TonicDM

In Microsoft Entra, under App Registrations add a New Registration.

Call the App <code>TonicDM Office 365 Token</code> and click Register. ​Note: for "Who can use this application or access this API?" leave the default selection (Single Tenant) and do not add a Redirect URI.

Make a note of the Application (client) ID and Directory (tenant) ID.

Configure TonicDM's Access to your Office 365

Create the permissions for TonicDM to access your Office 365

Go to (1) API Permissions and (2) Add a permission. Choose the (3) Microsoft Graph permission set, then (4) Application Permissions.

In the (5) Select Permissions box

enter "Mailbox" and turn on the <code>MailboxSettings.ReadWrite</code> checkbox

then enter "Mail" and turn on the <code>Mail.ReadWrite</code> checkbox

then enter "User.Read" and turn on the <code>User.Read.All</code> checkbox

- enter "Mailbox" and turn on the <code>MailboxSettings.ReadWrite</code> checkbox
- then enter "Mail" and turn on the <code>Mail.ReadWrite</code> checkbox
- then enter "User.Read" and turn on the <code>User.Read.All</code> checkbox

This results in 4 permissions listed. You can remove <code>User.Read</code> if you like.

Go to (1) Certificates and secrets and (2) add a new Client Secret. Enter <code>TonicDM Office365 Secret</code> for the description and choose 24 months for the expiry. Make a note of the Value and Expiry Date of the newly generated secret.

You must be one of your organization's <a href="https://help.tonicdm.com/en/articles/1626671-tonicdm-administrators">TonicDM administrators</a> to complete this step.

Go to the <a href="https://app.tonicdm.com/organization-settings" rel="nofollow noopener noreferrer" target="_blank">Organization Settings</a> page and scroll down to "Security Set Up".

Enter the following values into the fields:

from the Certificates &amp; secrets page: App Secret and Expiry Date

From the Overview page Application (client) ID and Tenant ID

- from the Certificates &amp; secrets page: App Secret and Expiry Date 
- From the Overview page Application (client) ID and Tenant ID

Click "Go" to activate the organization-level token.

Sometime before the secret expires, you'll need to generate a new secret then enter that new secret and the new expiry date into the Security Set Up.

Scope TonicDM's access to certain User accounts

The App Registration created above will also add an entry into the Enterprise Apps list in Entra.

Click on <code>TonicDM Office 365 Token</code> in the Enterprise Apps list

Go to Properties then ensure Assignment required? is set to Yes.

Go to Users and Groups and add the Users and Groups for whom TonicDM is allowed access to their Office 365 account.

- Click on <code>TonicDM Office 365 Token</code> in the Enterprise Apps list
- Go to Properties then ensure Assignment required? is set to Yes.
- Go to Users and Groups and add the Users and Groups for whom TonicDM is allowed access to their Office 365 account.

Setting up an Org Level token eliminates the need for each user to grant permissions for TonicDM to access their Office 365 mailbox.

Configure TonicDM's Access to your Office 365

Create the permissions for TonicDM to access your Office 365

Create a Secret

Go to TonicDM on the Web

Scope TonicDM's access to certain User accounts