Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Work 2.17
  3. Configuring Office 365 Modern Authentication for BlackBerry Dynamics Apps
  4. Enable modern authentication for the Mail service in BEMS 
  5. Obtain an Azure app ID for BEMS with certificate-based authentication

Obtain an 
Azure
 app ID for 
BEMS
 with certificate-based authentication

  1. Sign in to portal.azure.com.
  2. In the left column, click 
    Azure Active Directory
    .
  3. Click 
    App registrations
    .
  4. Click 
    New registration
    .
  5. In the 
    Name
     field, enter a name for the app.
  6. Select a supported account type. 
  7. In the 
    Redirect URI
     section, in the drop-down list, select 
    Public/client (mobile & desktop)
    and enter 
    http://<
    name of the app given in step 5
    >
    .
    This app is a daemon, not a web app, and does not have a sign-on URL.
  8. Click 
    Register
    . The new registered app appears.
  9. In the 
    Manage
     section, click 
    Expose an API
    . The scope restricts access to data and functionality protected by the API. 
    1. Click 
      Add a scope
      .
    2. Click 
      Save and continue
    3. Complete the following fields and options: 
      • Scope name: Provide a unique name for the scope. 
      • Who can consent: Click 
        Admins and user
      • Admin consent display name: Enter a descriptive name. 
      • Admin consent description: Enter a description for the scope.
      • State: Click 
        Enable
        .  
  10. Copy the 
    Application ID URI
    . This is used to associate a certificate with the 
    Azure
     app ID for 
    BEMS
    . The Application ID URI appears in the format of api://{
    appID
    }. 
  11. In the 
    Manage
     section, click 
    API permissions
    .
  12. Click 
    Add a permission
    .
  13. In the 
    Select an API
     section, click 
    Microsoft APIs 
     tab. 
  14. Click 
    Exchange
  15. If you are creating the 
    Microsoft Office 365
     application to use 
    Microsoft Intune
    , set the following permissions:
    • Application permissions: Use Exchange Web Service with full access to all mailboxes (
      full_access_as_app
      )
  16. Click 
    Add permissions
    .
  17. Click 
    Microsoft Graph
    . If the 
    Microsoft Graph
     API permission is not listed, add it. 
  18. Set the following permission for 
    Microsoft Graph
    • Delegated permissions: Sign in and read user profile (
      User > User.Read
      )
  19. Click 
    Add permissions
    .
  20. Click 
    Grant admin consent
    .
  21. Click 
    Yes
  22. To allow autodiscovery to function as expected, set the authentication permissions.
    1. In the 
      Manage
       section, click 
      Authentication
    2. Under the 
      Implicit grant
       section, select the 
      ID Tokens
       checkbox.
    3. In the 
      Default client type
      , select 
      No
    4. Click 
      Save
  23. Click 
    Overview
     to view the app that you created in step 5. Copy the 
    Application (client) ID
    . The Application (client) ID is displayed in the main 
    Overview
     page for the specified app. This is used as the 
    Client application ID
     in the 
    BEMS
     dashboard when you enable modern authentication and configure 
    BEMS
     to communicate with 
    Microsoft Office 365