Exchange via Graph API permissions

Use the following sequence to setup permissions in Entra for access to Exchange via Graph API. This is the modern approach to integration with Exchange in Microsoft’s cloud.

Microsoft will from time to time update interfaces and documentation. It’s always advised to refer to current docs for proper configuration.

https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app

1. App registration: Create an app in Microsoft Entra admin center (Azure AD).

   

2. Assign permissions: Add Graph API permissions (Mail.ReadandMail.ReadWrite).
   

   

3. Admin consent: An administrator must grant consent for those permissions.
   

4. You will need to generate a client secret. Note that secrets do have an expiration. You will need to make sure you refresh the secrect prior to it’s expiration for continued fuction.
   

   

5. In GlobalCapture you will need the Tenant ID, the Client (Application) ID, and the Client Secret (Value from step 5).
   

NOTE: Square 9 cannot assist with granular permissions assignments for how to implement them. Contact your Entra support team if you need help specifically with point 2 above. This permissions are very broad, which is likely fine in most environments. Customer’s with security concerns will wish to restrict the applications access, which is configured in Entra/Exchange and beyond Square 9’s scope.