The Case

I am building an Azure Function that shall communicate with SharePoint Online using CSOM. The function shall have access to read and write information to lists in a specific SharePoint site collection. When you are using the standard method for creating a new SharePoint App Registration using the form located under /_layouts/15/AppRegNew.aspx, the app registration will expire in one yar, but  I want to make sure that the app registration never expires. The Solution is to create an Azure AD Application instead, and invoke this in SharePoint.

Configuration of a SharePoint App using Azure AD Application

To be able to register a SharePoint App that never expires you can follow the steps below. In a usual app registration in SharePoint, you first navigate to AppRegNew.aspx, but this can be replaced with an Azure AD App registration instead.

• Log in to portal.azure.com with an administrator account
• Navigate to Azure Active Directory
• Choose ”App registrations” from the left menu and click ”New registration”
• Fill in the form and register the application
• When the app has been created choose “Certificates & secretes” in the menu
• Create a new client secret, give it a description and choose “Never” expires
• Copy the client secret that was created and store it in a safe place

After the client secret with the never expires flag has been created, do the following:

• Go to the overview of the application and copy the Client ID
• Navigate to the SharePoint-site where you want to use invoke the application and open the https://[mytenant].sharepoint.com/sites/[sitename]/_layouts/15/appinv.aspx
• Fill in the form using the necessary and register the app

Choose to trust the app in the next step, and you are set to go. You can now use the Client ID and Client Secret to authenticate against the chosen SharePoint app from your Azure Function (or any other external component/service).