Configuring App Registration for the Microsoft 365 Plugin
The Microsoft 365 plugin can be authenticated by either manually entering the client credentials of your Microsoft account or by via Microsoft Entra ID and logging in with your Microsoft account.
While authentication via Microsoft Entra ID is encouraged, if you need to authenticate using client credentials you must first perform the following steps:
Once you have configured app registration, enter your client credentials when configuring the data source.
Set up App Registration
- Log in to the Azure portal.
- In Microsoft Entra ID > App registrations create a new app registration, using the default options (no redirect URI is needed).
- Make a note of the Application (client) ID and the Directory (tenant) ID.
- In Certificates and secrets add a new secret, and make a note of the value.
For more information see Create a Microsoft Entra application and service principal that can access resources
Configure App Registration access to your Microsoft Graph APIs
- Click API permissions > Add a permission
- Click Microsoft Graph from the Microsoft APIs section.
Important: Click Application permissions.
- Add the following permissions:
AuditLog.Read.All
Device.Read.All
Directory.Read.All
Group.Read.All
Reports.Read.All
Sites.Read.All
- If you intend to use Microsoft Intune features when configuring the data source, add the following additional permissions:
DeviceManagementApps.Read.All
DeviceManagementConfiguration.Read.All
Get_Device_Compliance
- Click Add permissions.
- Admin consent is required for these permissions to become active. Click Grant admin consent for <your organization>After adding permissions to your API, you should see the selected permissions under Configured permissions, as shown in the following image.You might also notice the User.Read permission for the Microsoft Graph API. This permission is added automatically when you register an app in the Azure portal.
If you don’t have the necessary rights in Microsoft Entra ID to complete this step, ask a suitable person to grant these permissions.
For more information see Microsoft Quickstart: Configure a client application to access a web API