Registering Azure AD App in National Clouds

inkybuck · ‎Jun 01 2021

We have an app that uses the Microsoft identity platform to get tokens for Microsoft Graph and Exchange Online PowerShell, so that it can read and change settings in a customer's Office 365 tenant. We now need to make this work with Office 365 Germany, and eventually Office 365 Government Cloud Computing in the US. As I understand it, these are completely separate from the "normal" Azure AD, so we will need to register our app in each of these clouds. Normally the first step to doing this is to log into the Azure portal, however, it's not clear to me if or how I can get an account on the portal for either of these. In the case of Germany, I can't find how to create an account, maybe because it's being phased out. For Government Cloud Computing, it looks like you have to be a part of the government. As a developer wanting to get OAuth tokens for users on these clouds, how do we register our apps? Thanks for any information.

Seshadrr · ‎Jun 02 2021

National clouds are physically isolated instances of Azure. These regions of Azure are designed to make sure that data residency, sovereignty, and compliance requirements are honored within geographical boundaries.

Including the global cloud, Azure Active Directory (Azure AD) is deployed in the following national clouds:  

Azure Government
Azure Germany
Azure China 21Vianet

National cloud Azure AD portal endpoint
Azure AD for US Government https://portal.azure.us
Azure AD Germany https://portal.microsoftazure.de
Azure AD China operated by 21Vianet https://portal.azure.cn
Azure AD (global service) https://portal.azure.com

inkybuck · ‎Jun 02 2021

Right, so if I want to get an OAuth token for a customer using one of the national clouds, I need to have the app that is requesting the token registered in that cloud, is that correct? How to do I do that? I assume I need to log into the Azure portal that you listed for the given cloud? Do I need a Microsoft Work/School account in that cloud to do so? (It looks like yes, but can I get one, for instance, for Germany, which is not accepting new customers?)

Seshadrr · ‎Jun 02 2021

Seems your requirement can fulfill by following link that when you want to use the Azure Active Directory in the national cloud or sovereign for eg: cloud Microsoft Azure Germany

https://www.danielstechblog.io/using-azure-active-directory-in-microsoft-azure-germany-for-microsoft...

inkybuck · ‎Jun 02 2021

That has to do with Azure Stack, which I'm not using, although I see it does involve registering applications in Azure AD. However, to do so, one of the steps is: "When we are prompted to enter the AAD credentials, it is important to have an AAD tenant in Microsoft Azure Germany." This is the problem, whether using a PowerShell script, the portal, or whatever other means there are for registering an app, as far as I know you need to log into Azure AD Germany. Since I don't have an account and it is not accepting new customers, how do I do this?

Seshadrr · ‎Jun 02 2021

I haven't tried this approach, however theoretically when performing the requests against a National Cloud tenant, you must use the appropriate endpoints

https://blogs.aaddevsup.xyz/2020/06/configure-net-application-to-call-microsoft-graph-in-a-national-...

Please try this above procedure, else you would need to contact MS support case to get it more clarity rather than this forum. Thanks for your understanding

Registering Azure AD App in National Clouds

Registering Azure AD App in National Clouds

Re: Registering Azure AD App in National Clouds

Re: Registering Azure AD App in National Clouds

Re: Registering Azure AD App in National Clouds

Re: Registering Azure AD App in National Clouds

Re: Registering Azure AD App in National Clouds

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Registering Azure AD App in National Clouds