In the Configuration Dashboard, verify that the Message Broker is installed, configured, and connected.
In web browser, go to https://admin.microsoft.com.
This will automatically redirect you to the Microsoft 365 Admin Center for your tenant.
If you are not already authenticated, you will have to do so before being redirected.
From the Navigation menu, select Show all.
Under Admin centers, select Azure Active Directory.
This launches the Azure Active Directory admin center.
From the Dashboard menu, click Azure Active Directory.
From the Manage menu, select App registrations.
Click the New registration tab.
In the Name field, enter a descriptive name for the application registration.
For example: SRS Reporting
In the Supported account types region, select the Single tenant option (the first option).
Leave the default settings of the Redirect URI (optional) region and click Register.
The application is registered and the settings are displayed.
From the Manage menu, select API permissions.
Set the application permissions for the Microsoft Graphi API.
Refer to the following table as you establish application permissions:
API / Permissions Name |
Description |
---|---|
Microsoft Graph |
|
Directory.Read.All |
Read directory data |
Files.Read.All |
Read files in all site collections |
Group.Read.All |
Read all groups |
GroupMember.Read.All |
Read all group memberships |
Member.Read.Hidden |
Read all hidden memberships |
Organization.Read.All |
Read organization information |
Sites.Read.All |
Read items in all site collections (previews) |
Team.ReadBasic.All |
Get a list of all teams |
TeamMember.Read.All |
Read the members of all teams |
TeamSettings.Read.All |
Read all teams’ settings |
User.Read.All |
Read all users’ full profiles |
Click the Add a permission tab.
Click the Microsoft Graph API.
Click Application permissions.
Referring to the table in Substep 11a, begin typing directory to filter on the Directory permission.
Expand the Directory permission to display the options.
From the table in Substep 11a, verify that the permissions to select are Directory.Read.All Read directory data, then select that specific check box.
Click Add permissions.
The Directory.Read.All permission is added to the Configured permissions table.
Repeat Substeps 11b-11h to add all of the permissions specified in the table in Substep 11a.
When finished, remove the User.Read permission by selecting it and then in the Remove permission dialog box, click Yes, remove.
Set the application permissions for SharePoint.
Click the Add a permission tab.
Click the SharePoint API.
Click Application permissions.
Expand the Sites permission to display the options.
Select the Sites.Full Control.All option.
Click Add permissions.
Grant admin consent for the tenant.
Above the list of permissions that you just established, click Grant admin consent for tenant_name.
When asked if you want to grant consent for the requested permissions for all accounts in tenant_name, click Yes.
The status for each of the permissions is changed to Granted for tenant_name.