Background
Reco's various integrations with Microsoft require specific sets of permissions your admin needs to authorize Reco to access. For more granular control over allowed permissions, Reco lets the user select the scopes authorized for it to use for each Microsoft integration. To do that, a Microsoft account admin is required to create an app, specify its scopes, and copy the relevant fields for Reco to use.
Creating an app in Microsoft
This section describes how to obtain the 3 values needed for integrating your Microsoft service with Reco:
Client ID
Secret
Tenant ID
As a Microsoft account admin,
Login to Microsoft Entra
On the sidebar, click on "Applications" -> "App Integrations"
Click on "New Registration"
Name the application (for example, "Reco"). Leave all other selections as they are and click "Register"
In the opened page of the newly created application, copy the values of
"Application (client) ID" and "Directory (tenant) ID"
In the app's page sidebar, navigate to "Certificates & secrets", and click on "New client secret"
Fill in a description and click on "Add".
Copy the value of the secret (not the "Secret ID")
In the app's page sidebar, navigate to "API Permission" and add the permissions you wish to authorize Reco to access.
It is recommended to grant at least the following scopes:
AuditLog.Read.AllDirectory.Read.AllMail.ReadBasicUser.Read
On the same page, click on "Grant admin content for ..."
β
Integrating with Reco
In the Integrations screen of Reco, click on "Add Integrations" and choose the relevant Microsoft app to connect
Choose a subscription and tick "Use your own Application"
Fill in the Account (client) ID in "Client ID", secret in "Client Secret", and replace
<your_tenant_id>in the "Authority URL" value with the Directory (tenant) ID you have obtained in the previous section.Click on "Connect"