Hello: After diving in I ran into two questions:
1. Authorization / Access Control
I created a new application in Azure, under Directory. I generated a client ID and key and am using them from a console application:
clientCred = new ClientCredential(clientId, clientSecret);
authenticationResult = authenticationContext.AcquireToken(resource, clientCred);
In AAD, I specify only permissions for sign-on and read users' profiles:
Enable sign-on and read users' profiles
Yet, from my console application, using the id and secret I can list AD users, Add AD users, and add licenses. If locking down the app permissions in Azure doesn't do it, where can I limit these permissions?
2. Assigning licenses
More out of curiosity sake, but why does the User.AssignedLicenses object return a setter if it doesn't allow one to set the value on save:
The runtime exception states: AssignedLicense should not specified.
Thanks!