Enterprise Application

About Enterprise Application Registration

An Enterprise Application in Azure Active Directory (Azure AD) is an app registered in your organization’s directory.

The Secure Contacts App (SCA) needs to be registered as an Enterprise Application to:

  • Authenticate users securely via Azure AD.

  • Access organizational data such as contacts, groups, and directory information.

  • Enable centralized management and compliance of app permissions within your tenant.

Registering SCA ensures that administrators can control access and grant only the permissions necessary for the app to operate safely in the organization.

How to Register the SCA Enterprise Application

There are two ways to register SCA as an Enterprise Application:

1. Via the SCA Homepage

  1. In the Admin-Consent section, enter your Azure AD tenant ID and click Add.

  2. Sign in with an account that has the Global Administrator role.

  3. Grant tenant-wide admin consent to complete the registration.

2. Manual Registration via URL

  1. Construct the following URL, replacing {tenant-id} with your Azure AD tenant ID:

https://login.microsoftonline.com/{tenant-id}/adminconsent?client_id=20429334-d869-476e-8a65-ea300a327985
  1. Open the URL in your browser.

  2. Sign in with an account that has the Global Administrator role.

  3. Review and grant tenant-wide admin consent.

Permissions for SCA Enterprise app

In this table you will find all mandatory permissions

Graph-Value
Permission
Function in SCA

Contacts.Read

Read user contacts

Personal contacts (APC)

Contacts.Read.Shared

Read user and shared contacts

Shared Mailbox contacts (SMC)

Contacts.ReadWrite

Read and write user contact

Allows users to create, edit and delete their own personal contacts (APC)

Directory.Read.All

Read directory

List all AD user / contacts (AAD)

offline_access

Maintain access to data you have given it access to

Default-Requirement for Enterprise App

openid

Sign users in

Default-Requirement for Enterprise App

Presence.Read.All

Read presence information of all users in your organization

Teams Status

User.Read.All

View full user profile info

get UPN of all users and users profile photos (AAD)

Dynamics CRM
Permission
Function in SCA

user_impersonation

Access Common Data Service as organization users

Contacts from Dynamic 365 (D365) and from Dataverse (DVRS)

MS Mobile Application Management
Permission
Function in SCA

DeviceManagementManagedApps.ReadWrite

(Read and Write the User's App Management data / allow app access to the Intune app protection service)

Allows SCA to interact with the Intune App Protection service: checking and applying protection policies, reporting compliance status, and enforcing conditional access.

Last updated

Was this helpful?