Skip Navigation

Enable
Microsoft Graph
API to allow
BEMS
Cloud to communicate with
Microsoft Office 365

Complete this task only if your
BEMS
Cloud environment requires new client app registrations.
You must can use
BEMS
Cloud to access
Microsoft Office 365
to access users’ mailboxes and send notifications to users’ devices when new email is received in the user's mailbox using
Microsoft Graph
API. When you configure the
Microsoft Graph
API, your environment is using modern authentication. After you configure the
Microsoft Graph
API, you must configure the autodiscover.
In 2022,
Microsoft
started to deprecate the
Microsoft Exchange Web Services
(EWS) for
Microsoft Exchange Online
APIs and replacing the EWS with the
Microsoft Graph
API. For more information, visit techcommunity.microsoft.com and read 'Upcoming API Deprecations in Exchange Web Services for Exchange Online'.
  1. In the management console, click
    Settings > BlackBerry Dynamics > Email notifications
    .
  2. Click the
    Microsoft Graph
    tab.
  3. Click The Edit icon.
  4. Select the
    Use Microsoft Graph client
    check box.
  5. In the
    Authentication type
    section, select an authentication type based on your environment and complete the associated tasks to allow
    BEMS
    to communicate with
    Microsoft Office 365
    :
    Authentication type
    Description
    Task
    Client Secret
    This option uses a client secret to allow the
    BEMS
    service account to authenticate to
    Microsoft Office 365
    . The client secret is created during the application registration process.
    In the
    Client Secret
    field, enter the
    Value
    for the client secret. For instructions on obtaining a client secret, see Obtain an Entra app ID for BEMS with client secret authentication.
    Client Certificate
    This option uses a client certificate to allow the
    BEMS
    service account to authenticate to
    Microsoft Office 365
    .
    1. For the
      Certificate file (.pfx)
      , click
      Browse
      and select the client certificate file. For instructions on obtaining the .PFX file, see Associate a certificate with the Entra app ID for BEMS
    2. In the
      Password
      field, enter the password for the client certificate.
  6. In the
    Authentication Authority
    field, enter the Authentication Server URL that
    BEMS
    accesses and retrieve the OAuth token for authentication with
    Microsoft Office 365
    . By default, the field is prepopulated with https://login.microsoftonline.com/common.
    The authentication server URL must be in the format of https://login.microsoftonline.com/
    tenantname
    or https://login.microsoftonline.com/
    tenantid
    .
  7. In the
    Client App ID
    field, enter the
    Entra
    app ID for the credential authentication. For instructions, see Obtain an Entra app ID for BEMS with credential or passive authentication.
  8. In the
    Server Name
    field, type
    https://graph.microsoft.com
    .
  9. In the
    End User Email Address
    field, type an email address to test connectivity to
    Microsoft Office 365
    using the service account. Click
    Test connection
    . You can delete the email address after you complete the test.
  10. Click
    Save
  11. Configure the Autodiscover and Exchange Options in Configure email notifications for BlackBerry Work. You can configure the settings using one of the following authentication types: Credential, Credentials + Modern Authentication, Client Certificate + Modern Authentication, or Passive Authentication type.