Overview
When using LegacyFlo to migrate data from active mailboxes, Teams or OneDrive on M365, you will need access to the relevant Graph API.
This document gives the steps to get secure access to the API and register the credentials with LegacyFlo.
Step 1: Application registration on Azure
Login to your LegacyFlo/Vaultastic Open Store account.
Login to Microsoft 365 in the same browser as the LegacyFlo/Vaultastic Open Store Login.
Navigate to Cloud computing services.
Http link: https://azure.microsoft.com/en-in/
(a) Select App registrations Azure service.
(a) Click on New registration.
(a) Provide a name for the new registration. 
(b) Select the "Accounts in this organizational directory only" in Supported account types.
Scroll down till you see the Redirect URI section
(c) Select Web as the platform
(d) Enter "https://integrations.legacyflo.com/legacyflo/m365apiregistration" as the Redirect URI
(e) Click on Register.
(a) Re-select the App registrations Azure service.
(a) You will see your app on the list. Click on the Display name
(a) Copy the Application (client) ID. This will be required when registering the API with LegacyFlo.
(b) Copy the Directory (tenant) ID. This will be required when registering the API with LegacyFlo
Save the ids in a note pad on your machine
(a) For your newly registered application, select Certificates & secrets.
(b) In Client secrets, click on New client secret.
(c) Add a Description (legacyflo_app_key).
(d) Specify the Expires value.
(e) Click Add.
(a) Copy the Value to the notepad in which you have copied the application and directory ids. This will be required when registering the API with LegacyFlo
(a) In the Manage menu for the registered app, select API permissions.
(b) Click on Add a permission.
(c) Select Microsoft Graph.
The API permissions required will depend on the data which you wish to copy to a Vaultastic Store. Add the Application and Delegated Permissions as required depending on the data to be access.
a. Select the Application and Delegated Permission Type
b. Add the permissions as given in the table.
c. Select all the check boxes in the list below
d. Click Add permissions when all required permissions have been added.
| Data | Permission Type | Permissions | Sample Screen Shot |
|---|---|---|---|
| Mailbox | Delegated | User.Read.All Mail.ReadWrite.Shared Mail.Send.Shared offline_access |  |
| OneDrive | Delegated | Files.ReadWrite.All offline_access |  |
| Distribution List Members (required by scheduler) | Application | Group.Read.All Group.ReadWrite.All Directory.Read.All |  |
| Teams | Application | User.Read.All Chat.Read.All Team.ReadBasic.All ChannelMessage.Read.All Sites.Read.All |  |
| Sharepoint | Application | Sites.Read.All |  |
| Mailbox (for legacy method using IMAP) | Delegated | IMAP.AccessAsUser.All offline_access |  |
(a) Select "Grant admin consent for <Account Name>"
(b) On the Grant admin consent confirmation box, select Yes.
Step 2: Register the Graph API credentials with LegacyFlo
- Navigate to the LegacyFlo/Vaultastic Open Store tab
- From the menu on the left side, click on the Integrations menu
- On the pop-up menu, select Microsoft 365 Integrations
- If you have an access key for the mailboxes, select Outlook (API).
- If you have an access key for OneDrive, select OneDrive
- If you have access key for Teams, select Teams
- If you have access for Sharepoint, select Sharepoint
- To register the access key for a new domain, click on the + sign next to Register Key for the domain
- Enter the domain name for which the key is to be registered
- Enter the Client ID, Tenant ID and Secret Value as recorded from the steps above
- If you are registering access for Outlook (IMAP), Outlook (API) or OneDrive
- Click on Generate Code
- The system will open up a new tab with a URL of the form "https://integrations.legacyflo.com/legacyflo/m365apiregistration."
- Navigate to this tab. You will see two controls on the page. By clicking on Show Code, you can view the code generated. Click on Copy Code to copy the code.
- Navigate back to the original dialog and Paste the code in the Paste Code box. Click on Save.
- The API is now registered with LegacyFlo.
- The next step will be to allow the API to access content of the mailboxes or drives as mentioned here. This has to be done for every user whose data needs to be accessed.
- Close the dialog box.
- To update the key for a domain, click on the edit icon next to the domain name and enter the credentials as in step 5