Entra App Registration

Name: Entra App Registration
Author: microsoft

microsoft/azure-skills

npx skills add https://github.com/microsoft/azure-skills --skill entra-app-registration

Installs	399k
GitHub stars	★ 1.2k
Security audit	3 / 3 scanners passed
Last updated	June 4, 2026
Repository	microsoft/azure-skills ↗

Related skills

Azure AigatewayConfigure Azure API Management as an AI gateway with policies, .NET SDK patterns, and production-ready auth for model and MCP traffic399k1.2k

Lark Openapi ExplorerFind and call Feishu/Lark native OpenAPI endpoints via lark-cli when existing skills and registered commands do not cover the user’s request.246k14.4k

SupabaseImplement or debug Supabase Database, Auth, Storage, Edge Functions, Realtime, RLS, migrations, SSR auth cookies, and CLI/MCP workflows with changelog-verified, tested changes.129k2.2k

Firebase Auth BasicsAdd Firebase sign-in, user profiles, and security rules when your app needs authenticated users.85.2k345

Firebase Data ConnectModel Postgres-backed app data with Firebase Data Connect GraphQL schemas, auth-aware tables, and example queries for a real feature slice.82.5k345

Convex QuickstartBootstrap a new Convex backend or add Convex to an existing React, Next.js, Vue, or Svelte app and verify dev with one-shot provisioning.69.3k31

FAQ

Is Entra App Registration safe to install?

skills.sh reports 3 of 3 security scanners passed. Review the Security Audits panel on this page before installing in production.

SKILL.md

## Overview

Microsoft Entra ID (formerly Azure Active Directory) is Microsoft's cloud-based identity and access management service. App registrations allow applications to authenticate users and access Azure resources securely.

### Key Concepts

| Concept | Description |
|---------|-------------|
| **App Registration** | Configuration that allows an app to use Microsoft identity platform |
| **Application (Client) ID** | Unique identifier for your application |
| **Tenant ID** | Unique identifier for your Azure AD tenant/directory |
| **Client Secret** | Password for the application (confidential clients only) |
| **Redirect URI** | URL where authentication responses are sent |
| **API Permissions** | Access scopes your app requests |
| **Service Principal** | Identity created in your tenant when you register an app |

### Application Types

| Type | Use Case |
|------|----------|
| **Web Application** | Server-side apps, APIs |
| **Single Page App (SPA)** | JavaScript/React/Angular apps |
| **Mobile/Native App** | Desktop, mobile apps |
| **Daemon/Service** | Background services, APIs |

## Core Workflow

### Step 1: Register the Application

Create an app registration in the Azure portal or using Azure CLI.

**Portal Method:**
1. Navigate to Azure Portal → Microsoft Entra ID → App registrations
2. Click "New registration"
3. Provide name, supported account types, and redirect URI
4. Click "Register"

**CLI Method:** See [references/cli-commands.md](references/cli-commands.md)
**IaC Method:** See [references/BICEP-EXAMPLE.bicep](references/BICEP-EXAMPLE.bicep)

It's highly recommended to use the IaC to manage Entra app registration if you already use IaC in your project, need a scalable solution for managing lots of app registrations or need fine-grained audit history of the configuration changes. 

### Step 2: Configure Authentication

Set up authentication settings based on your application type.

- **Web Apps**: Add redirect URIs, enable ID tokens if needed
- **SPAs**: Add redirect URIs, enable implicit grant flow if necessary
- **Mobile/Desktop**: Use `http://localhost` or custom URI scheme
- **Services**: No redirect URI needed for client credentials flow

### Step 3: Configure API Permissions

Grant your application permission to access Microsoft APIs or your own APIs.

**Common Microsoft Graph Permissions:**
- `User.Read` - Read user profile
- `User.ReadWrite.All` - Read and write all users
- `Directory.Read.All` - Read directory data
- `Mail.Send` - Send mail as a user

**Details:** See [references/api-permissions.md](references/api-permissions.md)

### Step 4: Create Client Credentials (if needed)

For confidential client applications (web apps, services), create a client secret, certificate or federated identity credential.

