The following forum(s) are migrating to a new home on Microsoft Q&A (Preview): Azure Active Directory!

Ask new questions on Microsoft Q&A (Preview).
Interact with existing posts until December 13, 2019, after which content will be closed to all new and existing posts.

Learn More

 none
What causes an Azure AD App to appear under "My apps" vs. "All Apps" (in legacy experience) or "Owned Applications" vs. "All Applications" (in Preview)? RRS feed

  • Question

  • We have an application we develop that runs on a custom domain (let's assume "example.com" for the sake of this question). In addition, this application has three environments -- dev, test, and live -- which we wanted to setup in Azure AD for SSO separately. We have only one Azure AD tenant, and both our main corporate domain (e.g. contoso.com) and the custom domain (again, "example.com" for our purposes here) are registered in that AD tenant.

    For the "dev" environment, we initially created the application in the tenant by going through the "Add an application" wizard under "Azure AD" > "contoso.com" > "Enterprise applications" > "New application" > "Application you're developing". But, when we created the application registration for the "test" environment, we went through "Azure AD" > "contoso.com" > "App registrations (Preview)" > "New registration".

    After creating the "test" app registration, I noticed that in the "App registrations (Preview)" blade, it appears under the "Owned applications" tab while the "dev" app registration did not. Furthermore, in the legacy "App registrations" blade, the "test" app appears under "My apps" while the "dev" app does not.

    Afterwards, I tried deleting both app registrations (under "App registrations (Preview)") and then recreating them both using "Azure AD" > "contoso.com" > "App registrations (Preview)" > "New registration" with an identical subdomain + name as their previous versions (e.g. I created dev as "My App (Dev)" at "dev.example.com" and "test" as "My App (Test) at "test.example.com", just like it was configured BEFORE it was deleted). This resulted in the following two curious behaviors that I cannot explain:

    • Dev still did not appear under "Owned applications" / "My apps", while Test did, despite both being created the same way.
    • The new app registration for "dev" inherited many of the same settings as it had before it was deleted, without my having to set them. For example, I had turned on "implicit grants" and had provided an SSL certificate, and both of those settings were already set on the new app registration after I re-created it; meanwhile, neither of those settings were automatically set for the "test" app registration.

    It's as if the settings for "dev" were not actually deleted when I deleted its registration, and when I named the new instance the same as the old instance, Azure AD just reused the old settings.

    Can someone shed some light on what's happening here? What determines where an app appears? Do settings not get deleted when an app registration is deleted? If you recreate an app with the same name as an older, deleted one, does it automatically inherit those older settings?


    Wednesday, February 20, 2019 1:27 AM

All replies

  • Hello,

    There are two types of objects in Azure which are used by application s in general in Azure AD. 

    1) Service principal object - Displayed under enterprise applications blade

    2) Application object - displayed under app registrations

    You can learn more about these objects here

    Now let's look at the behavior you experienced in parts.

    After creating the "test" app registration, I noticed that in the "App registrations (Preview)" blade, it appears under the "Owned applications" tab while the "dev" app registration did not. Furthermore, in the legacy "App registrations" blade, the "test" app appears under "My apps" while the "dev" app does not.

    You created the "test" app from app registrations(preview), which creates an app registration and explicitly adds you as an owner.

    You created Dev from enterprise applications - which creates a service principal and creates an application object for mapping. In this scenario your user account will not be added explicitly as the owner of the app registration. 

    As you are explicitly added as owner in "test", you will see it under my apps in the legacy blade. 

    Dev still did not appear under "Owned applications" / "My apps", while Test did, despite both being created the same way.

    I am not able to reproduce this. Can you confirm how you deleted "dev" ? from enterprise applications ? or app registrations ?

    The new app registration for "dev" inherited many of the same settings as it had before it was deleted, without my having to set them. For example, I had turned on "implicit grants" and had provided an SSL certificate, and both of those settings were already set on the new app registration after I re-created it; meanwhile, neither of those settings were automatically set for the "test" app registration.

    If you just deleted the service principal object from enterprise applications, the application object will remain and will retain the settings. When you create an app registration , both service principal and application object are created again. 

    Hope this clarifies things a bit. 

    Wednesday, February 20, 2019 7:21 AM
    Moderator