Skip Navigation

Obtain an
Entra
app ID for
BEMS
with credential or passive authentication

  1. Sign in to portal.azure.com.
  2. In the left column, click
    Microsoft Entra ID
    .
  3. Click
    App registrations
    .
  4. Click
    New registration
    .
  5. In the
    Name
    field, enter a name for the app.
  6. Select a supported account type.
  7. In the
    Redirect URI
    section, in the drop-down list, complete one of the following tasks. The Redirect URI is the URL that the user is redirected to after they successfully authenticate to the identity provider (IDP).
    Important
    : Make sure that the Redirect URL matches the URL to the dashboard or authentication might not work as expected.
    • For credential authentication, select
      Web
      and enter
      https://localhost:8443
      .
    • For passive authentication, select
      Public client/native (mobile & desktop)
      and enter the URL that you use to access the
      BEMS
      Dashboard.
      • If you access the
        BEMS
        Dashboard from the computer that hosts the BEMS instance, enter
        https://localhost:8443
        .
      • If you access the
        BEMS
        Dashboard remotely, enter
        https://
        <FQDN of the computer that hosts the BEMS instance>
        :8443
        .
  8. Click
    Register
    . The new registered app appears.
  9. In the
    Manage
    section, click
    API permissions
    .
  10. In the
    Configured permissions
    section, click
    Microsoft Graph
    .
  11. Set the following permissions:
    • For
      Microsoft Exchange Web Services
      : Access mailboxes as the signed-in user via Exchange Web Services (
      EWS > EWS.AccessAsUser.All
      )
      In 2022,
      Microsoft
      started to deprecate the
      Microsoft Exchange Web Services
      (EWS) for
      Microsoft Exchange Online
      APIs replacing the EWS with
      Microsoft Graph
      and this permission may not be available. For more information, visit techcommunity.microsoft.com and read 'Upcoming API Deprecations in Exchange Web Services for Exchange Online'.
    • For
      Microsoft Graph
      : For Sign in and read user profile (
      User > User.Read
      ).
  12. Click
    Update permissions
    .
  13. Click
    Grant admin consent
    . Click
    Yes
    .
    This step requires tenant administrator privileges.
  14. To allow autodiscovery to function as expected, set the authentication permissions.
    1. In the
      Manage
      section, click
      Authentication
      .
    2. Under the
      Allow public client flows
      section, select
      Yes
      to
      Enable the following mobile and desktop flows
      .
    3. Click
      Save
      .
  15. Click
    Overview
    . Copy the
    Application (client) ID
    . The Application (client) ID is displayed in the main
    Overview
    page for the specified app. This is used as the
    Client application ID
    when you enable modern authentication and configure
    BEMS
    to communicate with
    Microsoft Office 365
    .