Background

This will walk you through registering an Azure application that can be used by the Microsoft Office 365, Teams and OneDrive connectors in FTK Central, eDiscovery, and Enterprise.

 

Prerequisites

  • FTK Central, eDiscovery 7.1.1 SP4 or newer, Enterprise 7.4.2 or newer
  • O365 Global Admin credentials for your organization

 

Procedure

  1. Log in to the Azure Portal at https://portal.azure.com with Global Admin credentials
  2. Under Azure Services, click on App registrations (this can also be found via the Search Resources...  bar at the top of the page)
  3. On the App Registrations Page, click New registration
    https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875856/original/mceclip7.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T164141Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=5f42b3098f97f8e26f8bc337712dbec322432a0ec0b09b74a57fe63e6401ed7f

  4. Do the following:
    1. Provide an application Name
    2. Under Supported account types select Accounts in any organizational directory (Any Azure AD directory - Multitenant)
    3. Click Register
      https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875857/original/2021-06-23_10_05_23-mRemoteNG_-_confCons.xml_-_ftkc-app.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T164141Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=140de60ca325e4700c6a56bd9f68f2f83d17f958639aa831d6952e96afd80c72

  5. From the Application Overview page, click Authentication on the left
    https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875858/original/2021-06-23_10_16_31-mRemoteNG_-_confCons.xml_-_ftkc-app.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T164141Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=e37037edaf47b6bc236ce6cd1ff6fabc1d2fdd518f96514051396f5a101ea6b4


  6. Under Platform configurations, click Add a platform
    https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875859/original/2021-06-23_10_08_37-mRemoteNG_-_confCons.xml_-_ftkc-app.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T164141Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=27feb79b089deb5c45cf1f55d323c6485a990331586a1af88d5b8ef218507abd


  7. Click Web on the right
    https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875860/original/2021-06-23_10_10_03-mRemoteNG_-_confCons.xml_-_ftkc-app.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T164141Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=ac6cbd81a87c38d4370d8e2163a91e05bb937819d71ecfe2320c1d59a211c160

  8. Under Redirect URI, enter one of the following URLs and click Configure:

    • eDiscovery (all connectors): https://localhost/accessdata

    • FTK Central/Enterprise (Exchange 365): https://localhost:4443/api/GraphApiAccessDataAdmin

    • FTK Central/Enterprise (Teams): https://localhost:4443/api/MicrosoftTeamsAccessData

    • FTK Central/Enterprise (OneDrive): https://localhost:4443/api/OneDriveAccessData
      Note: If FTK Central is not using port 4443, change this URI to reflect that

      https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875861/original/2021-06-23_10_13_58-mRemoteNG_-_confCons.xml_-_ftkc-app.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T164141Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=2c5f3895bb08fc445cded66d40ae9238b6d281bc6bfd0318493847b917a52090

  9. If you will be using this Azure app for multiple connectors, back on the Authentication page, click Add URI, and add any additional URLs from step 8 as necessary, then click Save
    https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875862/original/2021-06-23_10_19_27-mRemoteNG_-_confCons.xml_-_ftkc-app.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T164141Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=7f92bbbcd64d9fede3ddcda470c71a2236d7d3ff0b0ffefdb137f0f9e2b98729


  10. Click Overview on the left
    https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875863/original/2021-06-23_10_21_44-mRemoteNG_-_confCons.xml_-_ftkc-app.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T164141Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=5c89a0f29c8740b9d8a5f7a7210041f6bc71ec402429953e25f48ec8d5e40079

  11. At the Overview page, copy the Application (client) ID for future use
    https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875864/original/2021-06-23_10_24_19-mRemoteNG_-_confCons.xml_-_ftkc-app.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T164141Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=f89be3c0b098577db667d4e9855ca681b7bf5693a26c1ecd1e970acf8382defa


  12. Click Certificates & Secrets on the left
    https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875865/original/2021-06-23_10_25_44-mRemoteNG_-_confCons.xml_-_ftkc-app.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T164141Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=bab4ff07c61f08f298e6d2f8971fe685baa51a97a62d13b58f68b04300606008


  13. On the lower half of the page, click New client secret
    https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875866/original/2021-06-23_10_41_04-mRemoteNG_-_confCons.xml_-_ftkc-app.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T164141Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=8a603f2fa6415eb2af1e81c4fd908142a72ec1b51266e8fa27ea66d268f7f309


  14. Do the following:
    1. Provide a Description for the client secret
    2. In the Expires drop-down, select an expiration date for the client secret
      Note: We do not provide a recommendation on the life of the secret. This is a security consideration that is dependent on each organizations security posture and internal requirements.
    3. Click Add
      https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875867/original/2021-06-23_10_47_11-Window.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T164141Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=36814557ff3bdf1775bafe40bb41905cdbbbbfd15a81688c49b62ac504dcb839

  15. Copy the generated Secret Value for future use
    https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875868/original/2021-06-23_12_04_29-mRemoteNG_-_confCons.xml_-_ftkc-app.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T164141Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=085f108f4d1b5369d94e6579ec4195885d198f205008ddc1499c40208cf8708e

  16. Click API permissions on the left



  17. Under Configured permissions, click Add a permission


  18. Click Microsoft Graph


  19. To collect from Teams, click Delegated permissions and check each of the below permissions:
    Channel.ReadBasic.All

    ChannelMember.Read.All
    ChannelMessage.Read.All

    Chat.Read

    Chat.ReadBasic

    Files.Read.All

    Group.Read.All

    openid

    User.Read.All

  20. To collect from Exchange or OneDrive, click Application permissions and check each of the below permissions:
    Exchange:
    Calendars.Read

    Contacts.Read

    Mail.Read

    User.Read.All

    OneDrive:

    Files.Read.All

    Sites.Read.All

    Sites.Selected

    User.Read.All

  21. Click Add permissions at the bottom


  22. Click the Grant consent button, and wait for all rows under the Status column to report that consent has been granted.
    https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875871/original/mceclip1.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T164141Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=be96e6ddafff2e74369d0c52ec96615910beba78c995f4f373b4d3bfcdaa8c0b
    https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875872/original/https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875872/original/mceclip2.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T164141Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=c05f5a4901005c394f00c4e50cbe4acfc7c5e0403765d12a47cf16714c55a440?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T164141Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=c05f5a4901005c394f00c4e50cbe4acfc7c5e0403765d12a47cf16714c55a440

Your Azure application can now be used for the desired connectors.