External

• https://docs.microsoft.com/en-us/azure/active-directory/develop/developer-glossary#application-registration
• https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app

Internal

Overview

Accessible from Azure console at https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade

Application ID

This surfaces as the an access key credential.

Client Secret

A secret string that the application uses to prove its identity when requesting a token. Also can be referred to as "application password".

Configure Role to allow access Microsoft Azure Resources

• Create custom RBAC role. Subscriptions → subscription in question → Access control (IAM) → + Add → Add Custom Role → JSON:

{
    "properties": {
        "roleName": "integration-testing",
        "description": "",
        "assignableScopes": [
            "/subscriptions/c23f02b9-3dff-48a8-bde9-1508d5ab84ab"
        ],
        "permissions": [
            {
                "actions": [
					"Microsoft.Network/networkSecurityGroups/read", 
					"Microsoft.Network/publicIPAddresses/read"
					],
                "notActions": [],
                "dataActions": [],
                "notDataActions": []
            }
        ]
    }
}

• Assign the role to the app registration. Subscriptions → subscription in question → Role Assignments → Add → Role: Contributor, Assign access to: User, group, or service principal, Select: filter by application registration name.