To protect a Microsoft 365 application, you must register the application with Azure Active Directory and grant appropriate permissions. When you register a new application with Azure Active Directory, the application credentials such as application ID and application secret are made available on the Azure Active Directory portal.
Before you begin
Take the following actions:
- Ensure that you have an active Microsoft 365 subscription.
- Ensure that you have a Microsoft 365 administrative user ID and password.
Tip: You can use an automated process to register and configure the Microsoft Azure
Active Directory application. For instructions, see
technote 6437493.
Procedure
-
Go to the Microsoft 365 welcome page and sign in to your account by using your Microsoft 365 administrative user ID and password.
-
To open the Azure Active Directory admin center, in the left pane, click the ellipsis to expand
the Show all menu, and then click .
-
To open your tenant dashboard, in the left pane of the Azure Active Directory admin center,
click Azure Active Directory.
-
In the tenant dashboard menu, click App registrations and then click
New registration.
-
To specify a user-facing name for the Microsoft 365 application, on the "Register an application" page, enter a name in the Name field.
-
Use the default options for the remaining fields, and click Register.
The app registration is set up with the user-facing name that you entered.
-
To obtain the application (client) ID and directory (tenant) ID string, click . Then, copy the application ID string and directory ID. These strings will be required later, when you register the Microsoft 365 application with IBM Spectrum® Protect Plus.
-
To create a client secret for this application ID, click Certificates &
secrets > New client secret.
-
In the "Add a client secret" pane, enter any username in the Description
field, and click Add. A client secret is generated, and the value is
displayed in the "Client secrets" pane.
-
Copy the client secret to the clipboard by using the copy facility next to the
Client secret value field. This character string is also used for registration with IBM Spectrum Protect Plus.
-
To add permissions for this application ID, click API permissions >
Add permissions.
-
Specify permissions for each API in the following table by taking the following actions:
-
Select the API name, for example, Azure Active Directory
Graph.
- For the permission name User.Read.All, select the Delegated
Permissions type.
-
For the remaining permissions, select the Application Permissions type
for each permission name for the APIs that are listed in the table.
API |
Permission name |
Azure Active Directory Graph |
Directory.Read.All |
Azure Active Directory Graph |
User.Read.All |
Office 365 Exchange Online |
full_access_as_app |
Microsoft Graph |
Calendars.ReadWrite |
Microsoft Graph |
Contacts.ReadWrite |
Microsoft Graph |
Files.ReadWrite.All |
Microsoft Graph |
Mail.Read |
Microsoft Graph |
Mail.ReadWrite |
Microsoft Graph |
Mail.Send |
Microsoft Graph |
Sites.Read.All |
Microsoft Graph |
User.Read |
Microsoft Graph |
User.Read.All |
Microsoft Graph |
User.ReadWrite.All |
-
To save the selected permissions, click Grant admin consent for your
organization name, where your organization name specifies
the name of your organization.