Getting Started with Microsoft O365 (Admin Setup)

Registering BOLD Email Integration as an app in Microsoft 365 enables BOLD to authenticate to your Microsoft 365 tenant on behalf of BOLD users using their user account. By default, a newly registered app won't have any permissions, so you'll also need to assign appropriate roles to the application to enable BOLD Email Integration to sync Microsoft 365 mailboxes and send emails.

Key Takeaways

• Register Application: Begin by registering the app in Microsoft 365, generating a client secret, and obtaining the Application ID. Ensure you choose the right permissions, including delegated and application permissions.

• Configure Web Application Authentication: Set up the web application authentication by specifying redirect URLs, allowing BOLD Email Integration to interact securely.

• Create User Groups: Create a user group and assign users who are authorized for BOLD Email Integration. The guide explains the necessary steps to link the group with the application. Be mindful of limitations related to the Entra plan used.

CHAPTERS

Admin Setup
    Register the app
    Create Client secret
    Copy the Application ID
    Add API permissions
    Setup to configure Web Application Authentication
Create User Groups
Add a new Group to the Application
References
    Outlook Service Limits

Admin Setup

Register the app

1. Log into the Office 365 portal
   1. Link to the Office 365 portal
      
      
2. Click on Overview
   
   
   
   
3. Click on the Add button
   
   
   
   
4. Click on App registration
   
   
   
   
5. Enter a name for the application, in the Name field
   1. Suggested to use: Bold_Email_Integration. We recommend not to include any spaces and use underscores instead.
      
6. Select the Accounts in any organizational directory (Any Microsoft Entra ID Tenant - Multitenant) option 
   
   
7. Click on the Register button
   
   

Create Client secret

1. On the main App Registration page, locate and copy the Application (client) ID, as it will be used in a later step.
   
2. On the left, click the Certificates & Secrets button.
   
   
3. Click on the New client secret button
   
   Note: After creation be sure to save the client secret as it will only be available for a short time.
   This and the application (ClientId) will need to be configured in Utilities in a later step
   
   
   
   
4. Enter a name in the Description field
   
   
   
5. Select the expiration from the Expires drop down field.
   1. We recommend selecting 24 months, the maximum amount of time that can be selected. Please also note the date this will expire, so you can update this secret before then, to ensure no interruption of service. For more information on how to update an expired Secret Value, please see our Knowledge Base article on that topic.
      
      
      
      
6. Click on the Add button
   
   
   
   
7. The Secret Value field will only be displayed on this screen.  Once you navigate to another area, the Secret Value will never be displayed again. Ensure that you copy it here, and store it alongside the Application ID we previously copied, as they will both be required for a later step.
   
   

Add API permissions

1. Click on the API permissions section
   
   
   
   
2. Click on the Add a permission button
   
   
   
   
3. Click on the Microsoft Graph tile
   
   
   
   
4. Click on the Delegated permissions tile
   
   
   
   
5. Use the search bar to locate all required permissions.
   
   
   
   
6. Add the following permissions, by clicking the checkboxes:  
   1. IMAP.AccessAsUserAll
   2. Mail.Read
   3. Mail.Send
   4. User.Read
      
      
7. Once all above permissions are selected, click on the Add permissions button
   
   
   
   
8. Click on the Add a permission button once more
   
   
   
   
9. Click on the APIs my organization uses tab
   
   
   
   
10. In the Apps in your directory that expose APIs search field, type: OFFICE
    
    
    
    
11. Click on the Office 365 Exchange Online option
    1. Not all Microsoft subscriptions will have the Office 365 Exchange Online option. If not visible, add to the subscription first before proceeding. Please see the Microsoft Website on this topic for further information. 
       
