Microsoft Graph API (MS365) is used to interact with Microsoft 365 services like Outlook, Teams, Excel, Azure, etc. JIFFY.ai uses MS365 to interact with Outlook mail.

Create an Application

1. Create a Microsoft Azure account and navigate to Portal.
2. Click the App registrations option.
   
3. Click the + New registration option.
4. Enter a Name for your application and select the required option in the Supported account types section.
   

   Preferably, use the Single tenant option.

5. Click the Register button to create the application.
   
6. Note the Client ID in the Overview section.

Pre-requisites set-up

Create Secret Key

1. Open the created application.
2. Click the Certificates & secrets option in the left-hand side menu and click the + New Client Secret button.
   
3. Enter Description and choose when the key Expires. Click the Add button.
   

API Permissions

1. Open the created application.
2. Click the API permissions option in the left-hand side menu and click the + Add a permission button.
3. In the Commonly used Microsoft APIs tab of the Request API permissions window, click on Microsoft Graph.
4. Click the Delegated permissions button.
5. Select the following permissions and click the Add permissions button.
   
   • Calendar
     
     • Calendars.Read
       
     • Calendars.ReadWrite
   • User
     • User.Read
     • User.ReadBasic.All
   • Files
     
     • Files.Read
       
     • Files.Read.All
       
     • Files.ReadWrite
       
     • Files.ReadWrite.All
       
   • Sites
     
     • Sites.Read.All
       
     • Sites.ReadWrite.All
       
   • Mail
     
     • Mail.Read
       
     • Mail.ReadWrite
       
     • Mail.Send
       
   • Shared*
     
     • Mail.Read.Shared
       
     • Mail.ReadWrite.Shared
       
     • Mail.Send.Shared
       
     • Calendars.Read.Shared
       
     • * Calendars.ReadWrite.Shared
       
     • * Scopes needed to access resources that are shared with, but not owned by, the user.
       
6. Click the Grant admin consent button.
   

Disable MFA (Multi Factor Authentication)

Do the follwing to disable the Multi Factor Authentication for the user to connect.

1. Sign in to the Portal as an administrator.
2. Navigate to the Multi-Factor Authentication page.
3. Select the user to disable the MFA and click Disable.
   

Configure the Application

1. Navigate to the Microsoft Azure App
2. Click on the Authentication button.
3. Click on the +Add Platform button.
4. Select the Web option from the Configure Platforms. Configure web page section opens.
5. Click on the Quickstart button.
6. Select Java from the listed platforms. Java web app page opens.
7. Click on the Make these changes for me button.
8. Click on the Make updates button on the Configuring your application registration page.
9. Copy and save your client secret and click on the Done button.

Generate Encrypted Token File

Prerequisite: Java 8 is required

1. Download the secure-token-generator application and batch file to run the application
2. Open the batch file and enter the details, such as clientID, tenantID, secret, and folder path.

   An Encrypted token file will generate in this folder.

3. Open the Command prompt and navigate to the folder where the application is downloaded.
4. Run the application using the batch file, for example, run.bat.
5. Open the browser and enter the URL.
6. Enter the username and verify with the generated verification code from the registered mobile number in the login page.
7. Click on the Show user info button. An encrypted token file is generated in the specified folder.
8. Stop the secure-token-generator application.
9. Place the token file in Jiffy (Make sure the folder structure is present):
   1. Location for Jiffy server:
      

      • /opt/jiffy/ms365/token/design/{ClientID}.txt,
      • /opt/jiffy/ms365/token/exec/{ClientID}..txt

   2. Location for Bot:

      C:\jiffyservice\ms365{ClientID.txt}

   3. Key to decrypt the content of the encrypted token file:

      u-w7HNMq@c/-4^Qg

10. Store this key in the secure vault on the tenant level using Jiffy so that all applications can use it.
11. Use this key in the mail configuration; instead of username give

    vault:{vault key}

    vault:ms365Key

12. Get the client secret that was copied while configuring the application.
13. Store the client secret in the secure vault on the app level using Jiffy.
14. Use this secure vault key as password while configuring Email.