Enterprise Application
About Enterprise Application Registration
An Enterprise Application in Azure Active Directory (Azure AD) is an app registered in your organization’s directory.
The Secure Contacts App (SCA) needs to be registered as an Enterprise Application to:
Authenticate users securely via Azure AD.
Access organizational data such as contacts, groups, and directory information.
Enable centralized management and compliance of app permissions within your tenant.
Registering SCA ensures that administrators can control access and grant only the permissions necessary for the app to operate safely in the organization.
How to Register the SCA Enterprise Application
There are two ways to register SCA as an Enterprise Application:
1. Via the SCA Homepage
Go to the Secure Contacts App homepage.
In the Admin-Consent section, enter your Azure AD tenant ID and click Add.
Sign in with an account that has the Global Administrator role.
Grant tenant-wide admin consent to complete the registration.
2. Manual Registration via URL
Construct the following URL, replacing
{tenant-id}
with your Azure AD tenant ID:
https://login.microsoftonline.com/{tenant-id}/adminconsent?client_id=20429334-d869-476e-8a65-ea300a327985
Open the URL in your browser.
Sign in with an account that has the Global Administrator role.
Review and grant tenant-wide admin consent.
XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX = Replace this with your own Tenant-ID 20429334-d869-476e-8a65-ea300a327985 = Enterprise-App-ID of Secure Contacts App
The admin consent page may sometimes get stuck in a loop and not provide feedback. To verify the registration:
Check if the Enterprise Application "Secure Contacts App" appears in your Azure AD.
If you encounter any issues with registering SCA in Azure AD, contact our support team for assistance

Permissions for SCA Enterprise app
In this table you will find all mandatory permissions
Contacts.Read
Read user contacts
Personal contacts (APC)
Contacts.Read.Shared
Read user and shared contacts
Shared Mailbox contacts (SMC)
Contacts.ReadWrite
Read and write user contact
Allows users to create, edit and delete their own personal contacts (APC)
Directory.Read.All
Read directory
List all AD user / contacts (AAD)
offline_access
Maintain access to data you have given it access to
Default-Requirement for Enterprise App
openid
Sign users in
Default-Requirement for Enterprise App
Presence.Read.All
Read presence information of all users in your organization
Teams Status
User.Read.All
View full user profile info
get UPN of all users and users profile photos (AAD)
user_impersonation
Access Common Data Service as organization users
Contacts from Dynamic 365 (D365) and from Dataverse (DVRS)
DeviceManagementManagedApps.ReadWrite
(Read and Write the User's App Management data / allow app access to the Intune app protection service)
Allows SCA to interact with the Intune App Protection service: checking and applying protection policies, reporting compliance status, and enforcing conditional access.
SCA permissions are all Delegated — the app acts only for the signed-in user.
Last updated
Was this helpful?