Adding Data Sources » Microsoft 365 » Registering Vembu Application with Azure Portal

Registering Vembu Application in the Microsoft Azure portal

  • Create a new application in Azure Active Directory to connect to your Microsoft 365 organizations.

  • By default, all permissions specified under the EWS(Exchange Web Service) API and Microsoft Graph API need to be enabled for performing Microsoft 365 Backup & Recovery.

  • Enable SharePoint REST API permissions only if you want to backup & restore the SharePoint - List Attachments and Site Pages.

Generate Application ID

  • Sign in to the Azure Portal using your Microsoft admin account.

  • Search and locate the Azure Active Directory. On the Active Directory page, select App registrations and click on New registration.

  • The Register an application page will appear and enter the following details to register your application.

    • Name -Enter a display name for the application.

    • Supported account types -Choose the option "Accounts in this organizational directory only"

    • Redirect URI -Select Web for the type of application and enter the redirect URI as "https://localhost".

  • Finally, click on the Register button. The Azure AD assigns a unique Application (client) ID, which is shown on the Overview page to which you will be redirected

Generate Application Password

  • Select Certificates & secrets under Manage on the left pane.

  • Click on New client secret which opens a page - Add a client secret. On this page, choose Never from the Expires option and click Add. This will generate and display the application password

Note: Make sure you copy the password as the portal will display it only once. (You can use the copy to clipboard icon to copy the password).

Permission for EWS(Exchange Web Service) API

Enable the permissions listed below to recover Microsoft 365 Mails.

  • Select API Permissions under Manage on the left pane. Click on the Add a permission option. Then, choose the Exchange option listed under Supported legacy APIs.

  • You need to provide both Delegated permissions and Application permissions.

  • Initially, select Delegated permissions. Use the search bar to find EWS.AccessAsUser.All API and enable the checkbox to provide permission

  • Then, select Application permissions and enable the full_access_as_app API permission.

Permission for Microsoft Graph API

Enable the permissions listed below to access Microsoft 365 Mails, Contacts, Calendars, OneDrive, SharePoint, and Teams data.

  • Choose the Microsoft Graph listed under Commonly used Microsoft APIs. You need to provide both Delegated permissions and Application permissions.

  • Initially, Select the Delegated permissions option. Use the search bar to filter the below-listed APIs and enable their checkbox to provide the API permissions

    • Calendars.ReadWrite.Share

    • Contacts.ReadWrite.Shared

    • Directory.ReadWrite.All

    • Files.ReadWrite.All

    • Group.ReadWrite.All

    • Mail.ReadWrite.Shared

    • Mail.Send

    • Mail.Send.Shared

    • Offline_access

    • People.Read.All

    • Sites.ReadWrite.All

    • User.ReadWrite.All

    • Sites.Manage.All

    • GroupMember.Read.All

    • GroupMember.ReadWrite.All

  • Then, select the Application permissions option and enable permission for the below-listed APIs.

    • Calendars.ReadWrite

    • Contacts.ReadWrite

    • Directory.ReadWrite.All

    • Files.ReadWrite.All

    • Group.ReadWrite.All

    • Mail.ReadWrite

    • Mail.Send

    • People.Read.All

    • Sites.ReadWrite.All

    • User.ReadWrite.All

    • Sites.Manage.All

    • Group.Create

    • GroupMember.Read.All

    • GroupMember.ReadWrite.All

  • Confirm if all permissions have been added to your application registration.

  • Lastly, under Configured permissions, grant admin consent by clicking on the button Grant admin consent for respective companies

  • Now, you have generated both Application ID and Application password with all the required permissions enabled

Information

Note: Application Password is stored in the clipboard and the Application ID is displayed on the Overview page. 


Permission for SharePoint REST API

Information

Note: Follow these steps only if you want to configure backup and restore for SharePoint List Attachments & Site Pages. 


  1. To Backup & Restore the List Attachments, perform the following steps:

    • Navigate to appinv.aspx page from your tenant admin site using the URL: https://[tenant]-admin.sharepoint.com/_layouts/15/appinv.aspx

    • Once the page is loaded, enter the Application (client) ID generated from the Azure application and click on the Lookup button which will auto-fill the other fields.

    • On the App’s Permission Request XML field, enter the following:

      <AppPermissionRequests AllowAppOnlyPolicy="true" >

      <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" / >

      </AppPermissionRequests >

    • Lastly, click Create which will show a permission consent dialog. On that page, click on the Trust It button.

  2. To perform the restore of site pages, perform the following steps:

Parameters to be replaced in the command:

TenantUrl = https://<your tenant>-admin.sharepoint.com/

SiteUrl = https://<your tenant>.sharepoint.com/sites/

Your Client ID = Enter your Application (client) ID displayed on the Overview pane

Your Client Secret = Enter the Application Password that you have generated & copied on the clipboard

Connect-PnPOnline -AppId Your Client ID -AppSecret 'Your Client Secret' -Url TenantUrl

$DenyAddAndCustomizePagesStatusEnum = [Microsoft.Online.SharePoint.TenantAdministration.DenyAddAndCustomizePagesStatus]

$context = Get-PnPContext

$site = Get-PnPTenantSite -Detailed -Url SiteUrl

$site.DenyAddAndCustomizePages = $DenyAddAndCustomizePagesStatusEnum::Disabled

$site.Update()

$context.ExecuteQuery()

Disconnect-PnPOnline

PreviousNext