问题
I want to create a service that can deny\revoke access to a user's mobile mail application.
To be specific, I want to temporarily revoke access to a mobile mail client app (like Nine) using office365 online exchange mail, which is authenticated as an Azure Active Directory application.
So far I figured out how to do similar or partial actions:
I can manually revoke azure AD apps using this link: https://account.activedirectory.windowsazure.com/applications/default.aspx
But I didn't find an API for managing azure applications.
I read through the 'Azure AD Graph API reference', but didn't find any way to delete, update a user's details or even to reset its password.
I also looked at the office 365 API catalog, in which most of the APIs are for handling the user's contacts, calendar, mails etc... but no API for manging users. https://msdn.microsoft.com/office/office365/api/api-catalog
Which API should I use in order to handle outlook/AD users or their authorized applications?
回答1:
If you want to disable the application which integrate with Azure AD through OAuth 2.0, we can disable it as figure below through the new portal:
Switch your Azure active directory->All applicaitons->Select the application you want to manage->Properties->Set the option Enabled for users sign-in to NO.
We can also use the Azure AD Graph to change this option. Here is the sample request for your reference. And this rest require the permission of Directory.AccessAsUser.All, we need to register an app and assign this permission to the app and login-in with the admin account.
PATH: https://graph.windows.net/{tenantId}/servicePrincipals/{servicePrincipalId}?api-version=1.6
authorization: bearer {access_token}
{
"accountEnabled":false
}
来源:https://stackoverflow.com/questions/41328944/azure-ad-disable-a-clients-application