CloudFiler needs to read emails on your Exchange Online server so you must first give permissions for it to do so.


Step 1: Register the CloudFiler application


Open the Azure Active Directory portal https://aad.portal.azure.com/ (Link opens in a new window)


In the search field type App registrations and select App registrations

Next select New registration

Name it CloudFiler and select Register

Once the application has been created and registered you should be presented with a screen like this:

Make a note of the three IDs as you will need them later.

Then select the Add a certificate or secret link.

Step 2: Add a certificate


We now need to add a certificate. You will have received an email from us with a link to a folder in which you will find the CRT file which is the certificate.


Download this file.


Select Certificates and then Upload certificate



Browse to the downloaded certificate, provide the description CloudFiler Public Key Certificate and then select Add

Step 3: Assign API permissions


TIP: Slow down and follow the next steps carefully
You next need to grant permissions for both Mail.ReadWrite and User.Read.All.
The steps are almost identical, so it's easy to scroll this help document to the wrong place and hence skip steps.

So slow down, and follow each step carefully.


Once the certificate has been added we can assign API permissions by selecting API permissions and then Add a permission:

Select Microsoft Graph

Then select Application permissions

Filter for mail, expand the Mail section, select Mail.ReadWrite and select Add permissions

We also need to add a User permission, so select API permissions again and then Add permission



Microsoft Graph again

Select Application permissions again

Filter for user, expand the User section and select User.Read.All, then select Add permissions

Your API permissions should then look similar to this:

Step 4: Grant consent


You next need to grant admin consent. So select Grant admin consent for <tenant name> and then select Yes


If successful, consent will be shown as granted.



TIP: If you can't grant the admin consent, you will need to get someone with admin rights to do this for you.



Step 5: Inform us of the IDs you noted earlier


Lastly please email the Application (client) ID, Object ID and Directory (tenant) ID to us. You can find these in the Overview section .


WARNING: Do NOT send us a screen shot. If you send a screen-shot we will have type the ID's in. As some characters are very similar it can be easy to introduce human error, which will delay your deployment. Instead, copy the IDs individually from the page and paste them into your email to us - thanks.