Skip to main content
Skip table of contents

Configuring a Graph API connection

The sample code requires the following details for executing Microsoft Graph API queries:

  • Tenant ID

  • Client ID (Application ID)

  • Client Secret

Tenant ID

The Tenant ID refers to the unique identifier of your Azure tenant. It can be found under:
Microsoft Entra IDOverviewBasic InformationTenant ID

image-20250213-141056.png

Client ID (Application ID)

The Client ID can be found under Entra IDEnterprise applications → New application OR <Select your existing application>

image-20250213-141302.png

It is necessary to define the required permissions for the enterprise application. Below is an example of possible authorizations when using Microsoft Graph API.

image-20250213-141339.png

Client Secret

This manual and the provided sample code use the app-only access authentication model, which requires setting up a client secret. It is also possible to use delegated access with custom scopes that do not require a client secret.

For more details on authentication and authorization with Microsoft Graph API, refer to the official Microsoft documentation:
Authentication and authorization basics - Microsoft Graph | Microsoft Learn

The sample code assumes the use of app-only access with a client secret. To configure a client secret:

  1. Navigate to MS Entra ID → App Registrations → <Select your existing application>.

  2. Go to Certificates & secrets → Client secrets.

Customers can decide whether the certificates used for Graph API queries should expire or be valid indefinitely (Custom option).

image-20250213-141745.png

If certificates are set to expire, it is recommended to configure a reminder system for upcoming expirations. One approach is to create an automation account in Microsoft Entra ID with a runbook that executes a PowerShell script to send email notifications about expiring certificates.

For more details, refer to:
How to Receive Email Notifications for Expiring Azure App Registration Certificates and Secrets

Alternatively, you can search the web for:
How to Receive Email Notifications for Expiring Azure App Registration Certificates and Secrets

Managing the Entra ID tenant, including certificate expiration and renewal policies, is the customer’s responsibility. These tasks are not part of Retarus' consulting services during onboarding and are not covered by Retarus support for existing customers.

Resource groups

A resource group must be created to manage the Azure Function and the blobStorage object.

image-20250213-142131.png

The resource group requires:

  • A function app

  • A storage account (which stores m2f.csv, f2m.csv, and intermediate CSV files when mode[1,2]_multiRecipients=true)

image-20250213-142239.png

The files will be stored in:
Storage account → Data storage → Containers → <Select the container>

The image below displays an intermediate .csv file (see mode1_multiRecipients and mode2_multiRecipients for details), along with the m2f.csv and f2m.csv files. Only m2f.csv and/or f2m.csv are pushed to Retarus.

image-20250213-142548.png
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close