Skip to main content

Microsoft 365 access

To perform backup and restore operations, Corso requires access to your M365 tenant by creating an Azure AD application with appropriate permissions.

The following steps outline a simplified procedure for creating an Azure Ad application suitable for use with Corso. For more details, please refer to the official documentation for adding an Azure AD Application and Service Principal using the Azure Portal.

Create an Azure AD application

Sign in into the Azure Portal with a user that has sufficient permissions to create an AD application.

Register a new application

From the list of Azure services, select Azure Active Directory → App Registrations → New Registration

Registering a new application

Configure basic settings

Next, configure the following:

  • Give the application a name
  • Select Accounts in this organizational directory only
  • Skip the Redirect URI option
  • Click Register at the bottom of the screen

Configuring the application

Configure required permissions

Within the new application (CorsoApp in the below diagram), select API Permissions → Add a permission from the management panel.

Adding application permissions

Select the following permissions from Microsoft API → Microsoft Graph → Application Permissions and then click Add permissions.

API / Permissions NameTypeDescription
Calendars.ReadWriteApplicationRead and write calendars in all mailboxes
ChannelMessage.Read.AllApplicationRead all messages in Teams' channels
ChannelSettings.Read.AllApplicationRead all Teams' channel settings
Chat.Read.AllApplicationRead all Teams' chats and chat messages
Contacts.ReadWriteApplicationRead and write contacts in all mailboxes
Directory.Read.AllApplicationRead all organization directory data
Files.ReadWrite.AllApplicationRead and write files in all site collections
MailboxSettings.ReadApplicationRead all user mailbox settings
Mail.ReadWriteApplicationRead and write mail in all mailboxes
Member.Read.HiddenApplicationRead hidden group memberships
Sites.FullControl.AllApplicationHave full control of all site collections
TeamMember.Read.AllApplicationRead all Teams' user memberships
TeamSettings.Read.AllApplicationRead all Teams' settings
User.Read.AllApplicationRead all users' full profiles

Finally, grant admin consent to this application. This step is required even if the user that created the application is an Microsoft 365 admin.

Granting administrator consent

Export application credentials

After configuring the Corso Azure AD application, store the information needed by Corso to connect to the application as environment variables.

Tenant ID and client ID

To view the tenant and client ID, select Overview from the app management panel.

Obtaining Tenant and Client IDs

Copy the client and tenant IDs and export them into the following environment variables.

$Env:AZURE_CLIENT_ID = '<Application (client) ID for configured app>'
$Env:AZURE_TENANT_ID = '<Directory (tenant) ID for configured app>'

Azure client secret

Finally, you need to obtain a client secret associated with the app using Certificates & Secrets from the app management panel.

Click New Client Secret under Client secrets and follow the instructions to create a secret.

Obtaining the Azure client secrete

After creating the secret, immediately copy the secret Value because it won't be available later. Export it as an environment variable.

$Env:AZURE_CLIENT_SECRET = '<Client secret value>'