Search

How to get authentication credentials for adding a Microsoft 365 Domain to Boxafe?

Last modified date: 2025-06-11

How to get authentication credentials for adding a Microsoft 365 domain to Boxafe?

This tutorial will guide you through how to register a Microsoft Azure Active Directory (AD) application and generate a certificate for authorizing Boxafe to back up Microsoft 365 domain data. Additional instructions are provided in this tutorial on how to obtain API access permissions to back up Microsoft Teams and SharePoint Sites data in Boxafe.

Requirements

CategoryRequirements
HardwareA computer
Software
  • Minimum operating system version requirements: Windows 10 or Windows Server 16
  • PowerShell
  • Microsoft 365 administrator account

Generating a Microsoft 365 Tenant ID, Client ID, and Certificate

  1. Power on your computer.
  2. Log in to Windows.
  3. Open PowerShell.
    1. Click Start.
    2. Search for PowerShell.
    3. Choose Windows PowerShell.
      Tip:

      Make sure you do not select Windows PowerShell (x86).

    4. Select Run as Administrator.
  4. Modify the execution policy by running the following command in PowerShell:
    Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process
    Tip
    For details about PowerShell execution policy, see about_Execution_Policies.

    A confirmation message appears.

  5. Enter Y or Yes.

    The PowerShell execution policy is modified.

  6. Download the BoxafeAppGenerator.ps1 PowerShell script and follow the instructions below:
    1. Right-click on the BoxafeAppGenerator.ps1 file.

      A drop-down menu appears.

    2. Select Properties.

      The BoxafeAppGenerator.ps1 Properties page appears.

    3. Go to General.
    4. Copy the file Location details.
    5. Paste the file location into the value in the following command: 
      cd <file_location>

      For example, if your location is C:\Users\QNAP\Downloads, then the command will become: cd C:\Users\QNAP\Downloads

      Opens the file location folder in PowerShell.

    6. Run the PowerShell script based on your Microsoft 365 domain region. For details, see the following table:

      Domain Region

      Command

      Microsoft 365 Global

      .\BoxafeAppGenerator.ps1 -AzureEnvironmentName AzureCloud

      Microsoft 365 operated by 21 Vianet (China)

      .\BoxafeAppGenerator.ps1 -AzureEnvironmentName AzureChinaCloud

      A certificate password configuration message appears.

  7. Specify a certificate password.
  8. Press Enter.

    A new certificate password is configured and the Microsoft Single Sign-On (SSO) window appears.

  9. Log in to Microsoft 365 as an administrator.
    • Boxafe is registered as a new application in Microsoft Azure AD.
      Warning
      Do not close the window, you will need to return to the window later to complete Microsoft 365 authentication.
    • The Microsoft 365 tenant ID, client ID, and PFX certificate are generated and displayed in the PowerShell window.


      Warning
      Do not close the PowerShell window or log out, you will need to return to the platform later to complete Microsoft 365 authentication.
  10. Go to the PowerShell window.
  11. Copy and save the Tenant Id, Application Id (Client Id), and PFX Certificate file (Keep securely).
    Tip
    Keep the Microsoft 365 authentication credentials safe. You will need the tenant ID, application ID (client ID), and PFX certificate to add the domain into Boxafe.
  12. Copy the generated URL shown at the bottom of the PowerShell window.
  13. Open the URL in a browser.

    The Boxafe Backup Solution API permissions window appears.

  14. Select Grant admin consent for QNAP Systems Inc.

    The Boxafe is authorized to access your Microsoft 365 domain data.

Granting Microsoft 365 Tenant Administrative Permissions for SharePoint Sites

Important
  • You can skip this section if you do not need to back up Microsoft SharePoint site data in Boxafe.
  • You must obtain the Microsoft 365 Client ID, Tenant ID, and PFX Certificate before adding a SharePoint site to Boxafe. For details, see Generating a Microsoft Azure Client ID and Tenant ID.
  • The Microsoft 365 tenant administrative permissions are only required when adding a SharePoint site to Boxafe for backup. The permissions are not required when adding Microsoft 365 domains to Boxafe.
  1. Log in to the Microsoft Azure admin portal.
    Note
    You must have Global admin credentials to log in to the Microsoft 365 domain.
  2. Go to Overview.
  3. Copy the Application (client) ID you obtained from Generating a Microsoft 365 Tenant ID, Client ID, and Certificate.
  4. Insert the tenant name into the following link: https://[tenant]-admin.sharepoint.com/_layouts/15/appinv.aspx
    Note:

    The [tenant] name is the subdomain of your SharePoint Site. For example cloudqnap.sharepoint.com is the URL of your SharePoint site and cloudqnap is the tenant name.

  5. Open the link in the browser.
  6. Paste the ID into the App Id field.
  7. Click Lookup.

    The app title is generated.

  8. Enter the following information in the related fields:

    Fields

    Information

    App Domain:

    localhost

    Redirect URL:

    https://localhost

    App's Permission Request XML:

     <AppPermissionRequests AllowAppOnlyPolicy="true"> <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl"/> </AppPermissionRequests>
  9. Click Create.

    A confirmation message appears.

  10. Click Trust It.

    The Microsoft 365 tenant administrative permissions are granted to the SharePoint site.

Adding a Microsoft 365 Domain

  1. Open Boxafe.
  2. Go to Domains.
  3. Click Add New Domain.
  4. Obtain a Microsoft 365 authentication.
  5. Specify the following fields: 
    • Microsoft 365 endpoint
    • Domain admin email address
    • Directory (tenant) ID
    • Application (client) ID
    • Certificate file
    • Certificate password
  6. Click Authorize.
  7. Optional:  Select which Microsoft 365 services to back up.
  8. Select the users to add.

    Option

    Description

    Auto

    Automatically synchronize with Microsoft 365 and add new users to Boxafe.

    Manual

    Manually add users to Boxafe.

  9. Select the SharePoint sites to add.

    Option

    Description

    Auto

    Automatically synchronize with Microsoft 365 and add new sites for scheduled backup.

    Manual

    Manually add sites for scheduled backup.

  10. Select the Microsoft Teams to add.

    Option

    Description

    Auto

    Automatically synchronize with Microsoft 365 and add new Microsoft Teams for scheduled backup.

    Manual

    Manually add Microsoft Teams for scheduled backup.

  11. Click Next.
  12. Select the scope of the backup schedule.

    Option

    Description

    All Applications

    The backup schedule will apply to all applications.

    Individual Applications

    You can configure a different backup schedule for each application.

  13. Configure the backup schedule.
    1. Optional:  Select an application to configure a backup schedule.
      Note:

      This option is only available if you selected Individual Applications in the previous step.

    2. Select a backup schedule policy.

      Backup Type

      User Actions

      Continuous

      1. Specify the start date.
      2. Select Stop backup on and specify a date.
      Tip
      The system automatically creates a backup task for continuous backup.

      Manual

      No backup schedule is created. This option is not available when backing up email.

      Scheduled

      1. Specify the backup interval.
      2. Specify the start date and time.
      3. Select Stop backup after and specify a date.
    3. Optional:  Select Delete older versions of backed up data after, and specify a period.
  14. Click Add.

    Boxafe adds the domain with the configured settings and backup schedule.

Was this article helpful?

Yes. No.
57% of people think it helps.
Thank you for your feedback.

Please tell us how this article can be improved:

If you want to provide additional feedback, please include it below.

Chọn thông số kỹ thuật

      Xem thêm Thu gọn

      Choose Your Country or Region

      open menu
      back to top