Changes for page Microsoft 365
Last modified by Sabrina V. on 2025/05/15 12:38
From version 4.1
edited by Sabrina V.
on 2025/05/05 09:52
on 2025/05/05 09:52
Change comment:
There is no comment for this version
To version 5.1
edited by Sabrina V.
on 2025/05/12 08:48
on 2025/05/12 08:48
Change comment:
There is no comment for this version
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -1,100 +1,10 @@ 1 1 {{aagon.floatingbox/}} 2 2 3 -= PreparingfortheMicrosoft Entra ID =3 += Register preparations for Microsoft Entra ID and enterprise application = 4 4 5 -To use Microsoft 365, you must first navigate to the Microsoft Entra Admin Centre, register a nenterpriseapplication, and grant the necessary permissions within that application. These steps are necessaryforACMP to access and import the required Microsoft 365 data.5 +To use Microsoft 365, you must first navigate to the Microsoft Entra Admin Centre, register a business application, and grant the necessary permissions within that application. These steps are necessary to allow ACMP to access and import the required Microsoft 365 data. Detailed instructions on how to do this can be found [[here>>doc:ACMP.68.Unternehmensanwendung registrieren in der Microsoft Entra ID.WebHome]], along with all the permissions you will need to grant. 6 6 7 -== Register an Enterprise Application == 8 8 9 -First, log in to your [[Microsoft Entra ID>>url:https://aad.portal.azure.com/]] . Click the //Manage// tab > //Enterprise Applications// and create a new application registration. 10 - 11 -[[Application registrations in Microsoft Entra ID>>image:67_Microsoft 365_App-Registrierung in der Entra_2910.png]] 12 - 13 -Enter all required information: Enter an application name and select the accounts to support. Click //Register// to complete the process. 14 - 15 -[[Registering an application>>image:67_Microsoft 365_Anwendung registrieren_2262.png]] 16 - 17 -When you open the created application, you will see a summary of the information added. You will need the application and directory ID from this for the next step when you create a new portal for Microsoft 365. 18 - 19 -[[Application information summary>>image:67_Microsoft 365_Zusammenfassung der Anwendungsinformationen_3344.png]] 20 - 21 -== Distribute permissions == 22 - 23 -Next, grant the required permissions to the business application so that the interface can be accessed. To do this, go to the Permissions section within the registered application (//Security// > //Permissions//). 24 - 25 -[[Permissions>>image:67_Microsoft 365_Berechtigungen_2720.png]] 26 - 27 -Click //Add Permission//. This will open a page where you can request API permissions. In this step you need to select Microsoft Graph. 28 - 29 -[[API Permissions: Request Microsoft Graph>>image:67_Microsoft 365_Microsoft Graph_1284.png||data-xwiki-image-style-alignment="center" height="822" width="650"]] 30 - 31 -**Only the application permissions are required to use Microsoft 365. Add the following values one at a time and repeat the process until both list entries are added:** 32 - 33 -* **User.Read.All (Type: Application)** 34 -* **Organisation.Read.All (Type: Application)** 35 - 36 -{{aagon.warnungsbox}} 37 -You only need to assign the application permissions, not the delegated permissions! 38 -{{/aagon.warnungsbox}} 39 - 40 -[[Assigning application permissions>>image:67_Microsof 365_Anwendungen verteilen_Umrandung_3822.png||alt="67_Microsof 365_Anwendungen verteilen_3822.png"]] 41 - 42 -Once you have selected both permissions, click //Add Permissions//. You will see the entries in the overview. 43 - 44 -[[Assigned privileges (without consent)>>image:67_Microsoft 365_Verteilte Berechtigungen (ohne Einwilligung)_2818.png]] 45 - 46 -You may need to grant permissions if you have not already done so. To do this, click on the //'Grant administrator consent for %your company%//' field. This will change the status and provide user consent. 