       
       
       
12. Click on the Application permissions tile
    
    
    
    
13. Use the search bar to locate all required permissions.
    
    
    
    
14. Add the following permissions, by clicking the checkboxes:  
    1. IMAP.AccessAsApp
       
       
15. Click on the Add permissions button
    
    
    
    
16. Ensure that all the APIs/Permissions are listed:
    

    1. Details for API/Permissions

       Located in Section	API / Permission Name	Type	Description	Admin Consent required
       OpenId permissions	openid	Delegated	Sign in and read user profile	No
       IMAP	IMAP.AccessAsUserAll	Delegated	Read and write access to mailboxes via IMAP	No
       Mail	Mail.Read	Delegated	Read user mail	No
       Mail	Mail.Send	Delegated	Sign users in	No
       User	User.Read	Delegated	Send mail as a user	No
       IMAP	Imap.AccessAsApp	Application	IMAP.AccessAsApp	Yes

       
       
       
17. Click on the Grant Admin Consent button
    
    1. This option may be grayed out (unavailable), without the proper permissions.
       Microsoft on Entra AD roles
       
       

Setup to configure Web Application Authentication

1. Click on the Authentication section
   
   
   
   
2. Click on the Add a platform button
   
   
   
   
3. Click on the Web tile
   
   
   
   
4. Enter the following link into the Redirect URIs field, replacing staffdemo with your company's subdomain: https://staffdemo.myavionte.com/sonar/api/oauth2/CallbackAuthTokenSync
   
   1. Finding your Build/Install Name
      
      
      
      
5. Click on the Configure button
   
   
   
   
6. Click on the Add URI link
   
   
   
   
7. Enter the following link into the Redirect URIs field, replacing staffdemo with your company's subdomain: https://staffdemo.myavionte.com/sonar/api/oauth2/CallbackAuthTokenSend
   
   1. Finding your Build/Install Name
      
      
      
      
8. Click on the Save button
   
   

Create User Groups

Create a user group that has access to this new application and assign users that are allowed BOLD Email Integration. Please note that if you are on the free version of Entra, you may not have the ability to create groups. If this is the case, please move on to the next section where you can instead add users to the integration individually.

1. Click on the Groups section
   
   
   
   
2. Click the All Groups button
   
   
   
   
3. Click on the New group button
   
   
   
   
   1. Enter information for the following fields:
      1. Group Type: Select the Security option
      2. Group name: BOLD_Email_Integration
         1. Note: We recommend not to include any spaces and use underscores instead.
      3. Group description: Enter a brief description of the Group
      4. Entra roles can be assigned to the group: Toggle the switch to No
      5. Membership type: Select the Assigned option
      6. Owners: No changes are needed
         
         
         
         
      7. Once all of the required information if selected, click Create.
         
         
         
         
      8.  Within the group you have created, click the Members button
         
         
         
         
      9.  Click the Add Members button
         
         
         
         
      10. Select all the members/users using the checkbox to the left of each of their names
          
          
          
          
      11. Once all members have been selected, click the Select button to add them to the group
          
          

Add a new Group to the Application

Select Enterprise Apps and BOLD Email Integration to add this group to the new Application

1. Under the Enterprise Applications section on the left, click All Applications
   
   
   
   
2. Using the search bar, locate and select the application we created in the first section of this process.
   
   
   
   
3. Click on the Assign users and groups link
   
   
   
   
4. Click on Add user/group
   
   
   
   
5. Click on the None Selected link
   
   
   
   
6. Click on the User Group that was created in a previous step.
   1. If the Entra Plan is a Free Tier, then the ability to select User Groups is not allowed. Instead, please select all the Users instead of a group at this stage.
      
      
      
      
      
7. Click on the Select button
   
   
   
   
8. Click on the Assign button
   
   

• Next step of adding the Application ID and Secret Value.

References

Outlook Service Limits

From the Microsoft article, Microsoft Graph service-specific throttling limits:

"Outlook service limits are evaluated for each app ID and mailbox combination. In other words, the limits described apply to a specific app accessing a specific mailbox (user or group). If an application exceeds the limit in one mailbox, it does not affect the ability to access another mailbox. The following limits apply to the public cloud as well as national cloud deployments."

3rd party link Disclaimer: These links are being provided as a convenience and for informational purposes only; they do not constitute an endorsement or an approval by [The author] of any of the products, services or opinions of the corporation or organization or individual. [The author] bears no responsibility for the accuracy, legality or content of the external site or for that of subsequent links. Contact the external site for answers to questions regarding its content.

Click on the links below for more information:

• Microsoft Outlook365 (Modern Auth) Summary
• Manually deactivate Custom SMTP & Email Auto-sync
• Activate the Outlook365 Tile (Marketplace)
• Initial setup for User using Office 365 (Modern Auth)
• Install Microsoft Authenticator App
• Custom SMTP setup
• Auto Sync Email setup