Add permissions to an Azure App Registration


The example provided is for DELEGATED permissions type which is used to simulate the actions of a user and is limited to the scope of the user's access rights.


  1. Login to Azure Active Directory admin center here: Azure AD Admin Center
  2. Locate/select the Azure Active Directory tile/blade.
  3. Locate/select the App registrations blade
  4. Locate/select your app designated for SCOM M365 monitoring, this will open the app blade.


Example from my lab.

Graphical user interface, text, application

Description automatically generated


5. Locate/select API permissions. This will open the permissions blade to reveal all existing permissions for the app.


A screenshot of a computer

Description automatically generated



6. Select Add a permission. The list of Microsoft APIs will appear in a flyout.
7. Select Microsoft Graph.



A screenshot of a computer

Description automatically generated



8. Selected the Delegated permission type.
9. Type the name of the specific permission required into the search field. Any/all matching permissions will appear in the list below.
10. Select the checkbox for the required permission(s).
11. At this time, you may repeat steps 9, 10 above to select all required permissions before saving. You do NOT have to add a single permission at a time, multi-select is allowed.
12. Select Add permissions at the bottom of the window.

 

A screenshot of a computer

Description automatically generated


Once a permission has been added, you must grant admin consent, which effectively activates the permission.

  1. Select Grant admin consent for <YourTenantName>.
  2. Select Yes in the Grant admin consent confirmation popup window.

A screenshot of a computer

Description automatically generated


Confirmation dialogue should appear as shown below.


Graphical user interface, text, application

Description automatically generated

Verify that admin consent has been granted to ALL listed permission.