Installing AAD Graph API in new tenant

%3CLINGO-SUB%20id%3D%22lingo-sub-1400969%22%20slang%3D%22en-US%22%3EInstalling%20AAD%20Graph%20API%20in%20new%20tenant%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1400969%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20I'm%20very%20new%20to%20Azure%20Active%20Directory%20(and%20Azure%20in%20general)%20so%20please%20bear%20with%20me.%20I'm%20in%20the%20process%20of%20provisioning%20a%20new%20tenant%20in%20Azure%20Dogfood%20so%20that%20I%20can%20do%20a%20tenant%20level%20deployment.%20However%2C%20I%20will%20need%20to%20first%20assign%20myself%20Owner%20role%20to%20the%20root%20scope%20using%20the%20Powershell%20cmdlet%20%3CSPAN%3ENew-AzRoleAssignment%26nbsp%3B%3C%2FSPAN%3Eaccording%20to%20this%20page%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-resource-manager%2Ftemplates%2Fdeploy-to-tenant%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-resource-manager%2Ftemplates%2Fdeploy-to-tenant%3C%2FA%3E).%20However%20when%20I%20run%20the%20cmdlet%20I'm%20getting%20the%20error%20%22The%20resource%20principal%20named%20%3CA%20href%3D%22https%3A%2F%2Fgraph.windows.net%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.windows.net%2F%3C%2FA%3E%20was%20not%20found%20in%20the%3CBR%20%2F%3Etenant%20named%20%7Btenatid%7D.%20This%20can%20happen%20if%20the%20application%20has%20not%20been%20installed%20by%20the%20administrator%20of%20the%20tenant%22.%20Apparently%20New-AzRoleAssignment%20will%20use%20AAD%20Graph%20API%20for%20authentication%20but%20AAD%20Graph%20API%20is%20not%20installed%20in%20the%20new%20tenant%20I%20provision.%20I%20try%20installing%20it%20through%20the%20market%20place%20in%20the%20Azure%20Portal%20but%20AAD%20Graph%20API%20is%20not%20found.%20How%20can%20I%20install%20AAD%20Graph%20API%20in%20the%20portal%3F%20Thanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1400969%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1401399%22%20slang%3D%22en-US%22%3ERe%3A%20Installing%20AAD%20Graph%20API%20in%20new%20tenant%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1401399%22%20slang%3D%22en-US%22%3EHi%3CBR%20%2F%3EI%20am%20also%20pretty%20new%20to%20Azure%20Graph.%20But%20I%20would%20recommend%20you%20to%20go%20to%20the%20app%20registrations%20and%20not%20market%20place%20to%20register%20your%20application.%20Found%20in%20Azure%20Active%20Directory%26gt%3BApp%20regestration.%20There%20you%20can%20link%20your%20new%20app.%3CBR%20%2F%3E%3CBR%20%2F%3EMaybe%20this%20also%20helps%20you%20out%3A%20%3CA%20href%3D%22https%3A%2F%2Ftech.nicolonsky.ch%2Fexploring-the-new-microsoft-graph-powershell-modules%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ftech.nicolonsky.ch%2Fexploring-the-new-microsoft-graph-powershell-modules%2F%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1401648%22%20slang%3D%22en-US%22%3ERe%3A%20Installing%20AAD%20Graph%20API%20in%20new%20tenant%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1401648%22%20slang%3D%22en-US%22%3EIt%20seems%20that%20you%20are%20missing%20some%20general%20info%20about%20Microsoft%20Graph.%20Have%20you%20check%20out%20this%20blog%20series%20%3CA%20href%3D%22https%3A%2F%2Fdeveloper.microsoft.com%2Fen-us%2Fgraph%2Fblogs%2Fannouncing-30-days-of-microsoft-graph-blog-series%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdeveloper.microsoft.com%2Fen-us%2Fgraph%2Fblogs%2Fannouncing-30-days-of-microsoft-graph-blog-series%2F%3C%2FA%3E.%3CBR%20%2F%3E%3CBR%20%2F%3EThis%20walks%20you%20through%20the%20beginnings%20of%20creating%20your%20first%20app%3C%2FLINGO-BODY%3E
Microsoft

Hi I'm very new to Azure Active Directory (and Azure in general) so please bear with me. I'm in the process of provisioning a new tenant in Azure Dogfood so that I can do a tenant level deployment. However, I will need to first assign myself Owner role to the root scope using the Powershell cmdlet New-AzRoleAssignment according to this page (https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/deploy-to-tenant). However when I run the cmdlet I'm getting the error "The resource principal named https://graph.windows.net/ was not found in the
tenant named {tenatid}. This can happen if the application has not been installed by the administrator of the tenant". Apparently New-AzRoleAssignment will use AAD Graph API for authentication but AAD Graph API is not installed in the new tenant I provision. I try installing it through the market place in the Azure Portal but AAD Graph API is not found. How can I install AAD Graph API in the portal? Thanks

2 Replies
Hi
I am also pretty new to Azure Graph. But I would recommend you to go to the app registrations and not market place to register your application. Found in Azure Active Directory>App regestration. There you can link your new app.

Maybe this also helps you out: https://tech.nicolonsky.ch/exploring-the-new-microsoft-graph-powershell-modules/
It seems that you are missing some general info about Microsoft Graph. Have you check out this blog series https://developer.microsoft.com/en-us/graph/blogs/announcing-30-days-of-microsoft-graph-blog-series/.

This walks you through the beginnings of creating your first app