Office 365 integration via API

🔹 Prerequisites

Before you start, ensure you have:

• Azure Administrator privileges (or access to an admin who can grant required permissions).

• Access to the Azure portal (https://portal.azure.com).

• Logsign USO configured and ready for integration.

🔹 Step 1: Create an Enterprise application in Microsoft Entra ID.

1. Log into the Azure portal (https://portal.azure.com).

2. In the left sidebar, navigate to → Microsoft Entra ID.

3. Click on Enterprise applications.

4. Select “Create your own application”.

5. Enter a Name for your Service Principal (e.g., Logsign_Office365_SP).

6. Choose Supported account types → Select Single tenant.

7. Leave Redirect URI blank (not required for this integration).

8. Click Register.

🔹 Step 2: Assign Security Reader Role

To allow the Service Principal to read message trace logs, assign it the Security Reader role.

1. Navigate back to Microsoft Entra ID.

2. In the left sidebar, click Roles and Administrators or use the search box.

3. Search for the role Security Reader and select it.

4. Click “Add Assignments” at the top.

5. Search for the newly created Service Principal and assign the Security Reader role.

6. In this field, you need to type and select the name of the application you created.

📌 Note: You need to type the name of the Enterprise application you created.

7. Click Save.

📌 Note: You may need an Azure administrator to perform this step if you do not have sufficient privileges.

🔹 Step 3: Configure API Permissions

Now, grant the required permissions for the Office 365 Exchange Online API.

1. Navigate back to your App Registration.

2. Click API Permissions in the left sidebar.

3. Click “Add a Permission”.

4. Select “Office 365 Exchange Online” from the list of available APIs.

5. Add the following permissions:

• Delegated Permission → ReportingWebService.Read

• Delegated Permission → Mail.Read

• Application Permission → ReportingWebService.Read.All

• Application Permission → Exchange.ManageAsApp

6. Click “Add Permissions”.

🔹 Grant Admin Consent:

• After adding permissions, click “Grant Admin Consent” to apply them.

🔹 Step 4: Generate Client Credentials

To authenticate via OAuth, you need to generate credentials for your Service Principal.

1. Navigate to Certificates & Secrets in your App Registration.

2. Click “New Client Secret”.

3. Enter a descriptive name (e.g., Logsign_Office365_Secret).

4. Set an expiration period (e.g., 1 year, 2 years, etc.).

5. Click Add.

6. Copy the generated Client Secret and store it securely. ⚠️ You won’t be able to view it again once you leave the page.

🔹 Step 5: Collect Required Information

You will need the following values for OAuth authentication:

• Client ID → Navigate to your Service Principal in Azure AD and copy the Application (client) ID.

• Tenant ID → Also on the overview page, copy the Directory (tenant) ID.

• Client Secret → Use the client secret generated in Step 4.

• OAuth Scope → https://outlook.office365.com/.default

You can use these collected values during the source addition process in Logsign USO.