For harvesting Exchange Online mailboxes, IBM
StoredIQ must be registered as a service application with Microsoft.
Before you begin
This procedure requires administrator access to the Microsoft Azure portal.
About this task
Register IBM
StoredIQ to integrate it
with the Microsoft identity platform for secure login and
authorization when accessing Microsoft Exchange Online
volumes.
Procedure
To set up OAuth authentication and obtain the authentication information for
use in IBM
StoredIQ, complete these steps:
-
Log in to https://portal.azure.com.
Make note of the login ID. This user ID is set up as the mailbox impersonator. You'll need
this information for the Exchange Online volume configuration in IBM
StoredIQ.
- Select Azure Active Directory service.
- Select .
- On the Register an application page, enter IBM
StoredIQ as the display name for the application.
- Under Supported account types, select Accounts in any
organizational directory (Any Azure directory - Multitenant).
- Do not specify a redirect URI.
- Click Register.
This generates a unique application
(client) ID that you can see on the Overview page. Make a note of this ID,
you'll need it for the volume configuration in IBM
StoredIQ.
- Configure permissions for the application.
- On the Overview page, select API
permissions from the menu on the left and then click Add a
permission.
- On the Request API permissions page, select Microsoft
APIs. In the Commonly used Microsoft APIs section, look for
Microsoft Graph and select it.
- On the Request API permissions page for Microsoft Graph, select
Delegated permissions.
- Look for EWS and expand that section.
- Select the EWS.AccessAsUser.All checkbox and click
Add permissions.
You return to the API
permissions page, where you can now see the granted permissions
listed.
- On the API permissions page, click Add a
permission.
- On the Request API permissions page, select APIs my
organization uses. Look for Office 365 Exchange Online and select
it.
- On the Request API permissions page for Office 365 Exchange
Online, select Application permissions.
- Look for Other permissions and expand that
section.
- Select the full_access_as_app checkbox and click Add
permissions.
You return to the API permissions
page, where you can now see the granted permissions listed.
- Click Grant admin consent for tenant_name,
where tenant_name is your company’s tenant name.
- Add credentials to the application.
- On the Overview page, select Certificates &
secrets from the menu on the left.
- Click New client secret.
- Optionally, add a description for your client secret.
- Set the client secret to never expire.
- Click Add.
The table now shows the description, the expiration date, and the newly
created client secret value.
Important: Be sure to copy this value for use in IBM
StoredIQ. As soon as you leave this page, the value is
obscured and no longer accessible. You'll need the client secret value for configuring Exchange
Online volumes in IBM
StoredIQ.
- Save all changes.
Results
IBM
StoredIQ is now properly registered
with Microsoft.