise Accounts

Updated: Oct 18

Background

Microsoft is retiring the Azure AD Graph API at the end of the year, and alongside that all Azure AD Graph Permissions. To ensure that UXRisk continues to work after this point, all Enterprise accounts needs to re-authorize UXRisk to get the updated permission model that is using the Microsoft Graph API.


In the old Azure AD Graph API the permission model was not as fine grained as the updated Microsoft Graph API model. This means that the old permission we requested (Windows Azure Active Directory User.Read) has now been split into 3 separate permissions (Microsoft Graph openid/email/profile).


Requirements

  • An account with Global Admin roles

Process

There are two applications that need to be updated. They are described below as separate sections. Remember to check and update both. If you have any questions of need assistance, please contact us at support@uxrisk.com .


Web App

In Azure AD, navigate to "Enterprise applications"


Click on "Application ID starts with", enter "3b08707a-3fd8-457f-9998-47a539992762" and click "Apply":


Click on the application:


Navigate to "Permissions":


If the permission screen looks like in the the area marked in green (or you have some of the required Microsoft Graph permissions, but not all of those listed below), click the "Grant admin consent for ..." button:

You will then be taken to the consent screen where you can consent. After about one minute, the Permissions page should reflect the new Microsoft Graph API permissions when reloading the permissions.


If the permission screen looks like the following, this application does not need to be updated:

API

In Azure AD, navigate to "Enterprise applications"


Click on "Application ID starts with", enter "a5534748-193c-4e73-b818-e36750be91ae" and click "Apply":


Click on the application:


Navigate to "Permissions":


If the permission screen looks like in the the area marked in green (or you have some of the required Microsoft Graph permissions, but not all of those listed below), click the "Grant admin consent for ..." button:


You will then be taken to the consent screen where you can consent. After about one minute, the Permissions page should reflect the new Microsoft Graph API permissions when reloading the permissions.


If the permission screen looks like the following, this application does not need to be updated:


16 views0 comments

Recent Posts

See All