25.26.Azure app registration for Microsoft 365 archiving
In this section, we will explain how an app is registered on the Azure portal which enables contentACCESS to authenticate and connect to the Microsoft Dataverse environment using a modern and more secure way of authentication. Modern authentication is a category of several different protocols (instead of being a single authentication method – like username and password) that aim to enhance the security posture of cloud-based resources. Modern authentication relies on token-based claims, which are used to authenticate with an identity provider to generate a token for access. OAuth is an open standard that is used for many applications and websites that can grant access to other systems’ information, but without giving them the password.
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser
cd ([Environment]::GetFolderPath("MyDocuments"))
Invoke-WebRequest -Url "https://static.contentaccess.cloud/appregistration/Register-contentACCESSAADapp-v3.ps1" -OutFile "Register-contentACCESSAADapp.ps1"
.\Register-contentACCESSAADapp.ps1
Please, be aware that Windows PowerShell needs to be run as Administrator for the process.
Why contentACCESS needs modern authentication?
For years, Microsoft allowed basic authentication to Exchange Online, SharePoint, and other resources, meaning that only a username and password were required. But, due to security reasons, Microsoft is progressively deprecating the legacy authentication, which will be then permanently blocked in the future. (Read more about the act in this article.) After that date, OAuth 2.0 (also known as modern authentication) will be required instead. These changes require vendors of third-party apps that integrate with Exchange Online and other resources like Teams and SharePoint to support modern authentication.
contentACCESS is also affected by these changes because it must use modern authentication to connect to Exchange Online, SharePoint, OneDrive, and Teams. This requires an Azure App registration to be configured on the Microsoft 365 tenant.
App registration
Navigate to portal.azure.com. Go to All services -> App registrations -> + New registration. Fill in the details of the new application. The only mandatory field that needs to be changed is the name of the application, the other options can be left as-is. Click the Register button.
After the app is successfully registered, you will be able to see the Application ID and Directory ID in the app’s Overview. (These are used in archive settings to connect contentACCESS with the Teams application).
The next step is to grant the necessary permissions for the application. For a detailed description, please refer to the following subsections. These permissions vary from the archive:
- If you need to grant permissions for the Email archive, read the Grant permissions for Email archive section.
- If you need to grant permissions for the OneDrive archive, refer to the Grant permissions for the OneDrive archive section.
- If you need to grant permissions for the SharePoint archive, refer to the Grant permissions for the SharePoint archive section.
- If you need to grant permissions for the Teams archive, please read the section Grant permissions for Teams archive.