Office 365 Email Administrative Setup: Difference between revisions
Jspenceratty (talk | contribs) No edit summary |
Jspenceratty (talk | contribs) No edit summary |
||
| Line 34: | Line 34: | ||
# OpenId permissions: | # OpenId permissions: | ||
* email | ** email | ||
* offline_access | ** offline_access | ||
* openid | ** openid | ||
* profile | ** profile | ||
# IMAP | # IMAP | ||
* IMAP.AccessAsUser.All | ** IMAP.AccessAsUser.All | ||
# MailboxSettings | # MailboxSettings | ||
* MailboxSettings.Read | ** MailboxSettings.Read | ||
# Mail | # Mail | ||
* Mail.Read | ** Mail.Read | ||
* Mail.Read.Shared | ** Mail.Read.Shared | ||
* Mail.ReadWrite | ** Mail.ReadWrite | ||
* Mail.ReadWrite.Shared | ** Mail.ReadWrite.Shared | ||
* Mail.Send | ** Mail.Send | ||
** Mail.Send.Shared | |||
# POP | # POP | ||
* POP.AccessAsUser.All | ** POP.AccessAsUser.All | ||
# SMTP | # SMTP | ||
* SMTP.Send | ** SMTP.Send | ||
# User | # User | ||
* User.Read | ** User.Read | ||
Click "Add permissions" at the bottom of the "Request API permissions" box. | Click "Add permissions" at the bottom of the "Request API permissions" box. | ||
Revision as of 19:04, 9 December 2022
Office 365 Azure Active Directory Setup
In the Azure Active Directory menu, click on "App registrations"
At the top of the "App registrations" page, click on the "+ New Registration" link
In the "Register an application" page:
- Enter a "Name" for the application, for example, "Prime 16 Email Application".
- Leave the "Supported account types" selection of "Accounts in this organizational directory only".
- In "Redirect URI", choose "Public client/native (mobile & desktop)" and enter "http://localhost:3017" in the next box.
- Click the "Register" button
This should return you to the new app registration. Your chosen Name for the application should appear at the top of the form. Now click on the "API permissions" link
In the "API permissions" page, click on the "+ Add a permission" link
In the "Request API permissions" box, select "Microsoft Graph"
When asked "What type of permissions does your application require?", choose "Delegated permissions"
From the resulting list below that, check the box next to the following options;
- OpenId permissions:
- offline_access
- openid
- profile
- IMAP
- IMAP.AccessAsUser.All
- MailboxSettings
- MailboxSettings.Read
- Mail.Read
- Mail.Read.Shared
- Mail.ReadWrite
- Mail.ReadWrite.Shared
- Mail.Send
- Mail.Send.Shared
- POP
- POP.AccessAsUser.All
- SMTP
- SMTP.Send
- User
- User.Read
Click "Add permissions" at the bottom of the "Request API permissions" box.
The resulting page should look like this:
Click "+ Add a permission" link in the "API permissions" page.
This time, select "APIs my organization uses" at the top. In the search box, enter "Office 365 Exchange Online". Choose the resulting entry, then choose "Delegated permissions". Then, in "EWS" select the "EWS.AccessAsUser.All" entry. Choose "Add permissions" at the bottom.
Click the "Grant admin consent for kempscaseworks.com" at the top of the "API permissions page". And choose yes. This will keep users from seeing the "Do you grant consent to this application page" when they attempt to use the Email system
Run a PowerShell box as an Administrator and then type the following
Install-Module -Name ExchangeOnlineManagement
After that is run, type the following
Import-module ExchangeOnlineManagement
After that is run, type the following, replacing <tenantId> with the tenant Id as shown in the App registration overview page
Connect-ExchangeOnline -Organization <tenantId>
And finally, type the following, replacing <APPLICATION_ID>, <OBJECT_ID> with the values from the App registration overview page
New-ServicePrincipal -AppId <APPLICATION_ID> -ServiceId <OBJECT_ID> [-Organization <ORGANIZATION_ID>]