Page Comparison

The Exchange Online microservice requires a key vault with a certificate for certificate-based authentication between the microservice and the service principal registered for it. Additionally, the key vault needs to be configured with an access policy that grants key, secret, and certificate permissions to assigned applications. These permissions will be granted to the Exchange Online app service hosting the microservice.

Create the key vault and certificate

1. In Azure, create a Key vault if you do not already have one or want to create a new one.

2. Navigate to the Certificate page for the key vault and click Generate/Import.
   

   

3. Enter a Certificate Name and Subject and then click Create.
   

   

    

4. After Azure creates the certificate, click the record for it and then download the certificate in CER format. You will add this to the service principal you created for the Exchange Online app service.
   

   

    

Add an access policy

1. Navigate to the Access policies blade for the key vault.

2. Click + Add Access Policy.
   

   Image Removed

3. Click the Key Permissions drop-down and select the Get, Decrypt, Unwrap Key, and Verify operations.
   

   Image Removed

4. Click the Secret permissions drop-down and select the Get and List operations.
   

   Image RemovedImage Added

5. Click the Certificate permissions drop-down and select Get.
   

   Image RemovedImage Added

6. Under Select principal, click None Selected.
   

   Image RemovedImage Added

7. Search for and select the Managed Identity for the Exchange Online App Service. Please note that the Managed Identity you select is the System Assigned Managed Identity you assigned in Step 12 of Configure Exchange Online App Service Authentication.
   

   Image Removed

   enabled for the app service.
   

   Image Added

8. Click Select to select the principal.

9. On the Add access policy blade, click Add.
   

   Image Removed

Add secrets to the key vault

1. On the navbar for the Key vault, under Settings, click Secrets.

2. On the Secrets page, click Generate/Import.
   

   Image Removed

On the Create a secret blade, do the following to create the first secret:

3. Name – Enter EIDExchangeAdminUser.

Value – Secret values should follow username:password format, such as eiduser@<YourAzureTenant>:TestPass123.
Insert excerptIL:Exchange Online Admin User NoteIL:Exchange Online Admin User Notenopaneltrue

4. Click Create.
   

   Image Removed

5. Back on the Secrets blade, click Generate/Import again.

6. On the Create a secret blade, do the following to create the second secret:

   1. Name – Enter EIDExchangeUserPassword.

   2. Value – Secret values should follow username:password format, such as eiduser@<YourAzureTenant>:TestPass123.

   3. Click Create.

7. Back on the Secrets blade, click the record for the Exchange Admin User secret.
   

   Image Removed

8. Click the Current Version to go to the Properties blade for the secret.
   

   Image Removed

9. On the Properties blade, copy the Secret Identifier. You will use this value later.
   

   Image Removed

10. Return to the Secrets blade and repeat steps 16, 17 and 18 for the Exchange User Password secret.Image Added