Register a SharePoint Remote Event Receiver with Azure AD app only identity
Problem:
When you register a remote event receiver with SharePoint using an Azure AD App identity (e.g. using client ID and certificate), the registration will be created successfully, but it never calls the endpoint for your events. For example, if you register a remote event receiver for ‘ItemAdded’ events on a particular list, all appears well until someone adds an item – then nothing actually fires to trigger your registered endpoint.
Solution:
A remote event receiver registered via an Azure AD app will be unable to trigger the endpoint because the Azure AD app doesn’t have any local identity at the SharePoint level.
When the event receiver is triggered, SharePoint checks the author of the remote event receiver’s registration. If the author corresponds to an Azure AD app, SharePoint cannot find a corresponding SharePoint identity and so fails to progress to pass the event over to the endpoint.
You will not face this issue if you have a traditional app registration at SharePoint level as it is registered solely within SharePoint and therefore its identity is known. The issue only occurs if you are using an Azure AD App Registration. However, it is still possible to work around the issue and ultimately use your Azure AD app to connect to SharePoint and register the event receiver – with some trickery!
To resolve the problem, we effectively need to create a SharePoint app only identity (within SharePoint itself) but map it to the already existing identity of the Azure AD app.
Note, that this guide assumes you have already created an Azure AD app registration with SharePoint permissions granted and have the details of this to hand. If you do not have this yet, follow the Microsoft guidance here (or if using PnP PowerShell, see guidance here (using Register-PnPAzureADApp).
Follow the steps below to map your Azure AD app to a SharePoint app:
Step 1: Log in to your Microsoft 365 tenant with a SharePoint admin account (or greater e.g., tenant admin)
Step 2: Navigate to the link below, but don’t forget to update the yellow highlighted section with your tenant’s name:
Step 3: Once you navigate to this link, you will see the following:
Step 4: Add the ‘App Id’ (client ID of the app registration you have created in Azure AD) and click on ‘Lookup’.
Download the FREE guide below for the next steps. This guide has been carefully prepared by our Microsoft 365 consultant with detailed steps and supporting images.
Receive more blogs like this straight into your inbox
Sign up to receive our latest blogs and stay up to date with our latest news, Microsoft 365 updates, events, webinars and workshops.
