Overview
When using LegacyFlo to migrate data from active mailboxes, Teams or OneDrive on M365, you will need access to the relevant Graph API.
This document gives the steps to get secure access to the API and register the credentials with LegacyFlo.
Step 1: Application registration on Azure
Login to your LegacyFlo/Vaultastic Open Store account.
Login to Microsoft 365 in the same browser as the LegacyFlo/Vaultastic Open Store Login.
Navigate to Cloud computing services.
Http link: https://azure.microsoft.com/en-in/
(a) Select App registrations Azure service.
(a) Click on New registration.
(a) Provide a name for the new registration. 
(b) Select the "Accounts in this organizational directory only" in Supported account types.
Scroll down till you see the Redirect URI section
(c) Select Web as the platform
(d) Enter https://integrations.legacyflo.com/legacyflo/m365apiregistration as the Redirect URI
(e) Click on Register.
(a) Re-select the App registrations Azure service.
(a) You will see your app on the list. Click on the Display name
(a) Copy the Application (client) ID. This will be required when registering the API with LegacyFlo.
(b) Copy the Directory (tenant) ID. This will be required when registering the API with LegacyFlo
Save the ids in a note pad on your machine
(a) For your newly registered application, select Certificates & secrets.
(b) In Client secrets, click on New client secret.
(c) Add a Description (legacyflo_app_key).
(d) Specify the Expires value.
(e) Click Add.
(a) Copy the Value to the notepad in which you have copied the application and directory ids. This will be required when registering the API with LegacyFlo
(a) In the Manage menu for the registered app, select API permissions.
(b) Click on Add a permission.
(c) Select Microsoft Graph.
TO ACCESS TEAMS DATA DO THE FOLLOWING (required for request type TEAMS-S3-ZIP/TEAMS-S3-PST/TEAMS-VAULTASTIC4)
(a) In the Request API permissions pop-up, select Application permissions.
(b) Select the following permissions:
- User.Read.All
- Chat.Read.All
- Team.ReadBasic.All
- ChannelMessage.Read.All
- Sites.Read.All
(d) Click Add permissions.
TO ACCESS ONEDRIVE DATA DO THE FOLLOWING (required for request type ONEDRIVE-S3-ZIP)
(a) In the Request API permissions pop-up, select Delegated permissions.
(b) Select the following permissions:
- Files.ReadWrite.All
- offline_access
(c) Select check box (Files.ReadWrite.All)
(d) Click Add permissions.
TO ACCESS MAIL DATA USING THE GRAPH API DO THE FOLLOWING (required for request types M365API-S3-ZIP etc.)
(a) In the Request API permissions pop-up, select Delegated permissions.
(b) Select the following permissions:
- User.Read.All
- Mail.ReadWrite.Shared
- Mail.Send.Shared
- offline_access
(c) Select check box (User.Read.All)
(d) Click on Add permissions.
TO ACCESS MAIL DATA USING IMAP DO THE FOLLOWING (required for request types O365-S3-ZIP etc)
(a) In the Request API permissions pop-up, select Delegated permissions.
(b) Select the following permissions:
- IMAP.AccessAsUser.All
- offline_access
(c) Select check box (IMAP.AccessAsUser.All)
(d) Click on Add permissions.
(a) Select "Grant admin consent for <Account Name>"
(b) On the Grant admin consent confirmation box, select Yes.
Step 2: Register the Graph API credentials with LegacyFlo
- Navigate to the LegacyFlo tab
- From the menu on the left side, click on the Integrations menu
- On the pop-up menu, select Microsoft 365 Integrations
- If you have an access key for the mailboxes, select Outlook (API). OR If you have an access key for OneDrive, select OneDrive
- To register the access key for a new domain, click on the + sign next to Register Key for the domain
- Enter the domain name for which the key is to be registered
- Enter the Client ID, Tenant ID and Secret Value as recorded from the steps above
Step 3: Generate the Code for Outlook with IMAP or API or One Drive access (not required for Teams data access)
- Click on Generate Code
- The system will open up a new tab with a URL of the form "https://integrations.legacyflo.com/legacyflo/m365apiregistration."
- Navigate to this tab. You will see two controls on the page. By clicking on Show Code, you can view the code generated. Click on Copy Code to copy the code.
- Navigate back to the original dialog and Paste the code in the Paste Code box. Click on Save.
- The API is now registered with LegacyFlo.
- The next step will be to allow the API to access content of the mailboxes or drives as mentioned here. This has to be done for every user whose data needs to be accessed.
- Close the dialog box.
- To update the key for a domain, click on the edit icon next to the domain name and enter the credentials as in step 5