Create a Custom Azure App

To create a custom app, follow the steps below:

1. Go to Microsoft Entra admin center (or Microsoft Azure portal)
2. Navigate to Identity > Applications > App registrations > New registration (or Microsoft Entra ID > App registrations > New registration).
3. On the Register an application page, enter your application’s registration information:
   • Name – Enter a name for the custom application.
   • Supported account types – Select which accounts you would like this application to support.
   • Redirect URI – This field is required when you create a custom Azure app with delegated permissions. Enter the following URL:
     • Commercial production environment: https://sp4c.storage-defender.ibm.com
4. Click Register to create the custom application.
5. Click the created custom application, and click API permissions.
6. Click Add a permission to add permissions to the app.

   The permissions that you need to grant to the custom app vary with the different cloud services your tenant is using. Refer to the API Permissions Required by Custom Apps section to view the required permissions for your services.

7. Click Grant admin consent for [Tenant name] to grant admin consent. After you have successfully granted admin consent for the requested permissions, the Status will be Granted for [Tenant name].
8. The application uses certificate authentication. Complete the following steps to upload your organization’s public certificate (the .cer or .crt file types are recommended):
   Note: If your organization does not have any certificates, you can refer to Prepare a Certificate for the Custom Azure App to prepare a self-signed certificate.

   1. Locate your organization’s certificate and export the certificate as a .cer file.
   2. Go to Microsoft Entra admin center (or Microsoft Azure portal), select the application, and click Certificate & secrets.
   3. In the Certificates section, click Upload certificate.
   4. Select the .cer or .crt file and click Add.
   5. After the certificate file is successfully uploaded, it will be listed in the Certificates section.

   Then, refer to the Create an App Profile section to create an app profile in the Custom mode. If necessary, you can Configure a Best Practice Conditional Access Policy for Custom Apps in Azure.