Skip to main content

Microsoft 365

Microsoft 365 is a product family of productivity software, collaboration and cloud-based services owned by Microsoft.


Reference: Microsoft Graph documentation, Microsoft Graph REST API v1.0 endpoint reference, Microsoft Entra admin center

Pre-Requisites: Azure Prerequisites, Application Registration

Setting up Microsoft 365

Microsoft Graph is responsible for exposing REST APIs to access data on Microsoft 365 core services and security services.

Azure Account

You are required to have an Azure account that has an active subscription. If you do not have an account create an account for free.

Registering an Application

Registering your application establishes a trust relationship between your app and the Microsoft identity platform.

  1. Sign in to the Microsoft Entra admin center.

  2. If you have access to multiple tenants, use the Directories + subscriptions filter in the top menu to switch to the tenant in which you want to register the application.

  3. Expand the Identity menu > expand Applications> select App registrations > New registration.

App Registration

  1. Enter a Name for your application. Select a Supported account types. Don't enter anything for Redirect URI (optional). Click Register.

New App

  1. Copy the Application (client) ID and Directory (tenant) ID values.

App Overview

  1. In the Microsoft Entra admin center > Identity > Applications > App registrations, select your application. Click on Certificates & secrets -> New client secret.

New client secret

  1. Add a Description and select an Expires value. Click the Add button.

New client secret

  1. Copy the secret Value cell value, this is the Client Secret.

Copy secret

Configuring Microsoft 365 OAuth Credentials in crul

Navigate to the credentials page in crul (top right corner menu credentials).

Crul Credentials > Workday

Click the create button.

Select OAuth Provider (Client Credentials) -> Microsoft 365 from the type and select provider dropdowns.

Crul Credentials > Microsoft 365

Replace the TENANT_ID value in the Token Path input with the previously copied Directory (tenant) ID value. Enter the previously copied Client ID and Client Secret respective values.

Click the create button.

Crul Credentials > Microsoft 365 Form

Test the credential by running the following query. You should see a populated token.access_token column in the results.

--credential "microsoft365"
--scope ""

OAuth > Microsoft 365 access token