Registering the Azure App for SharePoint Online

Updated

Disclaimer: This procedure is performed using the Microsoft Azure Active Directory web application. The Azure AD application is subject to change without notice. Consult Microsoft documentation, such as Azure Active Directory Documentation.

Before You Begin

On the tenant, run the following SharePoint Online PowerShell command to set DisableCustomAppAuthentication to false:

set-spotenant -DisableCustomAppAuthentication $false

Procedure

  1. Log on to the Azure portal (https://portal.azure.com/) using your global admin user account.

  2. Go to Azure Active Directory.

  3. In the navigation pane, click App registrations.

    The App registrations page appears.

  4. Click New registration.

    The Register an application screen appears.

  5. In the Name box, type a name for the app.

  6. Under Supported account types, select Accounts in this organizational directory only (tenant_prefix - Single tenant).

  7. To verify the status of the app and to authorize the app from the Command Center, under Redirect URI, enter the Command Center URL.

    For example, enter https://host_name.domainname.com/adminconsole.

  8. Click Register.

  9. Copy and paste the following values in a document that you can access later:

    • Application ID

    • Directory ID

      You will enter these values in the Commvault software when you complete the Office 365 guided setup.

  10. In the navigation pane, click API permissions.

  11. Click Add a permission.

  12. Click Microsoft Graph and complete the following steps:

    1. Click Application permissions.

    2. Select the User.Read permission.

  13. Click Add permissions.

  14. Click Grant admin consent for tenant_name.

  15. Click Yes.

  16. In the navigation pane, click Certificates & secrets.

    The Certificates & secrets page appears.

  17. Click New client secret.

    The Add a client secret dialog box appears.

  18. Enter a description, and then select Never expire.

  19. Click Add.

  20. Copy and paste the client secret value in a document that you can access later.

    You will enter this value in the Command Center when you complete the Office 365 guided setup.

  21. To assign full permissions to the tenant to back up SharePoint sites, in your browser, go to the tenant URL.

    For example, go to https://<office_365_tenant_URL>/_layouts/15/appinv.aspx.

    The SharePoint admin center page appears.

  22. In the App ID box, enter the application ID that you recorded earlier, and then click Lookup.

    In the Title box, the name of the application appears.

  23. In the App Domain box, type tenantname.onmicrosoft.com.

    To get the correct domain name, go to the Microsoft Azure website, Custom domain names.

  24. In the App's Permission Request XML box, type the following XML string:

    <AppPermissionRequests AllowAppOnlyPolicy="true">

    <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />

    <AppPermissionRequest Scope="http://sharepoint/social/tenant" Right="Read" />

    </AppPermissionRequests>
  25. Click Create.

  26. Click Trust It.