How To Configure A Group/Teams Awareness Azure AAD Application

Article: 100050185
Last Published: 2024-09-03
Ratings: 0 0
Product(s): Alta SaaS Protection

Description

 
This article will walk through the steps on how to create an Azure AAD Application that will allow the use of the Group/Teams Awareness option within a SharePoint connector in Alta SaaS Protection (ASP).
This process requires access to the Microsoft Entra Admin Center with a user in the Global Admin role.  Once logged in, follow the steps outlined below. 
 

Configuring The Azure Active Teams Provider App

  1. Select Applications, then click App registrations, followed by New registration.
     

 
  1. Configure the application as follows:
    1. Name: ASP Teams Provider
    2. Support account types: Accounts in this organizational directory only
    3. Click the Register button.
       
 

 

  1. After clicking Register and the process completes, it will automatically open the newly created application.
  2. Take note of the Application (client) ID.


 
  1. Click Certificates & secrets.
  2. Choose the New client secret button.




 

  1. Enter the Description as: ASP Teams.
  2. Choose an option from the Expires drop-down menu. Note, this key will need to be regenerated when it expires and updated within the connector. 
  3. Click Add


 
  1. After clicking Add, it will immediately show the secret key.  It’s very important to copy the key value before exiting this page, otherwise, it cannot be retrieved and a new one will need to be created.
     
 

 

  1. Now, we must add the proper permissions in order to read the directory.
    1. Click the API permissions button.  Screenshot shows the default settings: 

 

 
  1. Click User.Read.
  2. Click Remove Permission.
  3. When prompted, choose Yes, remove.

 

 
 
  1. Click the Add a permission button.
     

 

  1. Select Microsoft APIs and then Microsoft Graph.
     
 

 

  1. Select Application permissions.
     

 
  1. Type Group in the search bar and select Group.Read.All.

 

  • In order to capture the owner's information for the Teams Site with the Modern Oauth authentication method, the User.Read.All permission needs to be added as well.
  • Type User.Read in the search bar to show the relevant permissions and add the User.Read.All permission.  
  • Select Add Permissions.


 
  1. Finally, click the 'Grant Admin Consent for <TenantName>' button and choose Yes at the prompt.
     
 

 

  1. After consent has been granted, the permissions should now look like below.

 

 
  1. The process is now complete.
    ​​​​​​​

Was this content helpful?