# Create Microsoft Entra ID application To complete the steps below, you must have a Microsoft Azure subscription and account. If you don't have a subscription, you need to purchase one first. ## **Create an Microsoft Entra ID application** An Microsoft Entra ID application is used with the role-based access control. You need to create an Microsoft Entra ID application to access resources in your subscription from Parallels RAS. To create an Microsoft Entra ID application: 1. Log in to the Microsoft Azure portal. 2. Open the portal menu and select **Microsoft Entra ID**. 3. In the left pane, select **App registrations**. 4. Click **New registration** (at the top of the right pane). 5. The **Register an application** blade opens. 6. In the **Name** field, type a name you want to use for the application. 7. In the **Redirect URI (optional)** section, make sure that **Web** is selected in the drop-down list. Leave the URI field empty. 8. Click **Register** (at the bottom left). 9. The new Microsoft Entra ID app is created and its blade is displayed in the portal. Note the following app properties, which are displayed at the top of the right pane: * **Display name** * **Application (client) ID\*** * **Directory (tenant) ID\*** * **Object ID\*** **\*** Copy and save these properties. You will need to specify them later when adding Azure as a Provider in the RAS Console. ## **Create a client secret** A client secret is a string that the application uses to prove its identity when requesting a token. It essentially acts as an application password. You will need to specify this string in the RAS Console when adding Azure as a Provider. To create a client secret: 1. If you are not on the application page anymore, navigate to it from the **Home** page by selecting **Microsoft Entra ID** > **App registration** and then clicking the app in the right pane. 2. In the left pane, click **Certificates & secrets**. 3. In the right pane, click **New client secret**. 4. Type a client name and select a desired expiration option. 5. Click **Add**. The new client secret appears in the **Client secrets** list. 6. **IMPORTANT:** Copy and save the client secret (the **Value** column). If you leave this page without copying the secret, it will be hidden and you will not be able to retrieve it later. ## **Give the application read and write access to resources** The Microsoft Entra ID app that you created must have read and write access to Azure resources. The following instructions demonstrate how to give the application read and write access to a resource group. You can also give access to a specific resource or to your entire Azure subscription. For more information, please see the Microsoft Azure documentation. To give the app write access to the resource group where new VMs will reside: 1. In the Azure portal menu, select **Resource groups**. 2. Click a resource group where the new VMs will reside. 3. In the left pane, select **Access control (IAM)**. 4. In the right pane, locate the **Grant access to this resource** box and click **Add role assignment**. 5. On the **Role** tab of the **Add role assignment** page, select **Privileged administrator roles**, then the **Contributor** role. 6. Click **Next**. 7. On the **Members** tab, select the **User, group, or service principal** option. 8. Click on the **Select members** link and enter the name of the previously created application in the **Select** field. Select the application in the drop-down list and click **Select**. 9. Click **Next**. 10. On the **Review + assign** tab, confirm that the configuration is correct and click **Review + assign**. To give the app read access to the resource group: 1. Repeat steps 1-4 from the list above. 2. On the **Role** tab of the **Add role assignment** page, select **Job function roles**, then the **Reader** role. 3. Repeat steps 6-10 from the list above. **Note:** If you would like to give the application read access to your entire subscription (not just a specific resource groups), select **All services** in the Azure portal menu, then navigate to **Categories** > **All** > **Subscriptions** and select your subscription. Select **Access control (IAM)** in the middle pane and click **Add** in the **Add a role assignment** box. Repeat steps 2-4 from the list above. ## **Finding your Microsoft Azure subscription ID** When you'll be adding Microsoft Azure as a Provider in the RAS Console, you will need to specify your Azure subscription ID. If you don't remember it, here's how to find it in the Microsoft Azure portal: 1. In the portal menu, choose **All services**. 2. In the **Categories** list, click **All**. 3. In the right pane, click **Subscriptions**. 4. Click a subscription and then copy and save the value from the **Subscription ID** field. ## **Summary** When you complete all of the above steps, you should have the following values saved and ready to be used to add Microsoft Azure as a Provider in the RAS Console: * **App (client) ID:** Application ID. * **Directory (tenant) ID:** Tenant ID. * **Client secret:** Client secret (application key). * **Subscription ID:** Your Microsoft Azure subscription ID. Read on to learn how to add Microsoft Azure as a Provider in the RAS Console. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.parallels.com/landing/ras-admin-guide/v19-en-us/parallels-ras-19-administrators-guide/virtual-desktop-infrastructure-vdi/add-a-provider/add-a-cloud-provider/microsoft-azure/create-microsoft-entra-id-application.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.