Multi Tenant Azure AD apps not visible in Office 365 My Apps Launcher

Question

I have two Office 365 tenants one for Production and one for Testing. I can see in manage.windowsazure.com my two Active Directories.

I noticed the following behavior when creating multi tenant user consent application.

When a multi tenant Azure AD application is registered in Azure AD 'X' then, this app is not available in the "My Apps Launcher" for Office 365 users in tenant 'X'. On the other hand, the app is accessible in launcher (after pinning it from 'View all my apps') for all users and tenants except 'X'.

Is that an expected behavior?

Answer 1

I think only apps that the user is assigned to show up in the Office portal.

If you create the app in your tenant, admin consent is applied automatically in your tenant, meaning that all users automatically get consented to it but none of them get assigned.

On the other hand, what you've been testing with users from another tenant is user consent, which consents just that user to the app, and also assigns them to it.

If that other tenant went through admin consent (by adding prompt=admin_consent to the login.microsoftonline.com), you'd see the same behavior as your tenant where everyone gets consented but no one assigned, and therefore no one would (by default) see it in the Office portal.

To have it show up in the case of admin_consent (whether it's in your tenant or some other one) you need to:

1. Go to the classic Azure portal and navigate Azure AD and your app.
2. Once in your app's Azure AD page, select Users & Groups
3. Select "All Users" from the Show filer and click on the check mark.
4. Select a user and click on the bottom at the bottom that says "Assign"

Doing that should make your app show up for that user in the Office Portal.