To protect an Office 365 application, you must register the application with Azure Active
Directory and grant appropriate permissions. When you register a new application with Azure Active
Directory, the application credentials such as application ID and application secret are made
available on the Azure Active Directory portal.
Before you begin
Take the following actions:
- Ensure that you have an active Office 365 subscription.
- Ensure that you have an Office 365 administrative user ID and password.
Procedure
-
Go to the Office 365 welcome page and sign in to your Microsoft account by using your Office
365 administrative user ID and password.
-
To open the Azure Active Directory admin center, in the left pane, click the ellipsis to expand
the Show all menu, and then click .
-
To open your tenant dashboard, in the left pane of the Azure Active Directory admin center,
click Azure Active Directory.
-
In the tenant dashboard menu, click App registrations and then click New
registration.
-
To specify a user-facing name for the Office 365 application, on the "Register an application"
page, enter a name in the Name field.
-
Use the default options for the remaining fields, and click Register. The app
registration is set up with the user-facing name that you entered.
-
To obtain the application (client) ID, and directory (tenant) ID string, click
. Then, copy the application
ID string and directory ID. These strings will be required later, when you register the Office 365
application with IBM Spectrum Protect Plus.
-
To create a client secret for this application ID, click Certificates & secrets >
New client secret.
-
On the "Add a client secret" pane, enter any user name in the
Description field, and click Add. A client secret is
generated, and the value is then displayed in the Client secrets pane.
-
Copy the client secret to the clipboard by using the copy facility next to the
Client secret value field. This character string is also used for
registration with IBM Spectrum Protect Plus.
-
To add permissions for this application ID, click API permissions > Add
permissions.
-
Specify permissions for each API in the following table by taking the following actions. Select
the API name, for example, Azure Active Directory Graph.
- For permission name User.Read.All, select the Delegated Permissions
type.
- For the remaining permissions, select the Application Permissions type for each
permission name for the API in the table.
API |
Permission name |
Azure Active Directory Graph |
User.Read.All |
Azure Active Directory Graph |
Directory.Read.All |
Exchange |
full_access_as_app |
Microsoft Graph |
Calendars.ReadWrite |
Microsoft Graph |
Contacts.ReadWrite |
Microsoft Graph |
Files.ReadWrite.All |
Microsoft Graph |
Mail.ReadWrite |
Microsoft Graph |
Sites.Read.All |
Microsoft Graph |
User.Read |
Microsoft Graph |
User.Read.all |
- To save the selected permissions, click Grant admin consent for
<your organization name>.