11.1 Preparing the Microsoft 365 Cloud Tenant

  1. In web browser, go to https://admin.microsoft.com.

    This will automatically redirect you to the Microsoft 365 Admin Center for your tenant.

    If you are not already authenticated, you will have to do so before being redirected.

  2. From the Navigation menu, select Show all.

  3. Under Admin centers, select Azure Active Directory.

    This launches the Azure Active Directory admin center.

  4. From the Dashboard menu, click Azure Active Directory.

  5. From the Manage menu, select App registrations.

  6. Click the New registration tab.

  7. In the Name field, enter a descriptive name for the application registration.

    For example: FR Reporting

  8. In the Supported account types region, select the Single tenant option (the first option).

  9. Leave the default settings of the Redirect URI (optional) region and click Register.

    The application is registered and the settings are displayed.

  10. From the Manage menu, select API permissions.

  11. Set the application permissions.

    1. Refer to the following table as you establish application permissions:

      API / Permissions Name

      Description

      Microsoft Graph

       

      Directory.Read.All

      Read directory data

      Files.Read.All

      Read files in all site collections

      Group.Read.All

      Read all groups

      GroupMember.Read.All

      Read all group memberships

      Member.Read.Hidden

      Read all hidden memberships

      Organization.Read.All

      Read organization information

      Sites.Read.All

      Read items in all site collections (previews)

      Team.ReadBasic.All

      Get a list of all teams

      TeamMember.Read.All

      Read the members of all teams

      TeamSettings.Read.All

      Read all teams’ settings

      User.Read.All

      Read all users’ full profiles

    2. Click the Add a permission tab.

    3. Click the Microsoft Graph API.

    4. Click Application permissions.

    5. Referring to the table in Substep 8a, begin typing directory so that the Directory permission shows up below.

    6. Expand the Directory permission to display the options.

    7. From the table in Substep 8a, verify that the permissions to select are Directory.Read.All Read directory data, then select that specific check box.

    8. Click Add permissions.

      The Directory.Read.All permission is added to the Configured permissions table.

    9. Repeat Substeps 8b-8h to add all of the permissions specified in the table in Substep 8a.

    10. When finished, remove the User.Read permission by selecting it and then in the Remove permission dialog box, click Yes, remove.

  12. Grant admin consent for the tenant.

    1. Above the list of permissions that you just established, click Grant admin consent for tenant_name.

    2. When asked if you want to grant consent for the requested permissions for all accounts in tenant_name, click Yes.

      The status for each of the permissions is changed to Granted for tenant_name.