Search

How to get authentication credentials for adding a Microsoft 365 Domain to Boxafe?

Datum poslední úpravy: 2025-06-11

How to get authentication credentials for adding a Microsoft 365 domain to Boxafe?

This tutorial will guide you through how to register a Microsoft Azure Active Directory (AD) application and generate a certificate for authorizing Boxafe to back up Microsoft 365 domain data. Additional instructions are provided in this tutorial on how to obtain API access permissions to back up Microsoft Teams and SharePoint Sites data in Boxafe.

Important:

This tutorial is only applicable to Boxafe 1.5 or later versions. If your Boxafe is an earlier version, follow this tutorial instead: How to obtain authentication for adding a new Microsoft 365 domain in Boxafe?

Requirements

Category

Requirements

Hardware

A computer

Software

  • Minimum operating system version requirements: Windows 10 or Windows Server 16

  • PowerShell

  • Microsoft 365 administrator account

Generating a Microsoft 365 Tenant ID, Client ID, and Certificate

 
  1. Power on your computer.
  2. Log in to Windows.
  3. Open PowerShell.
    1. Click Start.
    2. Search for PowerShell.
    3. Choose Windows PowerShell.
      Tip:

      Make sure you do not select Windows PowerShell (x86).

    4. Select Run as Administrator.
  4. Modify the execution policy by running the following command in PowerShell:

    Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process

    Note:

    For details about PowerShell execution policy, see: about_Execution_Policies

    A confirmation message appears.

  5. Enter Y or Yes.

    The PowerShell execution policy is modified.

  6. Download the BoxafeAppGenerator.ps1 PowerShell script and follow the instructions below:
    1. Right-click on the BoxafeAppGenerator.ps1 file.

      A drop-down menu appears.

    2. Select Properties.

      The BoxafeAppGenerator.ps1 Properties page appears.

    3. Go to General.
    4. Copy the file Location details.
    5. Paste the file location into the value in the following command:

      cd

      For example, if your location is C:\Users\QNAP\Downloads, then the command will become: cd C:\Users\QNAP\Downloads

      Opens the file location folder in PowerShell.

    6. Run the PowerShell script based on your Microsoft 365 domain region. For details, see the following table:

      Domain Region

      Command

      Microsoft 365 Global

      .\BoxafeAppGenerator.ps1 -AzureEnvironmentName AzureCloud

      Microsoft 365 operated by 21 Vianet (China)

      .\BoxafeAppGenerator.ps1 -AzureEnvironmentName AzureChinaCloud

      Microsoft 365 Germany

      .\BoxafeAppGenerator.ps1 -AzureEnvironmentName AzureGermanyCloud

      A certificate password configuration message appears.

  7. Specify a certificate password.
  8. Press Enter.

    A new certificate password is configured and the Microsoft Single Sign-On (SSO) window appears.

  9. Log in to Microsoft 365 as an administrator.

    • Boxafe is registered as a new application in Microsoft Azure AD.

      Tip:

      Do not close the window, you will need to return to the window later to complete Microsoft 365 authentication.

    • The Microsoft 365 tenant ID, client ID, and PFX certificate are generated and displayed in the PowerShell window.

      Tip:

      Do not close the PowerShell window or log out, you will need to return to the platform later to complete Microsoft 365 authentication.

  10. Go to the PowerShell window.
  11. Copy and save the Tenant Id, Application Id (Client Id), and PFX Certificate file (Keep securely).
    Important:

    Keep the Microsoft 365 authentication credentials safe. You will need the tenant ID, application ID (client ID), and PFX certificate to add the domain into Boxafe.

  12. Copy the generated URL shown at the bottom of the PowerShell window.
  13. Open the URL in a browser.

    The Boxafe Backup Solution API permissions window appears.

  14. Select Grant admin consent for QNAP Systems Inc.

    Boxafe is authorized to access your Microsoft 365 domain data.

Requesting Access to Microsoft Teams Protected APIs in Microsoft Graph

Important:

This Microsoft protected API access permission is only required for backing up Microsoft Teams data in Boxafe. You can skip this section if you do not need to back up Microsoft Teams data in Boxafe.

Microsoft Teams APIs in Microsoft Graph accesses sensitive data that are considered protected APIs. These APIs require additional validation and require you to submit the Request access to protected APIs in Microsoft Graph application form.

  1. Power on your computer.
  2. Log in to Windows.
  3. Open the Request access to protected APIs in Microsoft Graph form in a browser.

    The Request access to protected APIs in Microsoft Graph form appears.

  4. Specify the following information:

    No.

    Fields

    User Actions

    1

    Your email address and any others you want to list as an owner (semicolon separated)

    Enter the Microsoft 365 administrator email account or ID.

    2

    Email address of the person who should be notified about the approval status (Please mention only one email )

    Enter an email for receiving notifications.

    2

    May we contact you about your app's use of non-protected APIs? (E.g., reliability issues, advanced notice of breaking changes, throttling, etc)

    Select Yes.

    3

    Publisher name

    Enter your organization name.

    4

    App name

    Enter Boxafe.

    5

    App id(s) to enable application permissions for

    Enter the Microsoft 365 Client ID (Application ID).

    Note:

    For details, see Generating a Microsoft 365 Tenant ID, Client ID, and Certificate.

    6

    What does your app do? Why does it exist? (2-3 sentences explaining to an admin who has never heard of your app what it is and why they want it)

    Copy and paste the following description into this field:

    Our solution is a backup and restore solution. With our app, users can backup their SaaS application data, like Microsoft 365 data and restore data whenever they need to.

