How to consent to an Office 365 service app

Many times you might want to create services which interact with the Microsoft Graph. If your application has an actual web page you will get prompted when you visit and login to do the actual consent. If you have elevated privileges you would tack on &prompt=admin_consent to the URL and then your service can authenticate and do what you need it to.

If you just create an Office 365 entry and have no web application tied to it, this is not automatic.

One approach to get the consent URL is to create a small c# app using ADAL.

string ResourceId = "https://graph.microsoft.com"; // Microsoft Graph End-point
Uri RedirectUri = new Uri("[APP ID URI]");
ClientId = "[O365 App ClientId]";
ClientSecret = "[O365 App ClientSecret]";

var authenticationContext = new AuthenticationContext("https://login.windows.net/common/");
var url = await authenticationContext.GetAuthorizationRequestUrlAsync(ResourceId, ClientId, RedirectUri, UserIdentifier.AnyUser, "prompt=admin_consent");
Console.WriteLine(url);

If you have a multi-tenant app, the above code has to be ran per tenant where the service will act against.