Provectus Software GmbH

Enterprise Application

About Enterprise Application Registration

An Enterprise Application in Azure Active Directory (Azure AD) is an app registered in your organization’s directory.

The Secure Contacts App (SCA) needs to be registered as an Enterprise Application to:

  • Authenticate users securely via Azure AD.

  • Access organizational data such as contacts, groups, and directory information.

  • Enable centralized management and compliance of app permissions within your tenant.

Registering SCA ensures that administrators can control access and grant only the permissions necessary for the app to operate safely in the organization.

How to Register the SCA Enterprise Application

There are two ways to register SCA as an Enterprise Application:

1. Via the SCA Homepage

  1. Go to the Secure Contacts App homepage.

  2. In the Admin-Consent section, enter your Azure AD tenant ID and click Add.

  3. Sign in with an account that has the Global Administrator role.

  4. Grant tenant-wide admin consent to complete the registration.

2. Manual Registration via URL

  1. Construct the following URL, replacing {tenant-id} with your Azure AD tenant ID:

https://login.microsoftonline.com/{tenant-id}/adminconsent?client_id=20429334-d869-476e-8a65-ea300a327985

  1. Open the URL in your browser.

  2. Sign in with an account that has the Global Administrator role.

  3. Review and grant tenant-wide admin consent.

Example: https://login.microsoftonline.com/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/adminconsent?client_id=20429334-d869-476e-8a65-ea300a327985

XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX = Replace this with your own Tenant-ID 20429334-d869-476e-8a65-ea300a327985 = Enterprise-App-ID of Secure Contacts App

The admin consent page may sometimes get stuck in a loop and not provide feedback. To verify the registration:

  • Check if the Enterprise Application "Secure Contacts App" appears in your Azure AD.

  • If you encounter any issues with registering SCA in Azure AD, contact our support team for assistance

Permissions for SCA Enterprise app

In this table you will find all mandatory permissions

Graph-Value
Permission
Function in SCA

Contacts.Read

Read user contacts

Personal contacts (APC)

Contacts.Read.Shared

Read user and shared contacts

Shared Mailbox contacts (SMC)

Contacts.ReadWrite

Read and write user contact

Allows users to create, edit and delete their own personal contacts (APC)

Directory.Read.All

Read directory

List all AD user / contacts (AAD)

offline_access

Maintain access to data you have given it access to

Default-Requirement for Enterprise App

openid

Sign users in

Default-Requirement for Enterprise App

Presence.Read.All

Read presence information of all users in your organization

Teams Status

User.Read.All

View full user profile info

get UPN of all users and users profile photos (AAD)

Dynamics CRM
Permission
Function in SCA

user_impersonation

Access Common Data Service as organization users

Contacts from Dynamic 365 (D365) and from Dataverse (DVRS)

MS Mobile Application Management
Permission
Function in SCA

DeviceManagementManagedApps.ReadWrite

(Read and Write the User's App Management data / allow app access to the Intune app protection service)

Allows SCA to interact with the Intune App Protection service: checking and applying protection policies, reporting compliance status, and enforcing conditional access.

SCA permissions are all Delegated — the app acts only for the signed-in user.

PreviousAuthenticationNextConditional Access

Last updated

Was this helpful?