Configuring the Microsoft Graph API
enaio® mail-archive-service uses Graph API to communicate with Microsoft Exchange. The following configurations are needed to establish the connection and ensure data transmission:
Registering the Application in the Azure Portal
-
Sign in to the Azure portal.
-
Open the App registrations service from the Azure home screen.
-
Click New registration.
-
Enter the name of your application and select the supported type in the 'Register an application' form that opens. We recommend limiting the application to the single tenant that uses it. Complete the registration process by clicking Register.
The application will be displayed in the list of applications.
Configuring the Login Credentials
-
Sign in to the Azure portal.
-
Open the App registrations service from the Azure home screen and click your application.
The dialog displays the credentials for your application. The following values are required for the mailjournaling-prod.yml configuration file:
- Application (client) ID
- Directory (tenant) ID
Enter the value as the value of the mailbox-journaling.mailbox.client-id parameter.
Enter the value as the value of the mailbox-journaling.mailbox.tenant-id parameter.
-
Click Certificates & secrets.
-
Click New client secret.
-
Enter a description and an expiration date.
The value is displayed for a short time. Copy the value.
Copy the value and enter it as the value of the mailbox-journaling.mailbox.secret parameter.
The value is only displayed for a short time. If you did not manage to copy the value, then delete the client secret and create a new one.
Configuring Permissions
-
Sign in to the Azure portal.
-
Open the App registrations service from the Azure home screen and click your application.
-
Click API permissions.
-
Click Add a permission.
-
Click Microsoft Graph.
-
Click Application permissions in the dialog.
-
Click Mail.ReadWrite in the Mail section.
-
Click User.Read.All in the User section.
-
All of the following permissions must be granted for your current tenants:
Mail.ReadWrite, User.Read.All, Directory.Read.All, Domain.Read.All, Domain.ReadWrite.All, Group.Read.All.