47 - 48 -[[Approved permissions>>image:67_Microsoft 365_Verteilte Berechtigungen (ohne Einwilligung)_2818.png]] 49 - 50 -= Upload private client keys or certificates = 51 - 52 -When you first set up Microsoft 365, you need to specify authentication types. You can choose from two methods supported by the Microsoft Client Credentials Provider: //certificates// or //secret client keys//. 53 - 54 -{{aagon.infobox}} 55 -The procedure is different depending on the authentication type you choose. Read below to find out what to do for each method. 56 -{{/aagon.infobox}} 57 - 58 -== Upload a certificate == 59 - 60 -{{aagon.infobox}} 61 -Because of the higher level of security, Microsoft recommends that you use a certificate as your credential. 62 -{{/aagon.infobox}} 63 - 64 -Certificates can be used as an authentication method to log in to Microsoft Entra ID. A certificate always consists of a public and a private part, where the public key is loaded directly into the Microsoft Entra ID. Both parts will be needed later when you can add the certificate to the connection information to create a new portal. This certificate pair must be created beforehand. Read on to find out how to create a certificate using [[Microsoft>>url:https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate?tabs=apex%2Cportal]] or [[Open SSL>>url:https://stackoverflow.com/questions/6307886/how-to-create-pfx-file-from-certificate-and-private-key]]. 65 - 66 -{{aagon.infobox}} 67 -The PKCS#12 or PFX/P12 format is often used for certificates. This is not supported by ACMP because the certificate and key file are combined in one file. However, you can use the OpenSSL commands openssl pkcs12 -in path.p12 -out newfile.crt -clcerts –nokeys to generate two files from the file for the certificate and openssl pkcs12 -in path.p12 -out newfile.pem -nocerts –nodes for the private key. 68 -For more information, see the [[Managing certificates>>doc:ACMP.68.ACMP-Solutions.System.Einstellungen.ACMP Server.WebHome||anchor="HEnde-zu-Ende-VerschlFCsselung"]] section. 69 -{{/aagon.infobox}} 70 - 71 -Within the previously registered application, navigate to //Certificates & Secrets//. In the details section, click the //Certificates// tab and upload the certificate you created earlier. 72 - 73 -[[Upload certificates>>image:67_Microsoft 365_Zertifikat hochladen_3356.png]] 74 - 75 -A field will open on the right-hand side for you to upload the certificate. Browse to the appropriate directory and upload the file, then enter an optional description for the certificate. Click //Add// and the certificate will be saved for the application. 76 - 77 -{{aagon.infobox}} 78 -Please note that only .cer, .pem and .crt file types are supported when uploading a certificate. 79 -{{/aagon.infobox}} 80 - 81 - 82 -[[Uploaded certificate in Microsoft Entra>>image:67_Microsoft 365_Hochgeladenes Zertifikat in Entra_3052.png]] 83 - 84 -== Adding a secret client key == 85 - 86 -The secret client key is a string of characters used by the enterprise application as an authentication key or proof of identity when requesting the token. To do this, go to the //Certificates & Secrets// section of the registered application. In the details, click on the //Secret Client Keys// tab and create a new key. 87 - 88 -[[Adding a news client key>>image:67_Microsoft 365_Neuen Clientschlüssel hinterlegen_3052.png]] 89 - 90 -When creating a new secret client key, you will be given the option to configure the validity period. Please note that when the validity period expires, a new key must be created and saved. 91 - 92 -[[Adding a secret client key>>image:67_Microsoft 365_Geheimen Clientschlüssel hinzufügen_3052.png]] 93 - 94 -{{aagon.infobox}} 95 -You will need the created secret client key when setting up Microsoft 365 to create new portals in the ACMP console. Therefore, save the secret client key so that you can access it later. 96 -{{/aagon.infobox}} 97 - 98 98 = Settings for Microsoft 365 = 99 99 100 100 The //Microsoft 365// section provides an overview of the portals you have saved and from which you want to import information.