Azure AD - disable a client's application

2019-09-06 18:38发布

I want to create a service that can deny\revoke access to a user's mobile mail application.

To be specific, I want to temporarily revoke access to a mobile mail client app (like Nine) using office365 online exchange mail, which is authenticated as an Azure Active Directory application.

So far I figured out how to do similar or partial actions:

Which API should I use in order to handle outlook/AD users or their authorized applications?

1条回答
小情绪 Triste *
2楼-- · 2019-09-06 19:30

If you want to disable the application which integrate with Azure AD through OAuth 2.0, we can disable it as figure below through the new portal:

Switch your Azure active directory->All applicaitons->Select the application you want to manage->Properties->Set the option Enabled for users sign-in to NO.

We can also use the Azure AD Graph to change this option. Here is the sample request for your reference. And this rest require the permission of Directory.AccessAsUser.All, we need to register an app and assign this permission to the app and login-in with the admin account.

PATH: https://graph.windows.net/{tenantId}/servicePrincipals/{servicePrincipalId}?api-version=1.6
authorization: bearer {access_token}

{
     "accountEnabled":false
}

enter image description here

查看更多
登录 后发表回答