For CloudFiler to access and hence email on your Exchange Online server, you must first give it specific permissions.


Before you proceed

Microsoft allow businesses to Specify the administrators and users who can install and manage add-ins for Outlook in Exchange Online. If your environment has been limited to specific users you may need to get a colleague who has the required permissions to do the following for you.


Step 1: Register the CloudFiler application


Open the Microsoft 365 admin center portal  https://admin.cloud.microsoft/  (Link opens in a new window)


In the search field type App registrations and select App registrations

Next select New registration

Name it CloudFiler and select Register

Step 2: Add a certificate


You now need to add a certificate. You will have received an email from us with a link to a web page where you will find the CloudFiler Public Certificate.  The file is named cloudfiler-public.crt


Download this file.


Select Certificates and then Upload certificate



Browse to the downloaded certificate, provide the description CloudFiler Public Key Certificate and then select Add

Step 3: Assign API permissions


TIP: Slow down and follow the next steps carefully
You next need to grant Application permissions.
The steps are simple but it's easy to skip something so slow down, and follow each step carefully.


Once the certificate has been added we can assign API permissions by selecting API permissions and then Add a permission:

Select Microsoft Graph

You will see that there are two types of permissions: Delegated and Application. We need to assign both and will start with the Application permissions.


Our aim is to first assign the following Application permissions:


Mail.ReadWrite

Group.Read.All

MailboxSettings.ReadWrite

User.Read.All



We will do the Mail.ReadWrite first, so select Application permissions

Filter for Mail.ReadWrite, you may need to expand the filtered sections - in this example its in the Mail section, select Mail.ReadWrite and select Add permissions



Repeat for the remaining three Application permissions list above.

Step 4: Granting the remaining Graph permissions

Adding Delegated permissions

Whereas were were adding Application permissions in the previous steps, we now need to add Delegated permissions.


The step are nearly identical:


API Permissions | Add a permission | Microsoft Graph | Delegated Permissions | then the required permission


So now add the following Delegated Permissions:



EWS.AccessAsUser.All

Mail.ReadWrite

MailboxSettings.ReadWrite

User.Read



If you now select API permissions on the left, your permissions should look like this:

Step 5: Grant consent


You next need to grant admin consent. So select Grant admin consent for <tenant name> and then select Yes

If successful, consent will be shown as granted.


TIP: If you can't grant the admin consent, you will need to get someone with admin rights to do this for you.

Step 6: Enabling Entra integrated authentication

Integrated Authentication Setup

You now need to provide access so that CloudFiler's Hub can manage user authentication. The steps are very similar, so once again take your time and follow them carefully.


Pick Authentication and then Add Redirect URI



From the side menu select Mobile and desktop applications



Add the following for Mobile and desktop applications:


cloudfiler://auth
http://localhost:5000

http://localhost
https://login.microsoftonline.com/common/oauth2/nativeclient


If you have added them correctly they should appear as shown here:

Step 7: Inform us of the IDs you noted earlier


Lastly please email the Application (client) ID, Object ID and Directory (tenant) ID to us. You can find these in the Overview section .


WARNING: Do NOT send us a screen shot. If you send a screen-shot we will have type the ID's in. As some characters are very similar it can be easy to introduce human error, which will delay your deployment. Instead, copy the IDs individually from the page and paste them into your email to us - thanks.