How to use the Azure AD associated with your SharePoint Online

Azure Active Directory (Azure AD)

With the usual configuration of Office 365 and Azure, there might be multiple Azure AD (AAD) instances associated with your subscription. When creating registrations to whatever SharePoint-related apps that you might be using, if you create the registration to the wrong Azure AD, it can’t access the data in your SharePoint. Or at least without further configurations, it probably won’t get any data from your Office Graph API or whatever else you might want to use. 

How to find the instance of Azure AD associated with your SharePoint Online

It’s simple, luckily! This guide will show you how to select the right AAD instance. It’s geared towards a case where you’re actually wanting to register a new app to your AAD, or if you’re planning to use an enterprise application. The last step (4.) handles that part.

So – don’t start by browsing to portal.azure.com. That’ll just let you access the Azure AD instace(s) associated with your Azure subscription – not your SharePoint Online tenant. Instead, follow these steps:

  1. Go to portal.office.com and choose Admin  to access the administration portal. Note that you need to sign in as the global administrator (or some other role with sufficient access to the portal).
    1. Office Admin Portal Icon

      Office Admin Portal Icon

  2. Then make sure you are signed-in in the right tenant! Each SharePoint tenant has an Azure AD associated to it, and that instance is where we want to do the registration. Select “Azure AD” from the “Admin Centers” -section on the bottom left.
    1. Office365 Admin Centers -> Azure AD

      Office365 Admin Centers -> Azure AD

  3. If need be – choose the correct instance of AAD by selecting your account in the top right corner of the page. Since it’s a tenant-specific AAD instance, it should look something like this.
    1. Tenant-specific Azure AD instance

      Tenant-specific Azure AD instance – what it probably should look like!

    2. Yes – it’s fairly barebones. It’s not supposed to offer many services – it’s just used for your SharePoint Online tenant and facilitating access there!

  4. The next step depends on if you’re editing Enterprise Application (4.1) or Azure AD instance -specific app registration (4.2.)
    1. Select Enterprise Applications > All Applications from the left.
    2. Select More Services > App Registrations.
    3. The registrations there are fairly straightforward, so you should be good now! If you’re creating an app registration, just remember to configure the reply-urls with all possible different options 🙂

Credits and references

I got this tip from a coworker at Valo-team. Cool stuff!

The following two tabs change content below.
Antti Koskela is a proud digital native nomadic millenial full stack developer (is that enough funny buzzwords? That's definitely enough funny buzzwords!), who works as a Solutions Architect for Valo Intranet, the product that will make you fall in love with your intranet. Working with the global partner network, he's responsible for the success of Valo deployments happening all around the world. He's been a developer from 2004 (starting with PHP and Java), and he's been bending and twisting SharePoint into different shapes since MOSS. Nowadays he's not only working on SharePoint, but also on .NET projects, Azure, Office 365 and a lot of other stuff.This is his personal professional (professional, but definitely personal) blog.

One thought on “How to use the Azure AD associated with your SharePoint Online

Leave a Reply

Your email address will not be published. Required fields are marked *