Prepare Office 365 integration

ARM uses the Microsoft Graph API to access Azure AD and OneDrive.

The following permissions are required:

  • Application.ReadWrite.OwnedBy
  • Directory.ReadWrite.All
  • Files.ReadWrite.All
  • Group.ReadWrite.All
  • Member.Read.Hidden
  • User.ReadWrite.All
  • Sites.FullControl.All

 

ARM uses the Office 365 Management API to access OneDrive and SharePoint Online events.

To retrieve events, Office 365 auditing must be enabled. How to enable auditing can be found at Microsoft.

The following permissions are required:

  • ActivityFeed.Read
  • ServiceHealth.Read

 

To assign the required permissions, perform the following steps.

 

Go to the Azure Portal Website (https://ms.portal.azure.com) and log in with admin credentials.

  1. Click "Azure Active Directory".

 

Click "App registrations (Preview)".

 

Add a new app registration.

 

  1. Assign a name to the registration.
  2. Click "Register".

 

  1. Click "Overview".
  2. Copy the Application ID to a file. The Application ID will later be used as the user name to access Azure/O365 resources.
  3. Click "Certificates & secrets".

 

Add a new "Client secret".

 

  1. Enter a description.
  2. Set the expiration date to "Never".
  3. Click "Add".

 

Save the value to a file. The Client secret will later be used as the password to access Azure/O365 resources.

 

Click "API permissions".

 

Click "Add a permission".

 

Click "Microsoft Graph".

 

Click "Application permissions".

 

  1. Enable all of the following permissions:
  • Application.ReadWrite.OwnedBy
  • Directory.ReadWrite.All
  • Files.ReadWrite.All
  • Group.ReadWrite.All
  • Member.Read.Hidden
  • User.ReadWrite.All
  • Sites.FullControl.All
  1. Save your settings.

 

Click "Office 365 Management APIs".

 

Select "Application permissions".

 

  1. Click "expand all".
  2. Enable "ActivityFeed.Read".
  3. Enable "ServiceHealth.Read".
  4. Click "Add permissions".

 

Click "Grant admin consent for...".

 

Confirm the dialog box.

 

If the approval has been given successfully, the Application ID and Client secret can be used to configure Azure resources in ARM.