Configure app within M365 - Application based permissions - Certificate Based (recommended)

the preferred method to authenticate with the graph api is via application based permissions using office 365 sharepoint as a docuflow repository you will need to ensure that the enterprise connector is configured and able to connect to the microsoft graph api you must create an enterprise application via the microsoft azure portal to complete this procedure this will require an account with appropriate level of permissions to grant correct access rights to a user (connector user) using the graph api when inside the azure portal you can either self grant access or have an admin grant access to the graph api and its corresponding access rules inside the azure portal if and only if that user has authority to grant access to those rules the following steps below outline this process i visit https //portal azure com/ then login using an appropriate account ii click on active driectory, then click on app registrations and click on new registration name the application docuflow suffix (either dev, test,prod) depending on environment provisioning select single tenant click register click api permissions under manage click add permissions select microsoft graph, and then select application permissions type "sites" in the search and select sites manage all for permissions if you want to do permissions granuarly at the site level follow, you may choose site selected please reference this guide from microsoft for site level permissions https //learn microsoft com/en us/graph/api/site post permissions?view=graph rest beta\&tabs=http (we have also included a summary of the site level permissions here ) click grant admin consent for docuflowdemo click certificates and secrets certificates & secret click on 'upload certificate' under 'certificates' tab select a public key/certificate by selecting it via file choose provide appropriate description of the certificate in 'description' field click on 'add' if everything is well, certificate basic details will be populated in the table along with thumbprint, description, start date, expiry date and certificate id click on overview and save the following information app id, and tenant id