Registering an Azure Application for use with the Office 365, Teams and OneDrive Connectors

Background

This will walk you through registering an Azure application that can be used by the Microsoft Office 365, Teams and OneDrive connectors in eDiscovery 7.1.1 SP4 and newer.

Prerequisites

• A working installation of eDiscovery 7.1.1 SP4 or newer, or a working installation of AccessData Enterprise 7.4.2 or newer
• O365 Global Admin Credentials
                 OR
• O365 Global Admin from your organization to assist you

Procedure

Configuring Discovery to collect from Microsoft Applications is a two-step process.

First you must register the connector (Office 365 Teams, OneDrive etc.) as an application in the Microsoft Azure Portal. (Each connector must be registered uniquely inside the Azure Portal.)

Secondly, you must configure the appropriate eDiscovery application connector, inside of eDiscovery.

1. 1. 1. Navigate to https://portal.azure.com
      2. Login to the Azure Portal with Global Admin credentials:
         
      3. Enter the Global Admin Password:
         
      4. You will be on the Azure Portal Welcome page:
         
      5. Click on App Registrations:
         
      6. If you do not see App Registrations, please Type "App Registration" in the "Search Resources..." Bar at the Top, and Select App Registrations:
         
      7. In the App Registrations Page, click New Registration
         
      8. Do the following at the App Registration page:
         1. Choose an Application Name (This can be changed later, if desired).
         2. Select the Accounts in any organizational directory (Any Azure AD directory - Multitenant) Radio Button
         3. Enter a Redirect URL in the format https://<eDiscoveryWebServerURL>/accessdata, as shown in the below examples, making sure to use your eDiscovery web server's correct base URL.  Copy the Redirect URL for future use.
            
            • https://contoso.com/accessdata
            • https://ediscovery.contoso.com/accessdata
         4. For e-Discovery 7.4.1, AD Enterprise 7.4.2 and later, when using the Graph API you need to use the following format when specifying the redirect URL. Copy this URL for future use when configuring the connectors on the product.
            • Exchange/Office365
              • Format https://<eDiscovery or Enterprise WebServerURL>/api/GraphApiAccessDataAdmin
              • eg. https://localhost/api/GraphApiAccessDataAdmin
            • MS Teams
              • Format https://https://<eDiscovery or Enterprise WebServerURL>/api/MicrosoftTeamsAccessData
              • eg. https://localhost/api/MicrosoftTeamsAccessData
            • One Drive
              • Format https://https://<eDiscovery or Enterprise WebServerURL>/api/OneDriveAccessData
              • eg. https://localhost/api/OneDriveAccessData
         5. Click Register
            
      9. You will be redirected to the Application Page.  Copy the Application (client) ID for future use.
         
         
      10. From the left hand side, select Certificates & Secrets
          
          
      11. From the lower half of the page, click the New Client Secret button:
          
          
      12. Enter the following:
          
          1. A description of the Application that will be associated with this application secret, for example:
             • eDiscovery Office365 Connector
             • eDiscovery Teams Connector
             • eDiscovery OneDrive Connector
          2. Provide an Expiration Date for this Secret. You may choose between the following three options:
             • 1 Year
             • 2 Years
             • Never
          3. Please note, AccessData does not provide a recommendation on the life of the secret. This is a security consideration that is dependent on each organizations security posture and internal requirements. 
             
      13. Click the Add button.
      14. Copy the generated secret for future use.
          
      15. From the left hand side, select Manifest
          
      16. Highlight and copy the entire JSON definition in the Manifest Editor, paste it in the box below, and click Submit.  This will insert the necessary permissions into the manifest JSON in order to work with the connectors in eDiscovery.

          
          Submit

      17. Highlight and copy the entire JSON definition from the box below, paste it into the Manifest Editor (replacing all existing contents) and click Save in the upper left.

      18. From the left hand side, select API permissions
          
          
      19. Click the Grant consent button, and wait for all rows under the Status column to report that consent has been granted.
          
          

You have successfully registered your Application in the Microsoft Azure Portal.

Please follow the appropriate link below for the eDiscovery Data Source(s) you wish to configure.

Configure Microsoft Teams Data Source
Collecting From OneDrive Using A Single Connector (EDiscovery 6.3+, Azure Portal)