# Enterprise Application

### About Enterprise Application Registration

An **Enterprise Application** in Azure Active Directory (Azure AD) is an app registered in your organization’s directory.

The **Secure Contacts App (SCA)** needs to be registered as an Enterprise Application to:

* **Authenticate users securely** via Azure AD.
* **Access organizational data** such as contacts, groups, and directory information.
* **Enable centralized management and compliance** of app permissions within your tenant.

Registering SCA ensures that administrators can control access and grant only the permissions necessary for the app to operate safely in the organization.

### How to Register the SCA Enterprise Application

There are **two ways** to register SCA as an Enterprise Application:

#### 1. Via the SCA Homepage

1. Go to the [Secure Contacts App homepage](/quickstart-guide/ios-mam-steps-to-activate-sca-in-your-azure-tenant/step-1-register-enterprise-app.md#step1-registerenterpriseapp-enterpriseappregistrationfromthescahomepage).
2. In the **Admin-Consent** section, enter your **Azure AD tenant ID** and click **Add**.
3. Sign in with an account that has the **Global Administrator** role.
4. Grant **tenant-wide admin consent** to complete the registration.

#### 2. Manual Registration via URL

1. Construct the following URL, replacing `{tenant-id}` with your Azure AD tenant ID:

```
https://login.microsoftonline.com/{tenant-id}/adminconsent?client_id=20429334-d869-476e-8a65-ea300a327985
```

2. Open the URL in your browser.
3. Sign in with an account that has the **Global Administrator** role.
4. Review and grant **tenant-wide admin consent**.

{% hint style="success" %}
Example:\
[https://login.microsoftonline.com/**XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX**/adminconsent?client\_id=20429334-d869-476e-8a65-ea300a327985](https://login.microsoftonline.com/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/adminconsent?client_id=20429334-d869-476e-8a65-ea300a327985)

XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX = Replace this with **your own** Tenant-ID\
**20429334-d869-476e-8a65-ea300a327985** = Enterprise-App-ID of **Secure Contacts App**
{% endhint %}

{% hint style="danger" %}
The admin consent page may sometimes get stuck in a loop and not provide feedback. \
To verify the registration:

* Check if the Enterprise Application **"Secure Contacts App"** appears in your Azure AD.
* If you encounter any issues with registering SCA in Azure AD, **contact our support team** for assistance
  {% endhint %}

<div align="left"><figure><img src="/files/SI2sJZe0n2uqIi6ZKoOK" alt="" width="218"><figcaption></figcaption></figure></div>

### Permissions for SCA Enterprise app <a href="#permissions-for-sca-enterprise-app" id="permissions-for-sca-enterprise-app"></a>

In this table you will find all mandatory permissions

<table><thead><tr><th>Graph-Value</th><th>Permission</th><th>Function in SCA</th><th data-hidden></th><th data-hidden></th><th data-hidden></th></tr></thead><tbody><tr><td>Contacts.Read</td><td>Read user contacts</td><td>Personal contacts (APC)</td><td>1</td><td> </td><td> </td></tr><tr><td>Contacts.Read.Shared</td><td>Read user and shared contacts</td><td>Shared Mailbox contacts (SMC)</td><td></td><td></td><td></td></tr><tr><td>Contacts.ReadWrite</td><td>Read and write user contact</td><td>Allows users to create, edit and delete their own personal contacts (APC)</td><td></td><td></td><td></td></tr><tr><td>Directory.Read.All</td><td>Read directory</td><td>List all AD user / contacts (AAD)</td><td>2</td><td> </td><td> </td></tr><tr><td>offline_access</td><td>Maintain access to data you have given it access to</td><td>Default-Requirement for Enterprise App</td><td>3</td><td> </td><td> </td></tr><tr><td>openid</td><td>Sign users in</td><td>Default-Requirement for Enterprise App</td><td>4</td><td> </td><td> </td></tr><tr><td><p>Presence.Read.All</p><p> </p></td><td>Read presence information of all users in your organization</td><td>Teams Status</td><td>6</td><td> </td><td> </td></tr><tr><td><p>User.Read.All</p><p> </p></td><td>View full user profile info</td><td>get UPN of all users and users profile photos (AAD)</td><td>9</td><td> </td><td> </td></tr></tbody></table>

| Dynamics CRM        | Permission                                       | Function in SCA                                             |
| ------------------- | ------------------------------------------------ | ----------------------------------------------------------- |
| user\_impersonation | Access Common Data Service as organization users | Contacts from Dynamic 365  (D365) and from Dataverse (DVRS) |

<table><thead><tr><th width="254.1424560546875">MS Mobile Application Management </th><th>Permission</th><th>Function in SCA</th></tr></thead><tbody><tr><td><a href="/pages/U6gwEH8ABEuTRilX2uE3">DeviceManagementManagedApps.ReadWrite</a></td><td>(Read and Write the User's App Management data / allow app <a href="/pages/U6gwEH8ABEuTRilX2uE3">access to the Intune app protection service</a>)</td><td>Allows SCA to interact with the Intune App Protection service: checking and applying protection policies, reporting compliance status, and enforcing conditional access.</td></tr></tbody></table>

{% hint style="success" %}
SCA permissions are all **Delegated** — the app acts only for the signed-in user.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.secure-contacts.com/documentation/authentication/enterprise-application.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.