Registering AppGuru to manage Office 365

You must have a Service Principal ID and password to register AppGuru to be able to manage Office 365.

Follow these steps to get one. 

1)       Ensure you meet all system requirements:


2)      Connect to Windows Azure Active Directory. To do this, open the Windows PowerShell console as an administrator and give the following commands:

Import-Module MSOnline

Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted


3)      Create the Service Principal.

To do this, first download and unzip the PowerShell script: https://www.appguru.com/downloads/createserviceprincipal.zip

In the Windows PowerShell console, give the following commands :

./CreateServicePrincipal.ps1

Note: To manually create a service principal without using the script, review MSDN on how to create a Service Principal and how to assign it to a Role in your own Azure AD tenant.

Windows PowerShell

Copyright (C) 2009 Microsoft Corporation. All rights reserved. 

PS C:\Windows\system32> Import-Module MSOnline

PS C:\Windows\system32> Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted 

Execution Policy Change

The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose you to the security risks described in the about_Execution_Policies help topic. Do you want to change the execution policy?

[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"):

PS C:\Windows\system32> cd C:\Users\[user]\Downloads\createserviceprincipal

PS C:\Users\[user]\Downloads\createserviceprincipal> .\CreateServicePrincipalForAppGuru.ps1



4)      Run the CreateServicePrincipal script.

  • When prompted, provide the credentials of a company administrator for your tenant.
  • Enter the Service Principal name, for example AppGuruProvisioningApp
  • When prompted, log in to Office 365 AAD
  • When prompted, select the Permission Read+Write (type W).
  • The PowerShell script will return a set of property values
    • Copy the value of the AppPrincipalId  (see sample below) to AppGuru on the Access to Office 365 page in the Service Principal ID field.
    • Copy the random generated value of the Password (see sample below) to AppGuru on the Access to Office 365 page in the Password field.

Here is an example of the Windows PowerShell after completing the steps above.

PS C:\Users\[user]\Downloads\createserviceprincipal> .\CreateServicePrincipalForAppGuru.ps1

--------------------------------------------------------------------

WARNING: you are about to create a service principal that allows an application to access your Azure Active Directory Tenant's information. This includes access to your company's directory, staff heirarchy, and company license information. Please proceed only if you are an Administrator for the company and understand the permissions that you will grant for the application

------------------------------------------------------------------- 

NOTE: Once Servicer Principals are created, you can view them by using the Get-MsolServicePrincipal cmdlet from this PowerShell window. For a full list of commands available, including removing Service Principals, run get-help *-msolserviceprincipal* after this script is complete. 

Do you still wish to proceed?  (Y/N): Y 

--------------- Service Principal Name --------------------

Please enter a descriptive name for the Service Principal you wish to create. 

If you've created a Service Principal for this account before, you should use a new name or you will get an error that it already exists in this tenant. 

Example: Graph API Application 

Enter a Service Principal Name: AppGuruProvisioningApp 

--------------- Provide Your Administrator Credentials -------------------

You will need your Administrator account information for the next step. You will be prompted with a login screen that you will enter these credentials in to. 

Hit any key when ready 

cmdlet Get-Credential at command pipeline position 1

Supply values for the following parameters:

Credential 

--------------- Symmetric Key ---------------------

A Random Symmetric Key value will be generated and used as the password for this ServicePrincipal, along with your Appl

PrincipalId, TenantContextId, TenantDomainName to configure your application

 

--------------- Creating the Service Principal inside of Azure --------------------

We are ready to create the Service Principal for your tenant. 

Press enter key when you are ready to proceed or Ctrl-C to end. 

Creating the Service Principal inside your Azure Active Directory tenant 

NOTE: Once Servicer Principals are created, you can view them by using the Get-MsolServicePrincipal cmdlet from this PowerShell window. For a full list of commands available, including removing Service Principals, run get-help *-msolserviceprincipal* after this script is complete. 

Do wish to grant your application Read+Write permissions (W). Otherwise, it will be granted Read permission? : W 

Setting permissions to allow the Application Service Principal to have Read+Write permissions for your tenant. Review the Script to see how this authorization is done. 

--------------- Script is complete ----------------------

Please copy the below values since we will use them later when we start creating the application.

TenantDomainName: [yoursubdomain].onmicrosoft.com

TenantContextId: 116f1f33-4103-4f31-935e-34be0e7e560f

AppPrincipalId: 0bsdfcde-bert-44r5-9d56-345456b6fb7

Password: vSU8AWfghHdlztLQVhpi+B0TwertU5N2ABxOU4pPEoQ=

Audience URI: 1b6oiuzh-zztr-47f6-9e38-836c510b8fb3@116f1f77-4568-4f31-456e-38be0e7e987f


  

Feedback and Knowledge Base