Create Application Registration Manually (Optional)
This procedure describes how to manually add the Application registration to
| ■ | Adding Client secret |
| ■ | Associating Microsoft Entra Roles to the application according to table described in Secure Connection using Application Registration |
| ➢ | To create the new registration: |
| 1. | Login to the Azure portal (portal.azure) with global Admin credentials for the M365 tenant. |
| 2. | Click View to the Microsoft Entra ID interface. |
| 3. | In the Navigation pane, select Manage > App registrations and then click New registration. |
| 4. | Enter the name of the application. |
| 5. | Select Accounts in this organizational directory only (Contoso only-Single tenant). |
| 6. | Click Register. |
| 7. | Click to open the Overview page for the new registration. |
| 8. | In the Overview page, Copy the Tenant ID and Application (client) ID value. |
| 9. | In the Navigation pane, select Certificate & secrets. |
| 10. | Click New client secret to add a new client secret. |
| 11. | Enter the Description for the secret and the Expires date (recommended 12 months) and then click Add. |
| 12. | Copy the value to clipboard as its required for later configuration in the Service portal. |
| ● | Copy the value immediately to notepad as it hashed after a short time. |
| ● | If you use the Application registration to create additional services, a new secret should be created for each new service. |
| 13. | In the Navigation pane, select Manage > API permissions. |
| 14. | Click + Add a permission and then select Microsoft Graph. |
| 15. | Select Application permissions. |
| 16. | Type AppCatalog, select AppCatalog.ReadWrite.All (Read and write to all app catalogs), and then click Add permissions. |
| 17. | Repeat the above steps for the following permissions: |
| ● | Group.Read.All (Read all groups) |
| ● | GroupMember.Read.All (Read all group memberships) |
| ● | Organization.Read.All (Read organization information) |
| ● | RoleManagement.Read.Directory (Read all directory RBAC settings) |
| ● | TeamSettings.ReadWrite.All (Read and change all teams' settings) |
| ● | User.ReadWrite.All (Read and write all users' full profiles) |
| 18. | Grant admin consent for the new permissions. |
All permissions are granted.
| 19. | In the search box in the Menu bar, type Microsoft Entra Roles and administrators. |
| 20. | In the Search box, enter the name of the role that is required for the Application Registration creation process according to the table shown in Secure Connection using Application Registration , and then select the check box for the entry. |
| 21. | Scroll to the end of the line for the entry, right-click ...and then clickDescription. |
| 22. | In the Navigation pane, click Assignments. |
| 23. | Click Add assignments. |
| 24. | Search for the name of the Application Registration that you created above, select it and then click Add. |
The new association is displayed.
| 25. | Repeat the above steps for each required role. |
| 26. | Proceed to Use Manually Created Application Registration. |