For added security, we recommend configuring least-privilege permissions for this integration. You can grant an application granular EXO permissions by following the steps below.
-
Register a new application:
- Go to Microsoft Entra - App registrations.
- Click on New registration.
- Set Supported account types to Single tenant.
- Leave Redirect URI blank.
- Click Register.
-
Configure application permissions:
- In the new app, go to API permissions > Add a permission.
- Open the APIs my Organization uses section.
- Search for Office 365 Exchange Online and open it.
- Click on Application Permissions.
- Search for and select the Exchange.ManageAsApp permission.
Note: This permission does not grant the application the any management or write privileges on its own. It is simply a prerequisite for the application to interact with Exchange Online at all. The actual permissions are controlled by the more granular EXO roles assigned in the next step. You can learn more about EXO permissions here. - Click on Add permissions.
- Navigate back to the API permissions page.
- Click on Grant admin consent.
- Click Yes in the Grant admin consent confirmation box.
-
Assign Exchange Online roles:
- Connect to Exchange Online PowerShell.
-
Run the following PowerShell script, using the Client ID from the App registration, and the Object ID from the corresponding Enterprise Application:
$clientId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" $objectId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" New-ServicePrincipal -AppId $clientId -ObjectId $objectId New-ManagementRoleAssignment -App $clientId -Role "View-Only Recipients" New-ManagementRoleAssignment -App $clientId -Role "Message Tracking"
-
Connect your data to Subble:
- Head back to Microsoft Entra - App registrations.
- Navigate to All applications and choose your application from the list.
- Open the Overview tab and copy the following details into Subble:
- Application (client) ID
- Directory (tenant) ID
- Select Certificates & secrets > Client secrets.
- Click on New client secret, choose an expiry date, and click Add.
- Enter the Value into Subble.
- Click Connect to complete the integration.
Comments
0 comments
Article is closed for comments.