The information below is taken from the manifest file in the App Registration portal

Azure Resource

Resource URL

Resource App ID

Azure AD Graph https://graph.windows.net/ 00000002-0000-0000-c000-000000000000
Microsoft Graph https://graph.microsoft.com/  00000003-0000-0000-c000-000000000000
Azure Key Vault https://vault.azure.net cfa8b339-82a2-471a-a3c9-0fc0be7a4093
Azure Service Management https://management.azure.com/ 797f4846-ba00-4fd7-ba43-dac1f8f63013
Power BI Service https://analysis.windows.net/powerbi/api/ 00000009-0000-0000-c000-000000000000
Azure Storage https://storage.azure.com/ e406a681-f3d4-42a8-90b6-c2b029497af1
Azure DevOps https://app.vssps.visualstudio.com/ 499b84ac-1321-427f-aa17-267ca6975798
Office 365 Management API https://manage.office.com/ c5393580-f805-4401-95e8-94b7a6ef2fc2
Intune https://api.manage.microsoft.com/ c161e42e-d4df-4a3d-9b42-e7a3c31f59d4
SharePoint https://microsoft.sharepoint-df.com/ 00000003-0000-0ff1-ce00-000000000000
Exchange https://outlook.office365.com/ 00000002-0000-0ff1-ce00-000000000000
Azure SQL Database https://database.windows.net/
Microsoft.ServiceBus https://servicebus.azure.net 80a10ef9-8168-493d-abf9-3297c4ef6e3c

Note:
for Azure Key Vault there is no trailing slash in the Resource URL

References:

Authenticate with Azure Active Directory from an application for access to blobs and queues

3 Thoughts to “Common Microsoft First Party Apps resource table”

  1. […] It is the claim code when SharePoint App uploads work for me – it works for other users in my school and I think it should work for all institutions. “SharePoint App” doesn’t have an Author or DisplayName or email address to identifiy it by, just a ‘claim’, whatever that is. I have tracked down the code between the pipes to be the Resource App ID of Sharepoint in the Azure suite – listed here https://blogs.aaddevsup.xyz/2019/07/common-microsoft-first-party-apps-resource-table/ […]

    1. Bac Hoang [MSFT]

      It’s best if you can open a support case with the Sharepoint team so they can help you further.

  2. […] you need to fetch tokens for other audiences than Azure SQL, check out this one here. And if you’d like to change the data source to another type of credentials (i.e. anonymous or […]

Leave a Comment