Enabling Microsoft Azure portal access to manage applications using the OAuth2 protocol
In my previous post about OAuth2 access to Calendar, Contact and Mail APIs I explained that applications need to be registered and configured in Microsoft Azure Active Directory (AAD). Furthermore, administrators for Office 365 organizations use Microsoft Azure Active Directory to manage OAuth2-enabled applications used by users in their organization. This management includes seeing which web applications users consented to, or revoking access to web applications.
The management user interface for AAD is available within the Microsoft Azure portal. While all Office 365 organizations automatically have AAD available, currently the Microsoft Azure portal requires additional sign-up to get access to the management user interface.
We are actively working on changing this so that no sign-up is required. In the meantime, be aware that no Office 365 organization will be charged additional fees for signing-up to Microsoft Azure as long as no additional services other than AAD are subscribed to. Be assured that AAD comes with any Office 365 subscription for free.
I thought it is worth a blog guiding through the sign-up experience to get to the Microsoft Azure portal to start registering, configuring and managing applications for your Office 365 organization.
Step 1: Launching the Microsoft Azure management portal
In your browser of choice simply navigate to https://manage.windowsazure.com/. You should be prompted to provide a user account. Here you should enter any organizational account that is an administrator of your Office 365 organization.
In the next step you will be asked to provide the password for the account that you specified.
Step 2: Starting the sign-up for Microsoft Azure portal
After successful sign-on with an administrative organizational account of your Office 365 organization, a screen is displayed that will indicate that this account has no Microsoft Azure subscription associated. By selecting "Sign up for Windows Azure" you start the process of enabling your Office 365 organization to manage AAD within Microsoft Azure Portal.
Step 3: Providing and verifying contact information
In this step you can provide and change contact information for the Microsoft Azure subscription. Some of the information will be prefilled based on the account information of the organizational account that was used to sign-on.
Don't worry about the words "Free Trial", you will actually get a fully functional subscription with no additional charges at the end of this process. Note that additional charges only apply if additional Microsoft Azure services are subscribed to.
Provide a valid verification before continuing to the next step. Below is an example using text messages.
Step 4: Add payment information and confirm the sign-up to Microsoft Azure
Although the AAD services are available at no charges, including the management of those in the Microsoft Azure portal you will be asked to provide a valid payment information. Again, rest assured that there will be no charges against this payment option unless at a later time you add non-AAD Microsoft Azure services that require payment.
We're almost there. Simply check the checkboxes to agree to the Microsoft Azure terms of use and optionally to be contacted for additional Microsoft Azure offers and click on "Sign up".
Step 5: Change the free trial to a pay-as-you-go subscription
In Step 3 I told you to not worry about the wording of "Free Trial". But at this point if you don't do anything the Microsoft Azure subscription will expire in 30 days. So why did I tell you to not worry?
Well, first of all, even if you choose to not do anything, at this point you can start using the Microsoft Azure portal for 30 days to register, configure and/or manage applications using the OAuth2 framework. But what happens after the 30 days you might wonder. The answer is you can't manage AAD anymore in the Microsoft Azure portal as your subscription is expired. But all the applications are still there as AAD itself remains active and fully functional. AAD is unaffected by the expiration of the Microsoft Azure subscription and the Microsoft Azure subscription only governs the user's ability to sign in to the Microsoft Azure Portal for our purposes.
To avoid doing the sign-up again after these 30 days, I recommend to convert the "Free Trial" to a "Pay-as-you-Go" subscription by selecting the "Upgrade Now" option. Doing this upgrade will ensure a non-interruptive management experience in the Microsoft Azure portal for all your applications in AAD.
Again: no additional charges will apply for this upgrade unless you subscribe to non-AAD Microsoft Azure services.
After selecting the "Upgrade Now" option, select "Yes, upgrade my subscription" and give it a friendly name such as "Pay-As-You-Go" and click the checkmark in the right lower corner to complete the upgrade process.
Step 6: Confirmation of the upgrade
After you go through the upgrade process you should see a screen similar to this, indicating you have 30 days to try additional Azure services, and after these 30 days the subscription will continue. The message also indicates that you will not be charged for services that are included in the subscription. AAD is one of these services that are included.
Step 7: Start managing AAD in the Microsoft Azure portal
To finish this blog, let me guide you through getting to the AAD management user interface in Microsoft Azure. In the last step the screenshot shows in the upper left corner a link called "Portal". By selecting this link you will launch the Microsoft Azure portal. Since this is the first time, you will be greeted with a tour that explains some more things regarding management of services within Microsoft Azure. You can select the arrow key to browse through this sequence or simply close it.
To get to the AAD management user interface, select "All Items" in the left navigation bar. You should see your Office 365 organization listed there as type "Directory".
By selecting this you launch the Microsoft Azure Active Directory management interface and can see "Applications" as one of the tabs to choose from.
Congratulations, you did it! You are ready to manage applications your users or administrators installed or consented to, or start registering and configuring your own applications for some cool development of new apps for Office 365 using OAuth2!
What's next: You can read how to register and configure an application for Office 365 APIs here.
Comments
Anonymous
June 25, 2014
I can't sign up for Azure because the Payment Info section of the sign up form just keeps loading and loading swishing the Knight Rider type animation thingy back and forth continuously, forever. What's the problem?Anonymous
August 18, 2014
Is this still the recommended process?Anonymous
September 08, 2014
If you already have an Azure subscription on a Microsoft Account, but also have Office 365 small business (without an Azure account) is there any way to link the Office 365 account to the existing Azure/Microsoft account?Anonymous
September 09, 2014
the payment information keep loading again and again .. ????????Anonymous
November 03, 2014
it dosent work after subscription as wellAnonymous
February 16, 2015
I am having issues actually accessing the account it has been set up. I have managed to log in once, create services that I am still able to access, but attempts to log in to the portal are now being met with errors that no subscription exists.