Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Work 3.2
  3. Configuring Office 365 Modern Authentication for BlackBerry Dynamics Apps
  4. Obtain an Azure app ID for the BEMS-Connect, BEMS-Presence, and BEMS-Docs component service

Obtain an 
Azure
 app ID for the 
BEMS-Connect
BEMS-Presence
, and 
BEMS-Docs
 component service

When your environment is configured for 
Skype for Business Online
Microsoft SharePoint Online
Microsoft OneDrive for Business
, or 
Microsoft Azure
-IP you must register the 
BEMS
 component services in 
Azure
. You can register one or more of the services in Azure. In this task, the 
Connect
Presence
, and 
Docs
 services and 
Microsoft Azure
-IP are registered in Azure.
If you configure the 
Connect
 service, you can enable the conversation history to allow users to access conversations that are saved in the Conversation History folder of the user's 
Microsoft Exchange
 mailbox. Saving the conversation history is supported in the following environments:
  • Users in a 
    Skype for Business
     on-premises environment that have mailboxes on an on-premises 
    Microsoft Exchange Server
  • Users in a 
    Skype for Business Online
     environment that have mailboxes on an on-premises 
    Microsoft Exchange Server
  • Users in a 
    Skype for Business Online
     environment that have mailboxes on 
    Microsoft Office 365
Saving the conversation history is not supported in an on-premises 
Skype for Business
 environment where users have mailboxes on 
Microsoft Office 365
To grant permissions, you must use an account with tenant administrator permissions. 
  1. Sign in to portal.azure.com.
  2. In the left column, click 
    Azure Active Directory
    .
  3. Click 
    App registrations
    .
  4. Click 
    New registration
    .
  5. In the 
    Name
     field, enter a name for the app. For example, AzureAppIDforBEMS.
  6. Select a supported account type.  
  7. In the 
    Redirect URI
     drop-down list, select 
    Web
     and enter 
    https://localhost:8443
    .
  8. Click 
    Register
    .
  9. Record the 
    Application (client) ID
     This is used as the following in the 
    BEMS
     dashboard:
    • BlackBerry BEMS Connect/Presence Service App ID
       value the 
      BEMS
       dashboard for the 
      BlackBerry Connect
       service
    • BlackBerry BEMS Connect/Presence Service App ID
       value for the 
      Presence
       service
    • BEMS Service Azure Application ID
       value for the Docs > Settings service  
  10. In the 
    Manage
     section, click 
    API permissions
    .
  11. Click 
    Add a permission
  12. In the 
    Select an API
     section, click 
    APIs my organization uses
  13. If your environment is configured for 
    Azure
    -IP, search for and click 
    Microsoft Information Protection Sync Service
    . Set the following permission:
    • In delegated permissions, select the 
      Read all unified policies a user has access to
       checkbox (
      UnifiedPolicy > UnifiedPolicy.User.Read
      ). 
  14. Click 
    Add permissions
    .
  15. Click 
    Add a permission
    .
  16. Complete one or more of the following tasks:
    Service
    Permissions
    If you configure 
    BEMS-Connect
     to use 
    Skype for Business Online
    1. Click the 
      Microsoft APIs
       tab. 
    2. Click 
      Skype for Business
    3. Set the following permissions:
      • In application permissions, select all of the permissions.
        1. Click 
          Application permissions
        2. Click 
          expand all
          . Make sure that all options are selected.
      • In delegated permissions, select all of the permissions
        1. Click 
          Delegated permissions
        2. Click 
          expand all
          . Make sure that all options are selected.
    4. Click 
      Add permissions
      .
    5. If you enable saving the conversation history, complete the following steps:
      1. On the 
        API permissions
         page, click 
        Add a permission
        .
      2. In the 
        Select an API
         section, click 
        Microsoft APIs
         tab.  
      3. Click 
        Exchange
      4. In delegated permissions, select the 
        Access mailboxes as the signed-in user via Exchange Web Services
         checkbox (
        EWS > EWS.AccessAsUser.All
      5. Click 
        Add permissions
        .
