Working with backup sets : Cloud (Microsoft Office 365 Groups) backup sets (Windows) : Before you begin : Configuring Microsoft Azure Active Directory permissions and credentials
 
Configuring Microsoft Azure Active Directory permissions and credentials
This section describes how to configure the Microsoft Azure Active Directory credentials and permissions that are required to create Microsoft Office 365 backup sets. For detailed instructions, see the Microsoft Azure documentation.
NOTE:  Each set of OAuth 2.0 client credentials includes a value for the Directory, Client ID, Redirect URI, and Client secret that is used by the DS-Client to access the Azure Active Directory.
To configure the Microsoft Azure Active Directory permissions and credentials:
1. Sign in to the Microsoft Azure Active Directory admin center.
2. Configure the Azure Active Directory properties as follows:
a) Click the Azure Active Directory service.
b) Under Manage, click Properties.
c) Under Global admin can manage Azure Subscriptions and Management Groups, click No.
NOTE:  Record the Directory ID or domain name. This is the Directory you must enter when creating a Microsoft Office 365 backup set.
3. Configure the directory role for the active user who will create the OAuth 2.0 client credentials for the DS-Client to access Azure AD as follows:
a) Click the Azure Active Directory service.
b) Under Manage, click Users, and then select the active user you want to configure.
c) Under Manage, click Directory role, and then set the directory role for the active user as Global Administrator.
4. Register a new Microsoft Azure Active Directory web application and prepare a set of OAuth 2.0 client credentials for each new Microsoft Office 365 Groups backup set as follows:
a) Click the Azure Active Directory service.
b) Under Manage, click App registrations.
c) Click New application registration.
d) In the Name box, type a name for the application.
e) In the Application type box, select Web app / API.
f) In the Sign-on URL box, type http://localhost:4413/. This is the Redirect URI you must enter when creating a Microsoft Office 365 backup set.
g) Click Create.
NOTE:  Record the Application ID. This is the Client ID you must enter when creating a Microsoft Office 365 backup set.
5. Configure the settings for the Microsoft Azure Active Directory web application as follows:
a) Click Settings.
b) Under API Access, click Keys, and then create and save a secret key for access to the API.
NOTE:  Record the key value. This is the Client Secret you must enter when creating a Microsoft Office 365 backup set.
c) Under API Access, click Required permission, and then click Add.
d) Click Select an API, select Microsoft Graph, and then click Select.
e) Click Select permissions, and then select the following delegated permissions:
Have full access to user calendars
Read and write all groups
Read and write all users' full profiles
Read and write all OneNote notebooks that user can access
f) Click Grant permissions.