Access personal accounts Onedrive with Azure AD Multi tenant

Question

I would like to create a daemon app on Azure that would allow to access multiple personal Microsoft accounts (not in same tenant). My idea: I create a multi tenant app in my tenant. Each user that authorizes access to his personal account, should give explicit consent.

I feel like it's possible when I read the doc but I'm not able to do it. What I currently did:

1. Create a V2 Multi Tenant app in Azure AD
2. Give Graph API: Files.Read.All and User.Read access on App permissions

Then I'm not sure how I should ask for the consent of users ? And then how can I get a token for a particular user to have daemon access ? (without explicitly having to ask again his consent)

Thanks for the help!

Answer 1

Even if it is not really clear out of the documentation of Microsoft as first it seems it's possible, I have the impression that it's not possible: Daemon applications can work only in Azure AD tenants. It wouldn't make sense to build a daemon application that attempts to manipulate Microsoft personal accounts. If you're a line-of-business (LOB) app developer, you'll create your daemon app in your tenant. If you're an ISV, you might want to create a multitenant daemon application. Each tenant admin will need to provide consent. (https://learn.microsoft.com/bs-cyrl-ba/azure/active-directory/develop/scenario-daemon-overview)