Register Service Principal with Exchange Online API Permissions

To manage Exchange, the EmpowerID Exchange Online microservice requires registering a service principal application in the Exchange tenant to provide Azure AD authentication to the app service that hosts the Exchange microservice. Once registered, the service principal needs to be granted the Application permission Exchange.ManageAsApp, which is needed to access Exchange Online resources.

Register the service principal

1. In Azure, navigate to your Azure Active Directory.

2. On the Azure Active Directory navbar, click App registrations.

3. On the App registrations page, click New registration.
   
   

   Open

   

    

4. Name the application, select the scope (single or multitenant), and click Register.

5. Once the application is registered, copy the Application (client) ID and Directory (tenant) ID from the Overview page. These values are used later.
   
   

   Open

   

    

Grant API permissions to the service principal

1. On the navbar for the app, select Manifest to open the Manifest editor.
   
   

    

2. Locate requiredResourceAccess in the editor.
   
   

    

3. Copy the below code and replace the default requiredResourceAccess object with it.
   
   

   "requiredResourceAccess": [ { "resourceAppId": "00000002-0000-0ff1-ce00-000000000000", "resourceAccess": [ { "id": "dc50a0fb-09a3-484d-be87-e023b12c6440", "type": "Role" } ] } ],

    

4. Verify your changes look like that shown below and then click Save.
   
   

    

5. Navigate to the API permissions blade for the app and confirm that Exchange.ManageAsApp appears as a permission.
   
   

Next Steps

https://dotnetworkflow.jira.com/wiki/spaces/EIDADV23/pages/2984947696