Configuring Pre-consent (Native App for Graph API)

Note: The steps of the section must be performed only for the native app intended for the Graph API.

Configure pre-consent:

1. On a machine having Azure Active Directory PowerShell Module Version 2 installed, open a Windows PowerShell command prompt session.

2. Run the following command to connect to the Azure Active Directory:

   Connect-AzureAD -AzureEnvironmentName "AzureGermanyCloud"

   You will then be prompted for your credentials. Click Work or School Account and log in using the credentials of the user with the Global Admin permissions in your CSP account’s Azure Active Directory.

3. Modify the PowerShell script given below by specifying the Object ID of the native app intended for the Graph API.

   #Specify the Application Object Id of the Native App

   $appObjectId = 'APPLICATION-OBJECT-ID-HERE'

   Set-AzureADApplication -ObjectId $appObjectId -AvailableToOtherTenants $true

   $azureADApp = Get-AzureADApplication -ObjectId $appObjectId

   #Get the Service Principal for the Application object

   $servicePrincipal = Get-AzureADServicePrincipal -All $true | ? {$_.AppId -eq $azureADApp.AppId}

   #Get the Admin Agents Group object

   $adminAgentsGroup = Get-AzureADGroup -All $true | ? {$_.DisplayName -eq 'AdminAgents'}

   #Run the below command to add preconsent for the application

   Add-AzureADGroupMember -ObjectId $adminAgentsGroup.ObjectId -RefObjectId $servicePrincipal.ObjectId

4. Execute the modified script to configure pre-consent for the native app.