Note: OAuth is currently supported over the EWS endpoints. Support for PowerShell is anticipated in the future.
Configuring OAuth with a certificate
Step 1: Create a new Registered Application in Azure (details steps with screenshots can be found here)
To get an application ID:
- Go to https://portal.azure.com and log in to your Office 365 tenant with an administrator account.
- From the left menu, select Azure Active Directory > App registrations.
- Click New registration.
- Enter a name.
- From the Supported account types, select Supported Account Type – Single tenant.
- Select Web for the application type under the Redirect URI section.
- Enter the URL value: http://localhost
- Click Register.
- Copy the Application (client) ID and save it somewhere you will remember and securely. You will need it later.
Step 2: Add a certificate to the server running the Office 365 module.
For this step you will need a SHA-256 certificate that will be used to establish a secure connection from this workstation to Office 365. This can be done with a certificate from a trusted certificate authority or a self-signed certificate. Below we assume you do not have a trusted certificate to use and need to create a certificate to use. There are many ways to create a certificate on a Windows server and below we are using PowerShell modules.
To create a self-signed certificate in Windows Server 2016:
- Access the server where the Office 365 module is installed.
- Launch PowerShell and type the following commands:
NOTE: The fully qualified domain name (FQDN) of your Flight Deck server should be used to replace the domain below (in bold).
# Create certificate
$cert = New-SelfSignedCertificate -DnsName “flightdeck.company.com” -CertStoreLocation “cert:\LocalMachine\My” -Provider ‘Microsoft RSA SChannel Cryptographic Provider’
$password = ConvertTo-SecureString -String “Password123456” -Force -AsPlainText
# Used for authentication -> load it from disk
Export-PfxCertificate -Cert $cert –FilePath ($localPath.Path+”\PSTFlightDeck.pfx”) -Password $password
# Export certificate to a .cer file:
Export-Certificate -Type CERT -Cert $cert –FilePath ($localPath.Path+”\PSTFlightDeck.cer”)
* Where “UseSecurePasswordHere” is the desired password of the certificate.
To add an untrusted certificate to your bridgehead server’s local certificate store:
- Access the server where the PSTFlightDeck Office 365 Ingest module is installed.
- Open the certificates manager by start/run certlm.msc
- Expand Trusted Root Certificate Authorities > Certificates.
- Right-click Certificates and select All Tasks > Import… to launch the Certificate Import Wizard.
- Locate the (.cer) certificate file and follow the wizard prompts.
- Supply password, if required.
- Right-click Certificates and select All Tasks > Import… to launch the Certificate Import Wizard.
- Locate the (.pfx) certificate file and follow the wizard prompts.
- Supply the password, if required.
Step 3: Get a Thumbprint.
To get a thumbprint:
- Return to the Azure portal and access Azure Active Directory > App registrations > owned applications, and find the application you created in Step 1 above.
- Select your application, and then select API Permissions.
- Click Add a Permission.
- In the Request API permissions section > Select APIs my organization uses, search for Office 365 Exchange Online and select this API.
- In the Select permissions > Enable Access section, select the full_access_as_app
- Click Add permissions.
- Click Grant Admin consent.
- Go to Certificates & Secrets and click the Upload Certificate button.
- Upload your certificate file from Step 2.
- Copy the certificate Thumbprint and save it somewhere. You will need it later.
Step 4: Add your Application ID and Thumbprint on the server running the PST Flight Deck Office 365 ingest module
To do this:
- Open Credential Editor (By default it can be found under “C:\Program Files\Quadrotech\PST Flight Deck\Modules\Office365 Module”.)
- Select the Office365 tab and click Add.
- Enter the Application ID, Thumbprint, and Tenant (eg. tenant.onmicrosoft.com)
- Save and close the Credential Editor.