Please enter search query.
 
              Search <product_name> all support & community content...
            
 
          
               Article: 100050243
              
              
                Last Published: 2023-04-18
              
              
                Ratings:  1 0
              
            
                Product(s): Alta SaaS Protection
              
            Description
  This article discusses how to create an Azure Active Directory Application for use with an EWS connector that is configured for Modern/OAuth authentication.  As the name suggests, Modern authentication uses an OAuth flow and a service principal instead of a mailbox account with a user name and password.  Modern/OAuth is the preferred method of authentication for O365 mailboxes. 
 
Configuring The Azure AD OAuth App
- Select the 'Azure Active Directory blade', then click 'App registrations', followed by 'New registration'.
 
- Configure the application as follows: 
    - Name: Veritas Alta SaaS Protection EWS OAuth App
- Support account types: Accounts in this organizational directory only
- Redirect URI: Change to Public client/native. The value should be: urn:ietf:wg:oauth:2.0:oob
- Click the 'Register' button.
 
 
 
  - After clicking Register and the process completes, it will automatically open the newly created application.
- Now we need to add permissions. Choose the API permissions button on the left, choose +Add a permission button and then on the right side, choose the 'APIs my organization uses' tab, in the search field, type 'Office', then select 'Office 365 Exchange Online'.
 
 
  
- Click Application permissions, select the first option 'full_access_as_app', then click the blue Add permissions button.
 
 
 
- Now we must add the proper permissions in order to read the directory.
- While still on the same page, click the +Add a permission button and choose Microsoft Graph on the right side.
 
 
- Select the Application Permissions button.
 
 
- Scroll down and expand Directory. Choose Directory.Read.All. Then expand Group and choose Group.ReadWrite.All. Click the Add permission button.
 
  
- Click the Grant Admin consent for... button to save the permissions. The end result should look like the following:
 
 
- The last step is to create a secret key.
- Click on Certificates & secrets
- Click New client secret
- Enter the Description as: Veritas Alta SaaS Protection EWS OAuth App Key
- Choose 24 Months for Expires
- Click Add
 
 
- Take note of the key and save it.
 
 
- Lastly, we need to also make note of the following:  
  - Application (client) ID
- Directory (tenant) ID
 
- These two ID's and the secret key will be used to configure the EWS connector.
 
 
