Support Portal

Background

This will walk you through registering an Azure application that can be used by the Microsoft Office 365, Teams and OneDrive connectors in FTK Central, eDiscovery, and Enterprise.

Prerequisites

• FTK Central, eDiscovery 7.1.1 SP4 or newer, Enterprise 7.4.2 or newer
• O365 Global Admin credentials for your organization

Procedure

1. Log in to the Azure Portal at https://portal.azure.com with Global Admin credentials
2. Under Azure Services, click on App registrations (this can also be found via the Search Resources...  bar at the top of the page)
   
3. On the App Registrations Page, click New registration
   
   
   
4. Do the following:
   1. Provide an application Name
   2. Under Supported account types select Accounts in any organizational directory (Any Azure AD directory - Multitenant)
   3. Click Register
      
      
      
5. From the Application Overview page, click Authentication on the left
   
   
   
   
6. Under Platform configurations, click Add a platform
   
   
   
   
7. Click Web on the right
   
   
   

8. Under Redirect URI, enter one of the following URLs and click Configure:

   • eDiscovery (all connectors): https://localhost/accessdata

   • FTK Central/Enterprise (Exchange 365): https://localhost:4443/api/GraphApiAccessDataAdmin

   • FTK Central/Enterprise (Teams): https://localhost:4443/api/MicrosoftTeamsAccessData

   • FTK Central/Enterprise (OneDrive): https://localhost:4443/api/OneDriveAccessData
     Note: If FTK Central is not using port 4443, change this URI to reflect tht
     
     
     
     

9. If you will be using this Azure app for multiple connectors, back on the Authentication page, click Add URI, and add any additional URLs from step 8 as necessary, then click Save
   
   
   
   
10. Click Overview on the left
    
    
    
11. At the Overview page, copy the Application (client) ID for future use
    
    
    
    
12. Click Certificates & Secrets on the left
    
    
    
    
13. On the lower half of the page, click New client secret
    
    
    
    
14. Do the following:
    1. Provide a Description for the client secret
    2. In the Expires drop-down, select an expiration date for the client secret
       Note: We do not provide a recommendation on the life of the secret. This is a security consideration that is dependent on each organizations security posture and internal requirements.
    3. Click Add
       
       
       
15. Copy the generated Secret Value for future use
    
    
    
16. Click API permissions on the left
    
    
    
    
17. Under Configured permissions, click Add a permission
    
    
    
18. Click Microsoft Graph
    
    
    
19. To collect from Teams, click Delegated permissions and check each of the below permissions:
    Channel.ReadBasic.All

    ChannelMember.Read.All
    ChannelMessage.Read.All

    Chat.Read

    Chat.ReadBasic

    Files.Read.All

    Group.Read.All

    openid

    User.Read.All
    
    

20. To collect from Exchange or OneDrive, click Application permissions and check each of the below permissions:
    Exchange:
    Calendars.Read

    Contacts.Read

    Mail.Read

    User.Read.All
    
    OneDrive:

    Files.Read.All

    Sites.Read.All

    Sites.Selected

    User.Read.All
    
    

21. Click Add permissions at the bottom
    
    
    
22. Click the Grant consent button, and wait for all rows under the Status column to report that consent has been granted.
    
    

Your Azure application can now be used for the desired connectors.