CloudFiler needs to read emails on your Exchange Online server so you must first give permissions for it to do so.


Step 1: Register the CloudFiler application

Open the Azure Active Directory portal https://aad.portal.azure.com/ (Link opens in a new window)


In the search field type App registrations and select App registrations

Next select New registration

Name it CloudFiler and select Register

Once the application has been created and registered you should be presented with a screen like this:

Make a note of the three IDs as you will need them later.

Then select the Add a certificate or secret link.

Step 2: Add a certificate

We now need to add a certificate, so select Certificates and then Upload certificate

NOTE: If you don't yet have access to the portal or the Licenses/Tokens/Apps page is not available to you, we will have emailed you with a link to the CRT file.


The certificate is available for download via the Licenses/Tokens/Apps section of the CloudFiler portal.  

Browse to the downloaded certificate, provide the description CloudFiler Public Key Certificate and then select Add

Step 3: Assign API permissions

TIP: Slow down and follow the next steps carefully
You next need to grant permissions for both Mail.ReadWrite and User.Real.All.
The steps are almost identical, so it's easy to scroll this help document to the wrong place and hence skip steps.

So slow down, and follow each step carefully.


Once the certificate has been added we can assign API permissions by selecting API permissions and then Add a permission:

Select Microsoft Graph

Then select Application permissions

Filter for mail, expand the Mail section, select Mail.ReadWrite and select Add permissions

We also need to add a User permission, so select API permissions again and then Add permission



Microsoft Graph again

Select Application permissions again

Filter for user, expand the User section and select User.Read.All, then select Add permissions

Your API permissions should then look similar to this:

Step 4: Grant consent

You next need to grant admin consent. So select Grant admin consent for <tenant name> and then select Yes


If successful, consent will be shown as granted.

Step 5: Inform us of the IDs you noted earlier

Lastly please contact Dinamich Ltd and provide the Application (client) ID, Object ID and Directory (tenant) ID which you can find in the Overview section (Don't send us the numbers from this documentation, which are phoney IDs).


TIP: Paste the ID's into an email rather than sending a screen-shot.


If you send a screen-shot we will have type the ID's in. As some characters are very similar it can be easy to introduce human error, which will delay your deployment.