9.1 Prerequisites

9.1.1 Message Broker

In the Configuration Dashboard, verify that the Message Broker is installed, configured, and connected.

9.1.2 Preparing the Microsoft 365 Tenant

  1. In web browser, go to https://admin.microsoft.com.

    This will automatically redirect you to the Microsoft 365 Admin Center for your tenant.

    If you are not already authenticated, you will have to do so before being redirected.

  2. From the Navigation menu, select Show all.

  3. Under Admin centers, select Azure Active Directory.

    This launches the Azure Active Directory admin center.

  4. From the Dashboard menu, click Azure Active Directory.

  5. From the Manage menu, select App registrations.

  6. Click the New registration tab.

  7. In the Name field, enter a descriptive name for the application registration.

    For example: SRS Reporting

  8. In the Supported account types region, select the Single tenant option (the first option).

  9. Leave the default settings of the Redirect URI (optional) region and click Register.

    The application is registered and the settings are displayed.

  10. From the Manage menu, select API permissions.

  11. Set the application permissions for the Microsoft Graphi API.

    1. Refer to the following table as you establish application permissions:

      API / Permissions Name

      Description

      Microsoft Graph

       

      Directory.Read.All

      Read directory data

      Files.Read.All

      Read files in all site collections

      Group.Read.All

      Read all groups

      GroupMember.Read.All

      Read all group memberships

      Member.Read.Hidden

      Read all hidden memberships

      Organization.Read.All

      Read organization information

      Sites.Read.All

      Read items in all site collections (previews)

      Team.ReadBasic.All

      Get a list of all teams

      TeamMember.Read.All

      Read the members of all teams

      TeamSettings.Read.All

      Read all teams’ settings

      User.Read.All

      Read all users’ full profiles

    2. Click the Add a permission tab.

    3. Click the Microsoft Graph API.

    4. Click Application permissions.

    5. Referring to the table in Substep 11a, begin typing directory to filter on the Directory permission.

    6. Expand the Directory permission to display the options.

    7. From the table in Substep 11a, verify that the permissions to select are Directory.Read.All Read directory data, then select that specific check box.

    8. Click Add permissions.

      The Directory.Read.All permission is added to the Configured permissions table.

    9. Repeat Substeps 11b-11h to add all of the permissions specified in the table in Substep 11a.

    10. When finished, remove the User.Read permission by selecting it and then in the Remove permission dialog box, click Yes, remove.

  12. Set the application permissions for SharePoint.

    1. Click the Add a permission tab.

    2. Click the SharePoint API.

    3. Click Application permissions.

    4. Expand the Sites permission to display the options.

    5. Select the Sites.Full Control.All option.

    6. Click Add permissions.

  13. Grant admin consent for the tenant.

    1. Above the list of permissions that you just established, click Grant admin consent for tenant_name.

    2. When asked if you want to grant consent for the requested permissions for all accounts in tenant_name, click Yes.

      The status for each of the permissions is changed to Granted for tenant_name.