Versions Compared

Old Version 4

changes.mady.by.user Nicola Carofiglio

Saved on

compared with

New Version 5

changes.mady.by.user Ruggero Nepi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Navigate to the Microsoft identity platform for developers App registrations page.

  2. Select New registration.

    • In the Name section, enter a meaningful application name that will be displayed to users of the app, for example iwa-console.In the Supported account types section, select Accounts in any organizational directory.
    • Click Register button at the bottom to create the application.

  3. On the application Overview page, find the Application (client) ID and Directory (tenant) ID values and record it for later. You'll need it to configure the configuration file(s) later in your code.

    In the list of pages for the app, select Manifest, and:

  4. In the manifest editor, set the allowPublicClient property to true
    5. Select Save in the bar above the manifest editor

    .

  5. In the list of pages for the app, select API permissions

    • Click the Add a permission button and then,
    • Ensure that the Microsoft APIs tab is selected
    • In the Commonly used Microsoft APIs section, click on Microsoft Graph
    • In the Delegated permissions section, ensure that the right permissions are checked: User.Read, User.ReadBasic.All. Use the search box if necessary.
    • Select the Add permissions button

  6. At this stage permissions are assigned correctly but the client app does not allow interaction. Therefore no consent can be presented via a UI and accepted to use the service app. Click the Grant/revoke admin consent for {tenant} button, and then select Yes when you are asked if you want to grant consent for the requested permissions for all account in the tenant. You need to be an Azure AD tenant admin to do this.

...

https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app


NOTE:  in fase di registrazione, copiarsi il secret ID altrimenti cambiando pagina, si perde.
Il punto 4 non è stato necessario farlo.
Il punto 5 i passi seguiti sono:  in "App Usate Dalla Organizzazione" ->
cercare "Office 365 Exchange OnLine"
 nelle "Autorizzazione Applicazione"
 → nella voce "Imap"  selezionare:
 full_access_as_app
 → nella voce  "Mail" selezionare:
 Mail.Read
 Mail.ReadWrite
 Mail.Send
cercare: "Microsoft Graph" e selezionare:
 User.Read
 Imap.AccessAsUser.All

Per convalidare il tutto, selezionare "Concedi Consenso Autorizzazione <Azienda>" in modo poi da avere i relativi check verdi, come nell'esempio sotto:

...

Per associare la casella alla applicazione eseguire da console Exchange i due comandi: New-ServicePrincipal e Add-MailboxPermission


New-ServicePrincipal -AppId <APPLICATION_ID> -ServiceId <OBJECT_ID>

dove AppID è (lo vedi in panoramica nell'app)
ID applicazione (client)

OBJECT_ID sarebbe ID oggetto

( per una verifica: Get-ServicePrincipal | FL)



Add-MailboxPermission -Identity <casella> -User <id object applicazione> -AccessRights FullAccess

...