Background
This will walk you through registering an Azure application that can be used by the Microsoft Office 365, Teams and OneDrive connectors in FTK Central, eDiscovery, and Enterprise.
Prerequisites
- FTK Central, eDiscovery 7.1.1 SP4 or newer, Enterprise 7.4.2 or newer
- O365 Global Admin credentials for your organization
Procedure
- Log in to the Azure Portal at https://portal.azure.com with Global Admin credentials
- Under Azure Services, click on App registrations (this can also be found via the Search Resources... bar at the top of the page)
- On the App Registrations Page, click New registration
- Do the following:
- Provide an application Name
- Under Supported account types select Accounts in any organizational directory (Any Azure AD directory - Multitenant)
- Click Register
- From the Application Overview page, click Authentication on the left
- Under Platform configurations, click Add a platform
- Click Web on the right
Under Redirect URI, enter one of the following URLs and click Configure:
eDiscovery (all connectors): https://localhost/accessdata
FTK Central/Enterprise (Exchange 365): https://localhost:4443/api/GraphApiAccessDataAdmin
FTK Central/Enterprise (Teams): https://localhost:4443/api/MicrosoftTeamsAccessData
FTK Central/Enterprise (OneDrive): https://localhost:4443/api/OneDriveAccessData
Note: If FTK Central is not using port 4443, change this URI to reflect that
- If you will be using this Azure app for multiple connectors, back on the Authentication page, click Add URI, and add any additional URLs from step 8 as necessary, then click Save
- Click Overview on the left
- At the Overview page, copy the Application (client) ID for future use
- Click Certificates & Secrets on the left
- On the lower half of the page, click New client secret
- Do the following:
- Provide a Description for the client secret
- In the Expires drop-down, select an expiration date for the client secret
Note: We do not provide a recommendation on the life of the secret. This is a security consideration that is dependent on each organizations security posture and internal requirements. - Click Add
- Copy the generated Secret Value for future use
- Click API permissions on the left
- Under Configured permissions, click Add a permission
- Click Microsoft Graph
- To collect from Teams, click Delegated permissions and check each of the below permissions:
Channel.ReadBasic.AllChannelMember.Read.All
ChannelMessage.Read.AllChat.Read
Chat.ReadBasic
Files.Read.All
Group.Read.All
openid
User.Read.All
- To collect from Exchange or OneDrive, click Application permissions and check each of the below permissions:
Exchange:
Calendars.ReadContacts.Read
Mail.Read
User.Read.All
OneDrive:Files.Read.All
Sites.Read.All
Sites.Selected
User.Read.All
- Click Add permissions at the bottom
- Click the Grant consent button, and wait for all rows under the Status column to report that consent has been granted.
Your Azure application can now be used for the desired connectors.