**Client Secret:**
- Navigate to "Certificates & secrets"
- Create new client secret
- Copy the value immediately (only shown once)
- Store securely (Key Vault recommended)

**Certificate:** For production environments, use certificates instead of secrets for enhanced security. Upload certificate via "Certificates & secrets" section.

**Federated Identity Credential:** For dynamically authenticating the confidential client to Entra platform.

### Step 5: Implement OAuth Flow

Integrate the OAuth flow into your application code.

**See:**
- [references/oauth-flows.md](references/oauth-flows.md) - OAuth 2.0 flow deta

Backend & APIsappsecsecrets

Installs

399k

GitHub stars

★ 1.2k

Security audit

3 / 3 scanners passed

Last updated

June 4, 2026

Repository

microsoft/azure-skills ↗

## Overview Microsoft Entra ID (formerly Azure Active Directory) is Microsoft's cloud-based identity and access management service. App registrations allow applications to authenticate users and access Azure resources securely. ### Key Concepts | Concept | Description | |---------|-------------| | **App Registration** | Configuration that allows an app to use Microsoft identity platform | | **Application (Client) ID** | Unique identifier for your application | | **Tenant ID** | Unique identifier for your Azure AD tenant/directory | | **Client Secret** | Password for the application (confidential clients only) | | **Redirect URI** | URL where authentication responses are sent | | **API Permissions** | Access scopes your app requests | | **Service Principal** | Identity created in your tenant when you register an app | ### Application Types | Type | Use Case | |------|----------| | **Web Application** | Server-side apps, APIs | | **Single Page App (SPA)** | JavaScript/React/Angular apps | | **Mobile/Native App** | Desktop, mobile apps | | **Daemon/Service** | Background services, APIs | ## Core Workflow ### Step 1: Register the Application Create an app registration in the Azure portal or using Azure CLI. **Portal Method:** 1. Navigate to Azure Portal → Microsoft Entra ID → App registrations 2. Click "New registration" 3. Provide name, supported account types, and redirect URI 4. Click "Register" **CLI Method:** See [references/cli-commands.md](references/cli-commands.md) **IaC Method:** See [references/BICEP-EXAMPLE.bicep](references/BICEP-EXAMPLE.bicep) It's highly recommended to use the IaC to manage Entra app registration if you already use IaC in your project, need a scalable solution for managing lots of app registrations or need fine-grained audit history of the configuration changes. ### Step 2: Configure Authentication Set up authentication settings based on your application type. - **Web Apps**: Add redirect URIs, enable ID tokens if needed - **SPAs**: Add redirect URIs, enable implicit grant flow if necessary - **Mobile/Desktop**: Use `http://localhost` or custom URI scheme - **Services**: No redirect URI needed for client credentials flow ### Step 3: Configure API Permissions Grant your application permission to access Microsoft APIs or your own APIs. **Common Microsoft Graph Permissions:** - `User.Read` - Read user profile - `User.ReadWrite.All` - Read and write all users - `Directory.Read.All` - Read directory data - `Mail.Send` - Send mail as a user **Details:** See [references/api-permissions.md](references/api-permissions.md) ### Step 4: Create Client Credentials (if needed) For confidential client applications (web apps, services), create a client secret, certificate or federated identity credential. **Client Secret:** - Navigate to "Certificates & secrets" - Create new client secret - Copy the value immediately (only shown once) - Store securely (Key Vault recommended) **Certificate:** For production environments, use certificates instead of secrets for enhanced security. Upload certificate via "Certificates & secrets" section. **Federated Identity Credential:** For dynamically authenticating the confidential client to Entra platform. ### Step 5: Implement OAuth Flow Integrate the OAuth flow into your application code. **See:** - [references/oauth-flows.md](references/oauth-flows.md) - OAuth 2.0 flow deta

Related skills

Is Entra App Registration safe to install?

This week for builders

Related skills

Is Entra App Registration safe to install?