• Visit entra.microsoft.com

  • Login with the account whose inbox needs to be monitored and displayed in the application.

  • In the sidebar, expand Identity, expand Applications and click on “App Registrations”

  • Click on “ + New Registration”

  • Enter a Name for the Application (Example: Rate Request App)

  • Select “Accounts in this organizational directory only (Org name only - Single tenant)”

  • Under “Redirect URI (optional)”, select “Web” and enter “https://${APP_URL}/api/auth/callback/azure-ad”

  • For Example, if the app URL is rate-request-app.com then enter “https://rate-request-app.com/api/auth/callback/azure-ad”

  • Click on Register

  • On the Next Page, Copy “Application (client) ID” 1, “Directory (tenant) ID” 2 and store them in a secure place


  • On the same page, click on “Add a certificate or secret”.

  • Click on “+ New Client Secret”

  • Enter a Description and select “Recommended: 180 days (6 months)” and click “Add”.

  • Copy the “Value” 3 and “Secret ID” 4 and store them in a secure place.

  • The above 3 steps need to be repeated every 6 months.

  • Click on “API Permissions” from the second sidebar


  • Click on “Add a Permission”


  • Click on “Microsoft Graph”

  • Click on “Application Permissions”

  • Search for “Mail”. Expand Mail and select “Mail.ReadWrite” and “Mail.Send”

  • Search for “File”. Expand Files and select “Files.ReadWrite.All”

  • Click “Add Permissions”

  • Finally Configured Permissions should look like this

  • Copy the current URL from the browser address bar and send it to your Azure Admin

  • They should be able to see the “Grant admin consent for Org name” button available for them

  • Admin should click the button and click yes in the alert popup. Upon doing so, Status will change to Granted as shown below


Azure Storage Account Creation

  • Go to portal.azure.com

  • Click “Create a Resource”

  • Search for “Storage Account”. Click on the first result

  • Click on “Create” -> “Storage account”

  • Select the appropriate Subscription and Resource group

  • Enter a name and for other fields select options as shown below


  • Click “Next: Advanced”

  • Select “Allow enabling anonymous access on individual containers”.

  • Leave every other option with the default values.

  • Click “Review”

  • Click “Create”

  • Wait for some time for the Storage Account to be created.

  • Go to portal.azure.com

  • The Storage Account that was created in the above steps will appear

  • Click on it and Click on the “Containers” link from the sidebar

  • Click on “+ Container”

  • Enter the details as shown below and click on “Create”

  • Click on “+ Container” again

  • Enter the details as shown below and click on “Create”

  • Now there should be two containers (with the same name) as shown below

  • Click on “Access Keys” from the sidebar

  • Under “key1” click on Show next to “Connection string” 5. Copy the value and store it in a secure place.

Values needed