How to Use Microsoft Graph in a Multi-Tenant environment?

Question

I have an ASP.NET web application which has multitenancy supported in it . I have a requirement to integrate microsoft graph to access and write to outlook calendars.My question is , will every Tenant have its own application id and secret key ? Or will one secret key and application Id be common to all tenants ? Please provide me details of what needs to be changed as this is somehow misleading and vague. Thanks in advance.

Answer 1

This is discussed in the docs under Step 4 of Register an application with the Microsoft identity platform:

• Supported account types - Select which accounts you would like your application to support.

  • Accounts in this organizational directory only - Select this option if you're building a line-of-business (LOB) application. This option is not available if you're not registering the application in a directory.

    This option maps to Azure AD only single-tenant.

    This is the default option unless you're registering the app outside of a directory. In cases where the app is registered outside of a directory, the default is Azure AD multi-tenant and personal Microsoft accounts.

  • Accounts in any organizational directory - Select this option if you would like to target all business and educational customers.

    This option maps to an Azure AD only multi-tenant.

    If you registered the app as Azure AD only single-tenant, you can update it to be Azure AD multi-tenant and back to single-tenant through the Authentication blade.

  • Accounts in any organizational directory and personal Microsoft accounts - Select this option to target the widest set of customers.

    This option maps to Azure AD multi-tenant and personal Microsoft accounts.

    If you registered the app as Azure AD multi-tenant and personal Microsoft accounts, you cannot change this in the UI. Instead, you must use the application manifest editor to change the supported account types.