Manually Completing the Configuration

If you prefer to manually register the app, log on to the Azure portal.

Register Azure Active Directory in the Azure Portal

1. In the navigation pane, click App registrations.

   The App registrations page appears.

2. Click New registration.

   The Register an application screen appears.

3. In the Name box, type a name for the app.

4. Under Supported account types, select Accounts in this organizational directory only (tenant_prefix - Single tenant).

5. Click Register.

6. Copy and paste the following values in a file or other document that you can access later:

   • Application (client) ID

   • Directory (tenant) ID

   You will enter these values in the Metallic software when you create the Azure AD app.

7. From the left navigation pane, click Certificates & secrets, and then copy the client secret value shown in the page.

8. In the navigation pane, click API permissions.

9. Click Add a permission.

   The Request API permissions page appears.

10. Click Microsoft Graph and complete the following steps:

    1. Click Application Permissions.

    2. Select the following permissions:

       • Application: Application.ReadWrite.All. This API permission is required to backup and restore the Registry and Enterprise applications.

       • AppRoleAssignment: AppRoleAssignment.ReadWrite.All. This API permission is required to backup and restore the Registry and Enterprise applications.

       • AuditLog: AuditLog.Read.All. This API permission is required to backup the Office 365 agents.

       • Directory: Directory.ReadWrite.All. This API permission is required to backup your organization's directory.

       • Domain: Domain.ReadWrite.All

       • Group: Group.ReadWrite.All. This API permission is required to backup and restore Groups.

       • Reports: Reports.Read.All. This API permission is required to backup the Office 365 agents.

       • RoleManagement: RoleManagement.ReadWrite.Directory. This API permission is required to backup and restore the Azure Active Directory objects.

       • User: User.ReadWrite.All. This API permission is required to backup and restore the user profiles.

    3. Click Add permissions.

       For more information regarding permissions, see Microsoft Permissions.

11. Return to the Request API permissions page.

12. On the app API permissions page, click Grant admin consent for tenant_name.