Skip to main content
  1. CloudM
  2. Continuity
  3. Getting Started
  4. Setting Up

Connecting Microsoft 365

Updated

Getting Started › Setting Up

Connecting Microsoft 365

To sync data from Microsoft 365, CloudM Continuity needs read access to your M365 tenant via the Microsoft Graph API. This is done by registering an application in Azure Active Directory (Azure AD) and granting it the necessary permissions.

Who should do this?

You will need Global Administrator or Application Administrator access to your Azure AD tenant. If you don't have this access, ask your IT admin to complete these steps.

Overview

The process involves four main steps:

  1. Register an application in Azure AD
  2. Create a certificate for authentication
  3. Configure and grant Microsoft Graph API permissions
  4. Enter the application credentials in CloudM Continuity

Choose one of the two approaches below to complete the Azure AD setup, then enter the credentials in CloudM Continuity.

▶ Option A: Automated setup with PowerShell (recommended)

A PowerShell script automates the app registration, certificate generation, API permissions, and admin consent in one step.

Prerequisites

  • Windows machine with PowerShell 5.1 or later
  • Global Administrator or Application Administrator access to your Azure AD tenant
  • The Microsoft.Graph PowerShell module (the script will install it if not present)

Running the script

  1. Download Create-ContinuitySync.ps1 from the bottom of this article
  2. Open PowerShell and run: 
    .\Create-ContinuitySync.ps1
  3. A browser window will open for authentication — sign in with your Azure AD admin account
  4. When prompted, enter:
    • Application name — e.g. CloudM Continuity Sync
    • Certificate password — choose a secure password (you will need this when entering credentials in CloudM Continuity)
  5. The script will output three files to the current directory:
    • [AppName].pfx — The private key file to upload to CloudM Continuity
    • [AppName].cer — The public key (already uploaded to Azure AD by the script)
    • [AppName]-info.txt — Contains the Client ID, Tenant ID, and other details

After the script completes, continue with Enter credentials in CloudM Continuity below.

▶ Option B: Manual setup

Step 1: Register an application in Azure AD

  1. Sign in to the Azure Portal at portal.azure.com
  2. Navigate to Azure Active Directory > App registrations
  3. Click New registration
  4. Fill in the registration form:
    • Name: Enter a descriptive name, e.g. CloudM Continuity
    • Supported account types: Select Accounts in this organizational directory only (single tenant)
    • Redirect URI: Leave blank (not required)
  5. Click Register

After registration, note the following values from the Overview page:

Field Where to find it
Application (client) ID Shown on the Overview page
Directory (tenant) ID Shown on the Overview page

Step 2: Create a certificate

CloudM Continuity uses certificate-based authentication. Generate a self-signed certificate and upload the public key to your Azure AD app registration.

  1. Open PowerShell as Administrator on a Windows machine
  2. Run the following command to generate a self-signed certificate: 
    $cert = New-SelfSignedCertificate `
    -Subject "CN=CloudM Continuity" `
    -CertStoreLocation "Cert:\CurrentUser\My" `
    -KeyExportPolicy Exportable `
    -KeySpec Signature `
    -KeyLength 2048 `
    -KeyAlgorithm RSA `
    -HashAlgorithm SHA256 `
    -NotAfter (Get-Date).AddYears(1)
  3. Export the PFX file (private key): 
    $password = ConvertTo-SecureString -String "YourPassword" -Force -AsPlainText
Export-PfxCertificate -Cert "Cert:\CurrentUser\My\$($cert.Thumbprint)" `
    -FilePath ".\CloudM-Continuity.pfx" -Password $password
  4. Export the CER file (public key): 
    Export-Certificate -Cert "Cert:\CurrentUser\My\$($cert.Thumbprint)" `
    -FilePath ".\CloudM-Continuity.cer"
  5. In your Azure AD app registration, go to Certificates & secrets
  6. Under Certificates, click Upload certificate
  7. Upload the .cer file and click Add

Certificate expiry

The certificate above is valid for one year. Set a calendar reminder to rotate it before expiry. See Rotating Microsoft 365 credentials.

Step 3: Configure API permissions

  1. In your app registration, go to API permissions
  2. Click Add a permission > Microsoft Graph > Application permissions
  3. Add the following permissions:
Permission Type Purpose
Mail.Read Application Read mail from all mailboxes
User.Read.All Application Read user profiles to match policy queries
Directory.Read.All Application Read directory data (groups, departments) for user queries
MailboxSettings.Read Application Read mailbox configuration for sync operations

Application permissions, not delegated

Make sure you select Application permissions, not Delegated permissions. Application permissions allow CloudM Continuity to access data without a user being signed in.

  1. After adding all permissions, click Grant admin consent for [your organisation]
  2. Confirm by clicking Yes
  3. Verify that all permissions show a green checkmark under Status

Enter credentials in CloudM Continuity

Whether you used the automated script or manual setup, complete this final step to connect your M365 tenant:

  1. In CloudM Continuity, go to Connections in the sidebar
  2. On the Source Connection card, click Create source
  3. Fill in the connection details:
    • Tenant ID — Your Azure AD Directory (tenant) ID
    • Client ID — The Application (client) ID
    • Private key — Upload the .pfx file
    • Certificate password — The password you set when creating the certificate
  4. Click Create source
  5. Once the connection is created, click the three-dot menu on the Source Connection card and select Test connection
  6. A green toast notification confirms "Connection test successful" if everything is configured correctly

Test connection fails?

If the test fails, check that: the application has the correct API permissions, admin consent has been granted, and the certificate has not expired. You can update credentials at any time by clicking the three-dot menu and selecting Edit.

Security considerations

  • You own the application registration. CloudM does not have access to your Azure AD tenant. The application you register and the permissions you grant are fully under your control.
  • Least-privilege access. Only the permissions listed above are required. Do not grant broader permissions than necessary.
  • Certificate rotation. Rotate your certificate before it expires. Generate a new certificate, upload the public key to Azure AD, and update the PFX in CloudM Continuity. See Rotating Microsoft 365 credentials.
  • Audit access. You can review sign-in and audit logs for the registered application in Azure AD at any time.
Was this article helpful?
0 out of 0 found this helpful