Configure an Azure App Using Microsoft API

Configure an App in Azure Active Directory, then link the App to CSM.

For more information on Microsoft Graph API use in Azure Active Directory, see https://docs.microsoft.com/en-us/azure/active-directory-b2c/microsoft-graph-get-started?tabs=app-reg-ga.

To set up an Azure App for use with Microsoft Graph authentication:

1. Go to Azure Active Directory on the Azure Portal. You must be an administrator in the Azure account.
2. Add a new App registration.
   1. In the Supported account types section, select Accounts in this organizational directory only.
   2. Create the registration.
3. In the newly registered App, edit the authentication options.
   1. Select Add a platform > Mobile and desktop application.
   2. In the Redirect URLs section, select https://login.microsoftonline.com/common/oauth2/nativeclient, then select the Copy to clipboard icon.
   3. In the Advanced settings section, enable public client flows.
4. Edit the API permissions options.
   1. Select Add a permission, then select Microsoft Graph.
   2. Select Delegated permissions.
   3. Enter mail in the search function under Select permissions. When the search results appear, choose Mail.
   4. Expand the Mail options and select Mail.Read, Mail.ReadWrite, and Mail.Send.
   5. Select Enterprise applications at the bottom of the Configured permissions section.
   6. Select Users and groups from the left menu.
   7. Select Add user/group, then add the Cherwell admin user account.
   8. Grant admin consent to the Cherwell admin user.
5. Note the Application (client) ID and Directory (tenant) ID of the App you created. Find those IDs in the Overview page of the App under Essentials. You will use those when you set up MS Graph authentication in CSM Administrator.