Configuring the Microsoft Graph API

enaio® mail-archive-service 11.0 »

enaio® mail-archive-service uses Graph API to communicate with Microsoft Exchange. The following configurations are needed to establish the connection and ensure data transmission:

Registering the Application in the Azure Portal

  • Sign in to the Azure portal.

  • Open the App registrations service from the Azure home screen.

  • Click New registration.

  • Enter the name of your application and select the supported type in the 'Register an application' form that opens. We recommend limiting the application to the single tenant that uses it. Complete the registration process by clicking Register.

The application will be displayed in the list of applications.

 

Configuring the Login Credentials

  • Sign in to the Azure portal.

  • Open the App registrations service from the Azure home screen and click your application.

    The dialog displays the credentials for your application. The following values are required for the configuration files masmailbox-prod.yml and masstorage-prod.yml:

    • Application (client) ID

      • In each case, enter the value as the value of the mas.graph.service.client-id parameter.

    • Directory (tenant) ID

      • In each case, enter the value as the respective value of the mas.graph.service.tenant-id parameter.

  • Click Certificates & secrets.

  • Click New client secret.

  • Enter a description and an expiration date.

    The value is displayed for a short time. Copy the value.

    • In each case, copy the value and enter it as the value of the mailbox-journaling.mailbox.secret parameter.

The value is only displayed for a short time. If you did not manage to copy the value, then delete the client secret and create a new one.

Permissions – Table

Permissions Journaling SMTP Journaling mailbox Create reference documents Mailbox archiving
Mail.ReadWrite   x x x
User.Read   x x x
User.Read.All   x x x
Domain.Read.All     x x
Group.Read.All    

x*

*If group mailboxes are used.

 x

Configuring Permissions

  • Sign in to the Azure portal.

  • Open the App registrations service from the Azure home screen and click your application.

  • Click API permissions.

  • Click Add a permission.

  • Click Microsoft Graph.

  • Click Application permissions in the dialog.

  • Click Mail.ReadWrite in the Mail section.

  • Click User.Read.All in the User section.

  • All of the following permissions must be granted for your current tenants:

    Mail.ReadWrite, User.Read, User.Read.All, Directory.Read.All, Domain.Read.All, Domain.ReadWrite.All, Group.Read.All.