Get the PDF

Obtain an
Azure
app ID for the
Connect
,
Presence
, and
Docs
service

When your environment is configured for

Skype for Business Online

Microsoft SharePoint Online

Microsoft Azure

-IP you must register the

BEMS

component services in

Azure

. You can register one or more of the services in Azure. In this task, the

Connect

Presence

, and

Docs

services and

Microsoft Azure

-IP are registered in Azure.

If you configure the

Connect

service, you can enable the conversation history to allow users to access conversations that are saved in the Conversation History folder of the user's

Microsoft Exchange

mailbox. Saving the conversation history is supported in the following environments:

Users in a

Skype for Business

on-premises that have mailboxes on an on-premises

Microsoft Exchange Server

Users in a

Skype for Business Online

environment that have mailboxes on an on-premises

Microsoft Exchange Server

Users in a

Skype for Business Online

environment that have mailboxes on

Microsoft Office 365

Saving the conversation history is not supported in an on-premises

Skype for Business

environment where users have mailboxes on

Microsoft Office 365

To grant permissions, you must use an account with tenant administrator privileges.

A client ID, for instructions, see Obtain an Azure app ID for the Connect, Presence, and Docs service.

Log on to portal.azure.com.

In the left column, click

Azure Active Directory

Click

App registrations

Click

New registration

In the

Name

field, enter a name for the app. For example, AzureAppIDforBEMS.

Select a supported account type.

In the

Redirect URI

drop-down list, select

Web

, and enter

https://localhost:8443

Press

In the

Manage

section, click

API permissions

Click

Add a permission

In the

Select an API

section. click

APIs my organization uses

Search for and click

Microsoft Information Protection Sync Service

Select the

UnifiedPolicy.User.Read

checkbox.

Click

Add permissions

Click

Add a permission

Complete one or more of the following tasks:

Service	Permissions
If you configure Connect to use Skype for Business Online	Search for and click Skype for Business Online . Set the following permissions: Application permissions: All Click Application permissions . Click expand all . Make sure that all options are selected. Delegated permissions: All Click Delegated permissions . Click expand all . Make sure that all options are selected. Click Add permissions . If you enable saving the conversation history, complete the following steps: On the API permissions page, click Add a permission . In the Select an API section, click APIs my organization uses . In the search field, enter Office 365 Exchange Online . Expand EWS permission . Select the EWA.AccessAsUse.all check box. This option allows the BlackBerry Work app to have the same access to mailboxes as the signed-in user through Microsoft Exchange Web Services . Click Add permissions .
If you configure Presence to use Skype for Business Online	Search for and click Skype for Business Online . Set the following permissions: Application permissions: All Click Application permissions . Click expand all . Make sure that all options are selected. Delegated permissions: All Click Delegated permissions . Click expand all . Make sure that all options are selected. Click Add permissions .
If you configure Docs to use Microsoft SharePoint Online	Search for and click Office 365 SharePoint Online . Set the following permissions: Application permissions: None Click Application permissions . Click expand all . Make sure that all options are cleared. Delegated permissions Click Delegated permissions . Expand AllSites . Select the Site.Manage.All checkbox. This option will all the app to read, write, update, and delete documents in all site collections without a signed in user. Click Add permissions .
If you use Microsoft Azure -IP	Click Microsoft Graph . Set the following permissions: Application permissions Click Application permissions . Expand Directory . Select the Directory.Read.All checkbox. This option lets the app read the data in the organization's directory. Delegated permissions Click Delegated permissions . Expand Directory . Select the Directory.Read.All checkbox. This option lets the app read the data in the organization's directory. Click Add permissions .

Click

Grant admin consent for <organizational directory name>

. Click Yes
.

This step requires tenant administrator privileges.

To allow autodiscovery to function as expected, set the authentication permissions.

In the

Manage

section, click

Authentication

Under the

Implicit grant

section, select the

ID Tokens

checkbox.

In the

Default client type

, select

Click

Save

In the

Manage

section, click

Expose an API

. Complete the following tasks.

Task	Steps
Add a scope	The scope restricts access to data and functionality protected by the API. Click Add a scope . Click Save and continue . Complete the following fields and settings: Scope name: Provide a unique name for the scope. Who can consent: Click Admins and user . Admin consent display name: Enter a descriptive name. Admin consent description: Enter a description for the scope. State: Click Enabled . By default, the state is enabled.
Add a client application	Authorizing a client application indicates that that API trusts the application and users shouldn't be prompted for consent. Click Add a client application . In the Client ID field, enter the client ID that you obtained. For instructions, see Obtain an Azure app ID for the Connect, Presence, and Docs service. Select the Authorized scopes checkbox. Click Add application .

Task

Steps

Add a scope

The scope restricts access to data and functionality protected by the API.

Click

Add a scope

Click

Save and continue

Complete the following fields and settings:

Scope name: Provide a unique name for the scope.

Who can consent: Click

Admins and user

Admin consent display name: Enter a descriptive name.

Admin consent description: Enter a description for the scope.

State: Click

Enabled

. By default, the state is enabled.

Add a client application

Authorizing a client application indicates that that API trusts the application and users shouldn't be prompted for consent.

Click

Add a client application

In the Client ID field, enter the client ID that you obtained. For instructions, see Obtain an Azure app ID for the Connect, Presence, and Docs service.

Select the

Authorized scopes

checkbox.

Click

Add application

In the

Manage

section, click

Certificates & secrets

and add a client secret.

Click

New client secret

In the

Description

field, enter a key description up to a maximum of 16 characters including spaces.

Set an expiration date (for example, In 1 year, In 2 years, Never expires).

Click

Add

Copy the key

Value

The Value is available only when you create it. You cannot access it after you leave the page. This is used as the

BlackBerry BEMS Connect/Presence Service App Key

value in the

Connect

and

Presence

services and

Application Key

in the

Docs

service in the

BEMS

Dashboard.

Copy the

Application (client) ID

. The Application (client) ID is displayed in the main

Overview

page for the specified app. This is used as the following in the

BEMS

dashboard:

BlackBerry BEMS Connect/Presence Service App ID

value the

BEMS

dashboard for the

BlackBerry Connect

service

BlackBerry BEMS Connect/Presence Service App ID

value for the

Presence

service

BEMS Service Azure Application ID

value for the

Docs

> Settings service