Solutions  •  Why SimplifyIT?  •  Testimonials  •  Resources  •  Contact   
(only 5 minutes)
 

How to Register an Azure AD App for Your Intranet (Microsoft 365 + Graph)

Quick Jump: When to Register | What You'll Need | Step-by-Step | Final Notes

Overview

To enable intranet features like sending email with Microsoft 365, posting to Teams, syncing user profiles, or enabling secure login, you'll need to register an Azure AD app. This step-by-step guide shows IT admins how to create one with the right permissions, scopes, and secrets.

When Do You Need an Azure App?

  • Sending internal email via Microsoft 365 with OAuth2
  • Accessing staff data via Microsoft Graph (e.g., name, email, department)
  • Reading calendar events or user presence
  • Posting announcements to Teams channels
  • Secure user authentication using Entra ID (Azure AD)

What You'll Need

  • Admin access to your Microsoft Entra ID (formerly Azure AD)
  • Microsoft 365 email tenant (for mail permissions)
  • Scope of use - what you want the app to do

How to Register the App

  1. Sign in as your Office 365 tenant admin at https://portal.azure.com
  2. In the left menu, go to Azure Active Directory → App registrations.
  3. Click 'New Registration'.
  4. Type some name (a client would enter SimplifyIT, for instance) and click 'Register'.
  5. Now you'll see the page where Application (client) ID (Application/Client ID) and Directory (Tenant) ID (Tenant ID) for your newly created app registration will be displayed. Store them for later use.
  6. Click 'Authentication' in the menu below Search box.
  7. Click the 'Add URI' link on the resulting page, select 'Web' and enter a value (if applicable). Keep in mind: it needs to be a secure, https:// site unless it's http://localhost/. For most banks and credit unions, the default (single tenant) is fine.
  8. Once created, click the newly-createed name of the App Registration, and then click 'Certificates & secrets' in the menu below Search box.
  9. Click 'New client secret'.
  10. Set some description and expiration time (e.g. 24 months).
  11. Click 'Add' to create your new secret.
  12. On Overview page, you'll see the newly created secret but only once. Copy/paste Secret Value (not Secret ID) (Secret Value) and save it into safe location for later use.
  13. Click 'API permissions' in the menu below Search box.
  14. Click 'Add a permission'; some examples below.

    FunctionAPITypeName
    Entra Single Sign-OnMicrosoft GraphDelegatedDirectory.Read.All
    Entra Single Sign-OnMicrosoft GraphDelegatedUser.Read
    Email Sending O365Microsoft GraphApplicationMail.Send
    Teams PresenceMicrosoft GraphApplicationPresence.Read.All
    Sync Profile (Individual)Microsoft GraphDelegatedUser.Read
    Sync Profile (Individual)Microsoft GraphDelegatedUser.Read
    Sync Profile (All Users)Microsoft GraphApplicationUser.Read.All
    Sync Profile (All Users)Microsoft GraphApplicationGroupMember.Read.All
    Email ParserOffice 365 Exchange OnlineApplicationIMAP.AccessAsApp
    Email ParserOffice 365 Exchange OnlineApplicationMail.ReadWrite
    SharePoint File SearchSitesApplicationSites.Read.All
    SharePoint ModificationSitesApplicationSites.ReadWrite.All

  15. Email Parser permissions may be more difficult to locate.
    • Select 'APIs my organization uses'.
    • Type 'Office 365 Exchange Online' in the textbox.
    • Click the found item.
    • Select 'Application Permissions' (not 'Delegated Permissions').
    • Select these permissions for the Email Parser: full_access_as_app and IMAP.AccessAsApp. Other permissions are outlined below (anything mail-related is for the Email Parser).
  16. Once all needed permissions have been added, click 'Grant admin consent for [CompanyName]'.

Note Down App Info From Above

You'll need:

  • Application (client) ID
  • Directory (tenant) ID
  • Client Secret

Use these in your intranet configuration to authenticate requests securely using an OAuth 2.0 Microsoft Access Token.

Final Notes

You can reuse the same app for multiple features if the permissions are sufficient. For example, sending mail and reading basic user profiles can often be handled by a single registration.

See Also

 
 
 

How Intranets Make Compliance Tracking Easier (and Exams Less Painful)

Published June 12, 2025

Stressed about your next exam? See how a financial-institution intranet tracks compliance activities - automatically - and keeps auditors happy.

Why 'Bank Intranet' Means Something Different (and How to Get Yours Right)

Published June 11, 2025

Banks aren't like other businesses - and their intranet shouldn't be either. Learn what makes a bank intranet different, and how to choose one that actually fits.

How Banks Use AI Inside Their Intranet (Without the Risk)

Published June 10, 2025

AI features inside intranet platforms can boost productivity and search accuracy - but security matters. Here's how banks can use AI responsibly.

 
Related Pages
 
SharePoint AlternativeDynamic FormsBank Intranet SoftwareCredit Union Intranet SoftwareBank Help DeskCredit Union Help DeskU.S. Based Banking IntranetData-Secure Intranet for Banks & Credit Unions
 
✦ trusted in banking since 2004 ✦