To connect Office 365/Exchange Online account of your organization using the Modern Authentication, you need to create an Azure Active Directory application, as described in the below section.

Step 1: Create and Register a new app in Azure AD

To register a new Azure AD application, do the following:

Step 1.1 Sign into the Microsoft 365 Admin Center (with your Global Administrator, Application Administrator, or Cloud Application Administrator account) and go to the Azure Active Directory admin center.

Step 1.2 Under the App registrations section, select New registration:

Step 1.3 In the Name field, enter the application name.

Step 1.4 Select who can use this application in the Supported account types – use the Accounts in this organizational directory only option.

Step 1.5 Click the Register button.

NOTE: Application redirect URI is optional; you can leave it blank on this step.

Step 1.6 Your application ID is now available in the Overview section. Copy it to a safe location.

Step 2 Grant Required Permissions

Next, you need to grant your new application the required API permissions.

Azure AD applications can be assigned Delegated or Application permissions:

  • Delegated permissions require a signed-in user present who consents to the permissions every time an API call is sent.
  • Application permissions are consented by an administrator once granted.

For the newly created app, you should use Application permissions.

NOTE: By default, a new application is granted one delegated permission for Microsoft Graph API – User.Read. It is not required and can be removed.

Do the following:

Add permissions

Step 2.1 In API Permissions, click Add a permission. At the top of the Request API permissions pane, click the ‘APIs my organization uses’ tab and search Office 365 Exchange Online.

Step 2.2 Click on the Office 365 Exchange Online entry in the list of apps found.

Step 2.3 Proceed with adding the permissions for this app: select Application permissions and then select full_access_as_app. And Exchange.ManageAsApp. Click Add permissions.

Do the following:

Step 2-A Go to the new app settings < API permissions and click Grant admin consent for <tenant name>.

Step 2-B When prompted to confirm granting, click Yes.

Step 3 Configure Client secrets

Having configured the app, you can create a Client secret.

Step 3.1 In the app settings, click Certificates & secrets and click New Client Secret.

Step 3.2 Enter the Description and select the expire period and click on add button.

3.3

Copy the Client Secret value to a safe location.

Step 4 Obtain Tenant ID

Step 4.1 Select Azure Active Directory > Overview section for the required Exchange Online organization. Locate the Tenant ID and copy it to a safe location.

Step 5 Assign Role and Administrator

Do the following:

Step 5.1 Go to Active Directory Dashboard and Select Role and Administrators. Search for ‘Global administrator’ and double-click on it.

Step 5.2 Under assignments category, click ‘add assignments.’

Step 5.3 As no members has been assigned here, so click ‘No Members selected.’

Step 5.4 Type the name of the app that you have added in the Azure Active Directory. Choose it, then click Select.

Step 5.5 A new member has been added. Click Next.

Step 5.6 In Assignment Type, choose Active. Set the Assignment duration and provide a justification for assignment. Finally, click Assign.