Prepare a secret in Microsoft 365 (English interface)

A secret file is a file with an access key. Yandex 360 for Business uses it to connect to Microsoft 365. To prepare it, you need to register an application in Microsoft Azure, then create a new secret and save it to a file.

  1. Step 1. Register an application in Microsoft Azure and create secrets
  2. Step 2. Create a secret file

Step 1. Register an application in Microsoft Azure and create secrets

  1. Open the application registration page in the MS Azure portal (you need to log in as an admin): https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade.
  2. Click New registration.

  3. Enter the following information:

    • In the Name field, enter the name of the application, such as migration.
    • Under Supported account types, select Accounts in this organizational directory only (<name of your company>).
  4. Click Register.
  5. Go to the Overview tab. Copy the value of Application (client) ID and save it in a text file. You will need this ID in the next steps.
    Example ID:
    abcd1234-a1b2-1111-123a-absdfe
  6. Go to the Certificates & secrets tab and create a new secret for the migration application:
    1. Select Client secrets and click New client secret.
    2. Fill in the description field in the panel that appears (for example: migration-secret).
    3. Click Add.
    4. Copy the value of Value and save it in a text file. You will need this secret in the next steps.
      Example of secret value:
      ABCD2XYZ032-xyzXYZ032
  7. Go to the API permissions tab and add permissions:
    1. Click Add a permission.
    2. Make sure that the Microsoft APIs tab is selected in the panel that appears. Click Microsoft Graph.
    3. Select Application permissions.
    4. Find the following permissions using the search, select them, and click Add permissions for each section:
      Mail: Mail.Read and Mail.ReadBasic.All (for email migration)
      Files: Files.Read.All (for searching and downloading files)
      User.Read.All (for reading the list of users)
      Attention. Select all the sections listed above. We recommend creating a single secret for emails and files. If you only add permissions for emails (Mail.Read and Mail.ReadBasic.All), you won't be able to start file migration with this secret.
    5. Click Add permissions.

      Permissions will be added but not confirmed:

      Click Grant/revoke admin consent for <name of your company> to confirm application permissions. In the window that opens, click Yes. The icon should appear in the Status column next to each permission.

Step 2. Create a secret file

  1. Create a secret.json file in any text editor (for example, Notepad) and paste the template there:
    {
  "client_id": "<client id>",
  "secret": "<secret>"
}
  2. Replace <client id> with the value of Application (client) ID that you copied and saved at Stage 5 of Step 1. Replace <secret> with the value of Valuethat you copied and saved at Stage 6.4 of Step 1.
    This is what the result should look like:
    {
  "client_id": "abcd1234-a1b2-1111-123a-absdfe",
  "secret": "ABCD2~XYZ032-xyzXYZ032"
}
  3. Save the file with the secret. Now you can start migrating emails and files.