Before installing the Office 365 2.0 service module, the app has to be registered. This can be done by either the tenant/customer or the MSP. If done by the tenant/customer, the tenant/customer must consent to allow the MSP to access the data.
If the tenant/customer wants to register the app themselves, they can follow the To register the app with Entra ID procedure below, which includes granting the MSP permission to access their data.
If the tenant/customer wants their MSP to register the app, they should follow the To request consent to access data if application was registered by the MSP procedure.
To register the app with Entra ID
Log in to https://portal.azure.com/ as a system administrator.
In the left navigation bar, click Entra ID .
Click App Registrations .
Click New Registration .
Type a name.
In the Supported account types section, select Accounts in any organizational directory.
In the Redirect URI (optional) section, leave the default as Web. Type a Redirect URL, for example:
https://localhost:12345.
The redirect URL is not used but must be entered and be in the correct format.Click Register.
Make note of the Application (client) ID and the Directory (tenant) ID provided at top of page.
Click API Permissions , then Add a permission .
Click the Microsoft Graph panel, then Application permissions.
Select the check boxes the following application permissions for Microsoft Graph:
Directory.Read.All
Group.Read.All
MailboxSettings.Read
Mail.Read
Reports.Read.All
Sites.Read.All
User.Read.All
Click Add Permissions.
Click Add a permission , click Office 365 Management APIs, then Application permissions.
Select ServiceHealth.Read.
Click Add Permissions.
Click Grant admin consent for at bottom of page and then consent by clicking Yes at the top of the page.
Click Certificates & secrets section, then click New Client Secret.
Type a description and select expiry options. Click Add.
Save the value as the Client Secret.
The client secret will never be displayed again so ensure you save it.In the Overview section , save the application id as the Client Id.
If this procedure was performed by the MSP, proceed to the To request consent to access data if application was registered by the MSP procedure below.
To request consent to access data if application was registered by the MSP
Create a URL with the following format:
https://login.microsoftonline.com/<tenant>/adminconsent?client_id=<id>&state=1234&redirect_uri=https://localhost:44321
where <tenant> is the name of the tenant/customer and <id> is the client id of the tenant/customer.Email or message the URL to the tenant/customer who has the authority to consent for the MSP to access data.
The tenant/customer will use the URL to grant consent for the MSP to access their data.