Registering an Azure App

  1. Log in to Azure Portal. If you have access to multiple tenants, use the Settings icon in the top menu to switch to the tenant in which you want to register the application from the Portal settings | Directories + subscriptions menu.

  2. Browse to App Registration and select New registration.

  3. On the App Registration page enter below information and click Register button.
    • Name: Enter a meaningful application name that will be displayed to users of the app.
    • Supported account types: Select which accounts you would like your application to support. You should see the options similar to below. You can select “Accounts in this organizational directory only”.

    • Leave the Redirect URI as empty and Click Register.

  4. Note the Application (client) ID, Directory (tenant) ID values.

  5. Navigate to Manage > Certificates and secrets on the left menu, to create a +New client secret.

  6. Provide a meaningful description and expiry to the secret, and click on Add.
  7. Once a client secret is created, note its Value and store it somewhere safe.
    Note: This value cannot be viewed once you leave this page.

  8. Navigate to Manage > API permissions on the left menu, and Add a permission.

  9. Select Microsoft APIs > Microsoft Graph.

  10. Select Application permissions.

    Permissions required:

    • For Scanning:
      • Microsoft Graph > Application permissions > Mail > Mail.Read.
      • Microsoft Graph > Application permissions > User > User.Read.All
      • Microsoft Graph > Application permissions > DeviceManagementApps > DeviceManagementApps.Read.All
      • Microsoft Graph > Application permissions > MailboxSettings > MailboxSettings.Read
    • For Tagging:
      • Microsoft Graph > Application permissions > Mail > Mail.ReadWrite
  11. Once all the required permissions are added, Grant admin consent to them.