    If you configure 
    BEMS-Presence
     to use 
    Skype for Business Online
    1. Search for and click 
      Skype for Business
    2. Set the following permissions:
      • In application permissions, select all of the permissions.
        1. Click 
          Application permissions
        2. Click 
          expand all
          . Make sure that all options are selected.
      • In delegated permissions, select all of the permissions.
        1. Click 
          Delegated permissions
        2. Click 
          expand all
          . Make sure that all options are selected.
    3. Click 
      Add permissions
      .
    If you configure 
    BEMS-Docs
     to use 
    Microsoft SharePoint Online
     or 
    Microsoft OneDrive for Business
    1. Search for and click 
      SharePoint
      .
    2. Set the following permissions:
      • In application permissions, clear all of the permissions.
        1. Click 
          Application permissions
          .
        2. Click expand all. Make sure that all options are cleared.
      • In delegated permissions, select the 
        Read and write items and item lists in all site collections
         checkbox.  None. Clear the check boxes for all options.
      • Delegated permissions
         Select the 
        Read and write items and lists in all site collections
         checkbox. (
        AllSite > AllSites.Manage
        )
    3. Click 
      Add permissions
      .
    If you use 
    Microsoft Azure
    -IP
    1. Click 
      Microsoft Graph
      . If 
      Microsoft Graph
       is not listed, add 
      Microsoft Graph
    2. Set the following permissions:
      • In application permissions, select the 
        Read directory data
         checkbox (
        Directory > Directory.Read.All
        ).
      • In delegated permissions, select the 
        Read directory data
         checkbox (
        Directory > Directory.Read.All
        ).
    3. Click 
      Update permissions
      .
  17. Wait a few minutes, then click 
    Grant admin consent
    . Click 
    Yes
    .
    This step requires tenant administrator privileges.
  18. To allow autodiscovery to function as expected, set the authentication permissions. Complete the following steps:
    1. In the 
      Manage
       section, click 
      Authentication
      .
    2. Under the 
      Implicit grant
       section, select the 
      ID Tokens
       checkbox.
    3. In the 
      Default client type
      , select 
      No
    4. Click 
      Save
  19. Define the scope and trust for this API. In the 
    Manage
     section, click 
    Expose an API
    . Complete the following tasks.
    Task
    Steps
    Add a scope
    The scope restricts access to data and functionality protected by the API.
    1. Click 
      Add a scope
    2. Click 
      Save and continue
      .
    3. Complete the following fields and settings:
      • Scope name: Provide a unique name for the scope. 
      • Who can consent: Click 
        Admins and user
        .
      • Admin consent display name: Enter a descriptive name. 
      • Admin consent description: Enter a description for the scope.
      • State: Click 
        Enabled
        . By default, the state is enabled.   
    4. Click 
      Add Scope
      .
    Add a client application 
    Authorizing a client application indicates that the API trusts the application and users shouldn't be prompted for consent.
    1. Click 
      Add a client application
    2. In the 
      Client ID
       field, enter the client ID that you recorded in step 9 above. 
    3. Select the 
      Authorized scopes
       checkbox to specify the token type that is returned by the service.
    4. Click 
      Add application
      .  
  20. In the 
    Manage
     section, click 
    Certificates & secrets
     and add a client secret. Complete the following steps:
    1. Click 
      New client secret
      .
    2. In the 
      Description
       field, enter a key description up to a maximum of 16 characters including spaces. 
    3. Set an expiration date (for example, In 1 year, In 2 years, Never expires).  
    4. Click 
      Add
      .
    5. Copy the key 
      Value
      The Value is available only when you create it. You cannot access it after you leave the page. 
      This is used as the 
      BlackBerry BEMS Connect/Presence Service App Key
       value in the 
      BEMS-Connect
       and 
      BEMS-Presence
       services and 
      BEMS Service Application Key
       in the 
      BEMS-Docs
       service in the 
      BEMS
       Dashboard.