This article shows you how to add and register an application using the App registrations experience in the Azure portal so that your app can be integrated with the Microsoft identity platform. In this article the purpose for the application registration is for the reading mailboxes with the 4Exchange application with the use of MS Graph API.

For more information regarding Azure applications usage in general please see:

https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app 

For more information regarding the MS Graph API please see:

https://developer.microsoft.com/en-us/graph 

1. Application registration Steps

The following steps are needed for the registration of the Azure application. These are based on the usage of the 4Exchange application for reading out mailboxes.

1. Log in to the Microsoft Entra ID admin center of your tenant with administrator privileges.
2. On the home screen go to: Microsoft Entra ID.
3. On the left side navigate to “App registrations”.
4. Click on “New Registration”
5. Give the application a name (best practice would be to include the purpose of the application). Support accounts types should be set as shown below. Redirect URL is not needed for 4Exchange.
6. Click on “Register”. Now the application is created, we need to set the correct API permissions for the application. These are based on the permissions 4Exchange will need for the read email process.
7. On the left-hand side go to “API permissions” and add the permissions as shown below:
8. Admin consent is needed after adding these permissions. Use the button “Grant admin consent for <active directory name>” or if this step needs to be done by another administrator please forward this request.
9. Go the “Overview”
10. On this page please copy the values of :
    1. “Application (client) ID” 
    2. “Directory (tenant)ID”. 
       These values are needed by the consultant for the configuration of 4Exchange.
11. Go to “Certificates & Secrets” On this page a new Client secret must be created, this can be done with the button “New client secret”.
    Important: Once this is created please copy this value and save this on a secure environment or password solution. This value is needed by the 4Exchange consultant for the configuration!
12. The application registration process is now done.
13. Share the following keys with the consultant
    1. “Application (client) ID”
    2. “Directory (tenant)ID”
    3. "Client Secret Value" (identified by a ~ in the key)

2. Exchange Group Configuration

For the mailboxes that 4Exchange needs to read we need to create a new “Mail security group” in the Exchange Admin center.

1. Log in to the Exchange admin center of your tenant with administrator privileges.
2. Go to “Groups” on the welcome page
3. Click on the arrow down button and select ”Mail-enabled security group”
4. Fill on the required fields on this page:
   The value of the field “Alias” will be used later on, please save this value temporarily.
5. Navigate to “Membership”
6. With the “+” button you can add Members to this mail security group.
   1. These members should contain all the users/mailboxes that 4Exchange needs to read.
7. Finally click on “save”

3. Link Exchange Group to Application 

Now we have created:

• Azure application with the correct API permissions. The following keys are saved and shared with the 4Exchange consultant:
  • Application (client) ID
  • Directory (tenant) ID
  • Client secret value
• Exchange mail security group with correct memberships (mailboxes needed for 4Exchange)