Integration with Microsoft Office 365 mail server protocols

You must first log into the https://portal.azure.com/ portal and search for Azure Active Directory®. It is recommended to implement double authentication in Azure® to increase access security.

You click on Application Record → New Record.

The information is filled in as needed. In this example MSFT (single tenant) is used.

Once the application is created, both the tenantId (client application identifier) and the clientID (tenant directory identifier) can be found in the general information of the application.

To obtain the value of the secret go to Certificates and Secrets → New Customer Secret.

Follow the instructions shown and create the secret.

In the next step the value of the secret must be copied, this must be done immediately when creating the secret since the value will be hidden and will not be shown again.

If the page is refreshed the only ID that is retained is the one marked in the image and that the 'Value' will only show a part and without being able to visualize the rest.

Now the necessary permissions must be added to the application. To do this go to API Permissions → Add Permission → Microsoft Graphy and add the following permissions:

Finally, go to Expose an API → Add a scope in order to add the scope to the application just created in the previous section. In case it says that you do not have a URI added, click next and then configure the scope.

Once all the steps have been completed and the information gathered, the application can be registered in Pandora ITSM.

Rather than double authentication, Microsoft Azure® uses multi-factor authentication, Azure AD Multi-Factor Authentication® (MFA) which includes SMS with verification code, an application such as Microsoft Authenticator App® or Google Authenticator®, a fingerprint scan, and so on.

The following is a very simplified summary of the process, for full details see “Tutorial: Secure user sign-in events with Azure AD Multi-Factor Authentication”.

• It is recommended to use a Conditional Access Policy which can be assigned to users, groups and applications and which will be responsible for responding to login requests.
• It is therefore necessary to have non-administrator users already created and assigned to work groups created for this purpose. Such work is beyond the scope of this tutorial.
• To create a Conditional Access Policy log in to the Azure portal with the required rights (global administrator).
• In the left side menu go to Azure Active Directory → Security.
• Select Conditional Access → New policy → Create new policy.
• Enter a name, e.g. MFA Pilot.
• At Assignments select Users or workload identities.
• At What does this policy apply to? verify that users and groups are selected.
• Now at Include choose Select users and groups and check Users and groups.
• Since it will be empty, a dialog box will automatically open. Select your Azure AD group, let's say it was created with the name MFA-Test-Group, select this group.
• Now you must assign the applications that will use this Conditional Access Policy. The example below assumes that it will be applied only to the Azure portal.

1. At Cloud apps or actions go to Select what this policy applies to and check Cloud apps is selected.
2. At Include choose Select apps.
3. Browse the list and search for Microsoft Azure Management and mark yourself as selected.
4. Now the MFA access controls must be configured, go to Access controls → Grant → Grant access.
5. Select Require multi-factor authentication mark it as selected and click the Select button.

Now all that remains is to activate the policy, go to Enable policy select the On value and click the Create button.

From this point on users and groups created accessing the Azure portal should select the Mobile app method in step one and check Use verification code and press the Setup button to start configuring the personal Microsoft Authenticator app or Google Authenticator.

You must access, with the necessary permissions, the menu Setup → Setup → Email setup and fill in the fields with the information obtained:

See the “Advanced PITSM configuration” for more details.

It is recommended to implement the second authentication factor in Pandora ITSM to increase application access security. See “Dual authentication” for more details.

Back to Pandora ITSM Documentation Index