Prepare Office 365 integration

ARM uses the Microsoft Graph API to access Azure AD and OneDrive.

The following permissions are required:

  • Application.ReadWrite.OwnedBy
  • Directory.ReadWrite.All
  • Files.ReadWrite.All
  • Group.ReadWrite.All
  • Member.Read.Hidden
  • User.ReadWrite.All
  • Sites.FullControl.All

 

ARM uses the Office 365 Management API to access OneDrive and SharePoint Online events.

The following permissions are required:

  • ActivityFeed.Read
  • ServiceHealth.Read

 

To assign the required permissions, perform the following steps.

 

Go to the Azure Portal Website (https://ms.portal.azure.com) and log in with admin credentials.

  1. Click "Azure Active Directory".

 

Click "App registrations (Preview)".

 

Add a new registration.

 

  1. Assign a name to the registration.
  2. Click "Register".

 

  1. Click "Overview".
  2. Copy the Application ID to a file. The Application ID will later be used as the user name to access Azure/O365 resources.
  3. Click "Certificates & secrets".

 

Add a new "Client secret" .

 

  1. Enter a description.
  2. Set the expiration date to "Never".
  3. Click "Add".

 

Save the value to a file. The Client secret will later be used as the password to access Azure/O365 resources.

 

Click "API permissions".

 

Click "Add a permission".

 

Click "Microsoft Graph".

 

Click "Application permissions".

 

  1. Enable all of the following permissions:
  • Application.ReadWrite.OwnedBy
  • Directory.ReadWrite.All
  • Files.ReadWrite.All
  • Group.ReadWrite.All
  • Member.Read.Hidden
  • User.ReadWrite.All
  • Sites.FullControl.All
  1. Save your settings.

 

Click "Office 365 Management APIs".

 

Select "Application permissions".

 

  1. Click "expand all".
  2. Enable "ActivityFeed.Read".
  3. Enable "ServiceHealth.Read".
  4. Click "Add permissions".

 

Click "Grant admin consent for...".

 

Confirm the dialog box.

 

If the approval has been given successfully, "Application ID" and "Client secret" can be used.

 

  1. In an Azure-AD or OneDrive configuration, click the Scan credentials link.
  2. Enter the previously saved "Application ID" as the user name.
  3. Enter the previously saved "Client secret" as the password.