larryh/corso
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
corso/website/docs/setup/m365-access.md
Niraj Tolia 692b8425b9
Website fixes (#1834) 
## Description

Fix issues found by screaming frog

- Use https:// for links
- Add missing cookies page back
- Add missing alt-text
- Use dashes instead of underscores for better search engine indexing
- Fix internal redirects

## Does this PR need a docs update or release note?

- [x]  No 

## Type of change

- [x] 🐛 Bugfix
2022-12-16 04:10:56 +00:00

4.6 KiB
Raw Blame History

description
description
Connect to a Microsft 365 tenant

Microsoft 365 access

import Tabs from '@theme/Tabs'; import TabItem from '@theme/TabItem';

To perform backup and restore operations, Corso requires access to your M365 tenant by creating an Azure AD application with appropriate permissions.

The following steps outline a simplified procedure for creating an Azure Ad application suitable for use with Corso. For more details, please refer to the official documentation for adding an Azure AD Application and Service Principal using the Azure Portal.

Create an Azure AD application

Sign in into the Azure Portal with a user that has sufficient permissions to create an AD application.

Register a new application

From the list of Azure services, select Azure Active Directory → App Registrations → New Registration

Registering a new application

Configure basic settings

Next, configure the following:

  • Give the application a name
  • Select Accounts in this organizational directory only
  • Skip the Redirect URI option
  • Click Register at the bottom of the screen

Configuring the application

Configure required permissions

Within the new application (CorsoApp in the below diagram), select API Permissions → Add a permission from the management panel.

Adding application permissions

Select the following permissions from Microsoft API → Microsoft Graph → Application Permissions and then click Add permissions.

API / Permissions Name Type Description
Calendars.ReadWrite Application Read and write calendars in all mailboxes
Contacts.ReadWrite Application Read and write contacts in all mailboxes
Files.ReadWrite.All Application Read and write files in all site collections
Mail.ReadWrite Application Read and write mail in all mailboxes
User.Read.All Application Read all users' full profiles
Sites.FullControl.All Application Have full control of all site collections

Grant admin consent

Finally, grant admin consent to this application. This step is required even if the user that created the application is an Microsoft 365 admin.

Granting administrator consent

Export application credentials

After configuring the Corso Azure AD application, store the information needed by Corso to connect to the application as environment variables.

Tenant ID and client ID

To view the tenant and client ID, select Overview from the app management panel.

Obtaining Tenant and Client IDs

Copy the client and tenant IDs and export them into the following environment variables.

$Env:AZURE_CLIENT_ID = "<Application (client) ID for configured app>"
$Env:AZURE_TENANT_ID = "<Directory (tenant) ID for configured app>"

export AZURE_TENANT_ID=<Directory (tenant) ID for configured app>
export AZURE_CLIENT_ID=<Application (client) ID for configured app>

export AZURE_TENANT_ID=<Directory (tenant) ID for configured app>
export AZURE_CLIENT_ID=<Application (client) ID for configured app>

Azure client secret

Finally, you need to obtain a client secret associated with the app using Certificates & Secrets from the app management panel.

Click New Client Secret under Client secrets and follow the instructions to create a secret.

Obtaining the Azure client secrete

After creating the secret, immediately copy the secret Value because it won't be available later. Export it as an environment variable.

$Env:AZURE_CLIENT_SECRET = "<Client secret value>"

export AZURE_CLIENT_SECRET=<Client secret value>

export AZURE_CLIENT_SECRET=<Client secret value>