Skip to main content

Azure Portal Configuration

Updated over a week ago

Before setting up a Client with M365 and/or SharePoint tenancies, a client needs to configure their respective Azure Portal first to be able to successfully connect to Arma M365 tenancies.

In your browser, go to the Azure Portal - https://portal.azure.com/, here you will land on the following page -

On this landing page, you will see 'Microsoft Entra ID', this is where we will set up and configure the Azure portal to connect to the Arma M365, OneDrive and SharePoint tenancy.

In the left hand pane, expand out 'Manage' to select 'App registrations'

Here you will find any existing registration/s or if no registration is set up yet, you can create a new App registration

Select 'New registration'

This will open a new page where you can name the registration and select who can use and/or access this application or API. In this particular scenario we will setup this registration as a single tenant. Select 'Register' at the bottom of the page

After the registration, you will land on the App registrations Overview page. Here you can configure this registration to tailor what is needed to successfully connect to Arma.

Add API app permissions for Microsoft Graph.

In this particular set up, we will be using Microsoft Graph API permissions, select 'Microsoft Graph' under 'Microsoft APIs' on the right of the screen.

This will open another page where you can pick between 'Delegated permissions' and 'Application permissions' - Select as per table below.

There is a list of permissions to pick from and this is where you can tailor which API calls to make, whether it is view and/or read-only or read/write privileges for each API call.

The following Microsoft Graph API Permissions need to be added from the Azure Portal:

API / Permissions name

Type

Admin consent required

Application.Read.All

Application

Yes

Calendars.ReadBasic.All

Application

Yes

Calendars.ReadWrite

Application

Yes

Contacts.ReadWrite

Application

Yes

Files.ReadWrite.All

Application

Yes

Mail.ReadBasic.All

Application

Yes

Mail.ReadWrite

Application

Yes

Reports.Read.All

Application

Yes

User.Read

Delegated

No

User.Read.All

Application

Yes

Sites.ReadWrite.All

Application

Yes

MailboxSettings.Read

Application

Yes

The following SharePoint Permissions are also required

API / Permissions name

Type

Admin Consent Required

Sites.FullControll.All

Application

Yes

Sites.Manage.All

Application

Yes

Sites.ReadWrite.All

Application

Yes

Select 'Add permissions' to save the selections being made.

Once the permissions have been added, make sure that they are authorised for use in your organisation, by selecting 'Grant Admin Consent . . . ' and confirming 'Status' is Granted for all permissions
​

On the left-hand side menu, select ' Certificates and Secrets' - here you can add an App secret with assigned Id to further secure the roles and permissions given to access the App.

Select '+ New client secret'.

You can add a description and expiry date of the secret ; Azure will populate the value and secret Id for you.

*Note* You will use the Secret 'Value' to link to Arma, not the Secret 'Id'

When the secret is created, that is the only time you can see the full 'Value', so copy and save it securely upon creation

Once you created and securely saved your Secret Value, return to the properties of the App Registration to also obtain these two additional values:

SUMMARY OF AZURE APP SETTINGS MAPPED TO ARMA M365 CONNECTION

AZURE

ARMA

Did this answer your question?