Creating and configuring an Azure App for the Email Dialogue Provider

Prerequisites

• Your company must have Azure
• The user account that creates the app must be present in the Microsoft Entra ID Formerly known as Azure Active Directory (or Azure AD, or AAD) directory of your company and have the rights to create apps (this is possible by default unless limited by an admin)
• A global admin will have to go to an admin consent url in order to allow accounts of this Microsoft Entra ID Formerly known as Azure Active Directory (or Azure AD, or AAD) directory to use it, since Teams requires permissions normally reserved for admins. By consenting a global admin allow regular users to have these permissions in the app.

Create an Azure App

Our first step is to create the App in Azure.

1. Navigate to https://portal.azure.com

2. Select Microsoft Entra ID From the Azure Portal Menu (upper left).

3. From here collect your tenant domain for later use (e.g. domain.com or domain.onmicrosoft.com)

   

4. Select App registrations

   

5. Click New Registration and do the following:

• Give the application a name (e.g. A365-Azure-Application)

• Under Supported account types, select Accounts in this organizational directory only

• Add the following redirect URI

  Type: Public client (mobile & desktop)

  Redirect URI: urn:ietf:wg:oauth:2.0:oob

6. Click Register

7. Select Authentication

   

   1. Add Web as a platform

   2. Under Web | Redirect URIs enter a url, for example http://localhost

   3. Under Implicit grant select both options:

      1. Access tokens

      2. Id tokens

   4. Under Mobile and desktop applications | Redirect URIs check all three options

      1. msal<application_client_id>://auth

      2. https://login.microsoftonline.com/common/oauth2/nativeclient

      3. https://login.live.com/oauth20_desktop.srf

   5. Double check if Supported account types is set to:

      1. Accounts in this organizational directory only

8. Click Save

Configure API Permissions

Before the App can be used, the right permissions need to be assigned. This varies per use of the App.

1. Navigate to your Azure App

2. Click ‘API Permissions’

   

   Add the following permissions:

   1. Mail

      1. Click ‘Add a permission’

      2. Click ‘Microsoft Graph’

         

      3. Click ‘Application permissions’

      4. Open 'Mail'

      5. If 'Mail.ReadWrite' is not selected, select it

      6. If 'Mail.Send' is not selected, select it

      7. click 'Add permissions'

   2. User.Read.All

      1. Click ‘Add a permission’

      2. Click ‘Microsoft Graph’

         

      3. Click ‘Application permissions’

      4. Open 'User'

      5. If 'User.Read.All' is not selected, select it

      6. Click 'Add permissions'

   3. Directory.Read.All

      1. Click ‘Add a permission’

      2. Click ‘Microsoft Graph’

         

      3. Click ‘Application permissions’

      4. Open 'Directory'

      5. If 'Directory.Read.All' is not selected, select it

      6. Click 'Add permissions'

Generate Client secret

1. Navigate to your App

2. Click ‘Certificates & secrets’

3. Click ‘New client secret’

   1. Fill in a description (e.g. AnywhereNow Client Secret)

   2. Select ‘Expires never’

4. Click ‘Add’

5. Copy the client secret value and paste it for later use

Using the app

1. Navigate to your App

2. Click ‘Overview’

   

   1. Collect the following value to be used.

      1. Application (client) id

      2. Directory (tenant) id