Configuring App Registration for the Microsoft 365 Plugin

The Microsoft 365 plugin can be authenticated by either manually entering the client credentials of your Microsoft account or by via Microsoft Entra ID and logging in with your Microsoft account.

While authentication via Microsoft Entra ID is encouraged, if you need to authenticate using client credentials you must first perform the following steps:

  1. Set up App Registration
  2. Configure App Registration access to your Microsoft Graph APIs

Once you have configured app registration, enter your client credentials when configuring the data source.

Set up App Registration

  1. Log in to the Azure portal.
  2. In Microsoft Entra ID > App registrations create a new app registration, using the default options (no redirect URI is needed).
  3. Make a note of the Application (client) ID and the Directory (tenant) ID.
  4. In Certificates and secrets add a new secret, and make a note of the value.
    For more information see Create a Microsoft Entra application and service principal that can access resources.

Configure App Registration access to your Microsoft Graph APIs

  1. Click API permissions > Add a permission.
  2. Click Microsoft Graph from the Microsoft APIs section.

  3. Important: Click Application permissions.

  4. Add the following permissions:
    • AuditLog.Read.All
    • Device.Read.All
    • Directory.Read.All
    • Group.Read.All
    • Reports.Read.All
    • Sites.Read.All
  5. If you intend to use Microsoft Intune features when configuring the data source, add the following additional permissions:
    • DeviceManagementApps.Read.All
    • DeviceManagementConfiguration.Read.All
    • DeviceManagementManagedDevices.Read.All
    • Get_Device_Compliance
  6. Click Add permissions.
  7. Admin consent is required for these permissions to become active. Click Grant admin consent for <your organization>

    If you don’t have the necessary rights in Microsoft Entra ID to complete this step, ask a suitable person to grant these permissions.

    After adding permissions to your API, you should see the selected permissions under Configured permissions, as shown in the following image.
    You might also notice the User.Read permission for the Microsoft Graph API. This permission is added automatically when you register an app in the Azure portal.

    For more information see Microsoft Quickstart: Configure a client application to access a web API.

Was this article helpful?

Have more questions or facing an issue?
Submit a ticket