    7

    Why does your app need read access to all messages in the tenant? (If you don't, you don't need protected APIs)

    Copy and paste the following description into this field:

    Our application is a backup solution. Our app helps users to back up their Microsoft Teams conversation. We provide an export conversation backups option.

    9

    What are the tenant IDs that this app needs to run in? (semicolon-separated. Put "all" if you're writing software for other organizations to use.)

    Enter the Microsoft 365 tenant ID.

    For details, see Generating a Microsoft 365 Tenant ID, Client ID, and Certificate.

    10

    Does your organization own all those tenants? (if no, your answer above should be "all", or you should get the tenant owner to submit the request)

    Select Yes.
  5. Click Next.
    Note:

    You can skip this page.

    The next question appears.

  6. Optional: Answer the question: Anything else we need to know that doesn't fit in the above?

    You only need to respond to this question if there is anything worth noting.

  7. Click Submit.

    Your application to access Microsoft Teams protected APIs is submitted.

    Important:

    • It may take several days or weeks for Microsoft to process your application. Microsoft reviews access requests every Wednesday and implements approvals every Friday except during major holidays in the U.S. Submissions during holidays will be processed during the next work week.

    • If you would like to provide additional application information, contact: teamsAppPerms@microsoft.com

Granting Microsoft 365 Tenant Administrative Permissions for SharePoint Sites

Important:

  • You can skip this section if you do not need to back up Microsoft SharePoint site data in Boxafe.

  • You must obtain the Microsoft 365 Client ID, Tenant ID, and PFX Certificate before adding a SharePoint site to Boxafe. For details, see Generating a Microsoft Azure Client ID and Tenant ID.

  • The Microsoft 365 tenant administrative permissions are only required when adding a SharePoint site to Boxafe for backup. The permissions are not required when adding Microsoft 365 domains to Boxafe.

  1. Log in to the Microsoft Azure admin portal.
    Note:

    You must have Global admin credentials to log in to the Microsoft 365 domain.

  2. Go to Overview.
  3. Copy the Application (client) ID you obtained from Generating a Microsoft 365 Tenant ID, Client ID, and Certificate.
  4. Insert the tenant name into the following link: https://[tenant]-admin.sharepoint.com/_layouts/15/appinv.aspx.
    Note:

    The [tenant] name is the subdomain of your SharePoint Site. For example cloudqnap.sharepoint.com is the URL of your SharePoint site and cloudqnap is the tenant name.

  5. Open the link in the browser.
  6. Paste the ID into the App Id field.
  7. Click Lookup.

    The app title is generated.

  8. Enter the following information in the related fields:

    Fields

    Information

    App Domain:

    localhost

    Redirect URL:

    https://localhost

    App's Permission Request XML:

    		 
    <AppPermissionRequests AllowAppOnlyPolicy="true"> <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl"/> </AppPermissionRequests>
  9. Click Create.

    A confirmation message appears.

  10. Click Trust It.

    The Microsoft 365 tenant administrative permissions are granted to the SharePoint site.

Adding a Microsoft 365 Domain

  1. Open Boxafe.
  2. Go to Domains.
  3. Click Add New Domain.
  4. Obtain a Microsoft 365 authentication.

    For details, see Generating a Microsoft 365 Tenant ID, Client ID, and Certificate.

  5. Specify the following fields:

    • Microsoft 365 endpoint

    • Domain admin email address

    • Directory (tenant) ID

    • Application (client) ID

    • Certificate file

    • Certificate password

  6. Click Authorize.
  7. Optional: Select which Microsoft 365 services to back up.
  8. Select the users to add.

    Option

    Description

    Auto

    Automatically synchronize with Microsoft 365 and add new users to Boxafe.

    Manual

    Manually add users to Boxafe.
  9. Select the SharePoint sites to add.

    Option

    Description

    Auto

    Automatically synchronize with Microsoft 365 and add new sites for scheduled backup.

    Manual

    Manually add sites for scheduled backup.
  10. Select the Microsoft Teams to add.

    Option

    Description

    Auto

    Automatically synchronize with Microsoft 365 and add new Microsoft Teams for scheduled backup.

    Manual

    Manually add Microsoft Teams for scheduled backup.
  11. Click Next.
  12. Select the scope of the backup schedule.

    Option

    Description

    All Applications

    The backup schedule will apply to all applications.

    Individual Applications

    You can configure a different backup schedule for each application.
  13. Configure the backup schedule.
    1. Optional: Select an application to configure a backup schedule.
      Note:

      This option is only available if you selected Individual Applications in the previous step.

    2. Select a backup schedule policy.

      Backup Type

      User Actions

      Continuous

      1. Specify the start date.

      2. Select Stop backup on and specify a date.

      Note:

      The system automatically creates a backup task for continuous backup.

      Manual
      Note:
      • No backup schedule is created.

      • This option is not available when backing up email.

      Scheduled

      1. Specify the backup interval.

      2. Specify the start date and time.

      3. Select Stop backup after and specify a date.
    3. Optional: Select Delete older versions of backed up data after, and specify a period.
  14. Click Add.

    Boxafe adds the domain with the configured settings and backup schedule.

Byl tento článek užitečný?

Ano. Ne.
57% lidí si myslí, že to pomáhá.
Děkujeme vám za vaši zpětnou vazbu.

Sdělte nám prosím, jak lze tento článek vylepšit:

Pokud chcete poskytnout další zpětnou vazbu, uveďte ji níže.

Zvolte specifikaci

      Zobrazit více Zobrazit méně

      Tato stránka v jiných zemích / oblastech:

      open menu
      back to top