Currently writing an Azure function using Python and REST calls that will:
- Get a service principal (passed as a parameter)
- Generate a new secret for said service principal
- Get a keyvault (passed as a parameter)
- Add access policy to kevault to allow the storage of the new secret
- Set the secret in the keyvault with an appropriate name (supplied as a parameter)
I've got it working down to step 4. For step 4, I'm using the following API: https://docs.microsoft.com/en-us/rest/api/keyvault/vaults/updateaccesspolicy
The REST payload is asking for an objectID, which turns on to be the objectID of the ENTERPRISE APP, and not the application registration. I've been able to successfully set the secret using that with test code.
My question is - how do you retrieve the Enterprise App's Object ID? I've been looking at the Graph API, but the only endpoint I can find is this one: https://docs.microsoft.com/en-us/graph/api/application-get?view=graph-rest-1.0&tabs=http
This endpoint retrieves the application registration object, not the enterprise application object. How do I get the Enterprise app object id?
