Watchdoc - Notifications - Configure Notifications app. in Microsoft Entra

Principle

You must register the Watchdoc Notification application among the applications authorised to access MS Outlook365, then configure this application.

This configuration is carried out in the Microsoft Entra management interface.

Procedure

Register EWatchdoc Notifications app. in MS Entra

1. Log in as an administrator to your MS Entra portal.

2. In the Entra ID menu, click App registration:

3. In the App registration interface, click New registration:Admin_Config_MS365_1_EN.png
   
   
   
   

4. In the Register an application (Registration) interface, complete the following fields:

   • Name: give the application a name (Watchdoc Notifications, for example). This name is only displayed in the Entra administration interface.

• Account types supported: select Accounts in this organisation directory only - Single tenant, in order to restrict use of the application.

5. Click Register:
   
   

   
   

6. In the Overview interface of the created application, the information required to configure notifications in is displayed:

   • Application (client) ID: identifier of the application as registered in MS Entra

   • Object ID: property identifier of the application.
     
     

 

Manage API permissions

1. In the Overview interface of the created application, click Authorised APIs in the menu;

2. in the interface, click Add Authorisation.

3. Select the Microsoft Graph API set > Microsoft Graph:

4. Then select Delegated permissions:

5. in the search engine, search for and select the following permissions:

   • email (view users' email addresses)

   • offline_access (retain access to the data you have given them access to),

   • User.Read (enable login and read user profile).

6. Then click Add permissions:
   
   

    

   èAdded permissions are displayed in the Configured Permissions interface.

7. Back in the Authorised APIs interface, click on APIs used by my organisation in the right-hand section.

8. Search for and select the Office 365 Exchange Online API:

9. Click on Application permissions and search for SMTP.
   
   
   
   

10. Tick SMTP.SendAsApp to authorise it,

11. then click on Add permissions:
    
    

     

    è The application is displayed with the status ‘Not granted for [my organisation]’.

 

Grant admin consent

1. Click on the Grant admin consent for [Organisation Name] button:

2. Then confirm your consent:
   
   

    

Give a Secret to the app.

You must assign a password specific to the application (Secret).

1. In the Application Overview interface, Manage menu, click Certificates & Secrets:

2. click New Client Secret:

3. in the Add Client Secret interface, complete the following fields:

• Description: enter a description for the password (which will be automatically generated by Entra);

• Expiration date: the date on which the secret expires.
  N.B.: Once this date has passed, you will need to generate a new one and update the Notifications configuration in Watchdoc.
  
  
  

Please note: once the secret has been created, it appears in the ‘Client secrets’ list and is used to configure the notification in Watchdoc.
Be sure to copy the value of this secret at this point, as it will no longer be accessible afterwards. If you did not copy the secret when it was created or if you have lost it, click on New client secret to recreate it.
Furthermore, after the secret has expired and been renewed, you must update the notification configuration in Watchdoc by entering the new secret.

Declare the Exchange Online application

The app installation must be finalised using PowerShell commands. To do this, you will need the following information:

• tenant-id : available on the Microsoft Entra homepage:
  

• object-id : available in the properties of the app created in Entra;

• application-id : available in the properties of the app created in Entra;
  

• service-principal-id : provided in the command prompt after the command Get-ServicePrincipal | fl
  
  

1. As an administrator, open a command prompt and enter the following commands to install the ExchangeOnlineManagement module and connect to Exchange:
   

   Install-Module -Name ExchangeOnlineManagement -allowprerelease

   Import-module ExchangeOnlineManagement

   Connect-ExchangeOnline -Organization <tenantId>

    

2. Then declare the application:

   New-ServicePrincipal -AppId <APPLICATION_ID> -ObjectId <OBJECT_ID> [-Organization <ORGANIZATION_ID>]

    

3. Retrieve the ID generated by Exchange:

   Get-ServicePrincipal | fl

    

4. In the displayed data, copy the value corresponding to the ID:
   
   
   
   

5. Using the id value, authorise the application to use the mailbox:

   Add-MailboxPermission -Identity "notifications@mon-organisation.com" -User <SERVICE_PRINCIPAL_ID> -AccessRights FullAccess

 

Check the notification

1. Once this operation is complete, you can check the system status in the Notifications interface:
   

2. In addition, you can check whether a notification has been sent (cf. Check notifications).