Get key of Application (client) ID & Secret Value & Directory (tenant) ID for Office 365 / Outlook user account

15-May-2025 · Wing Au Yeung

Why get key of Application (client) ID & Secret Value & Directory (tenant) ID for Office 365 / Outlook user account?

To add into outlook calendar when staff create Leave Application in ESS system or add created Leave Entry in Backstage Admin portal.

Please note that this function only works with your Work Microsoft 365 Account, personal outlook account may not be able to do it.

"A Microsoft 365 account with an Exchange Online mailbox. If you do not have a Microsoft 365 account, you can sign up for the Microsoft 365 Developer Program to get a free Microsoft 365 subscription."

What information do you need?

Application (client) ID
Secret Value
Directory (tenant) ID
Correct API permissions

To have above key, we can refer to MS doc:
https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-authenticate-an-ews-application-by-using-oauth

Before starting, we highly recommend you do the following with the Microsoft 365 account you prepare to be an organization-wide Calendar.

How to get key of Application (client) ID & Secret Value & Directory (tenant) ID for Office 365 / Outlook user account?

1. Register your application

To use OAuth, an application must have an application ID issued by Microsoft Entra. In this tutorial, it is assumed that the application is a console application, so you need to register your application as a public client with Microsoft Entra. You can register an application in the Microsoft Entra admin center or by using Microsoft Graph.

Open a browser and navigate to the Microsoft Entra admin center and login using a Work or School Account.
Select Identity in the left-hand navigation, then select App registrations under Applications.
Select New registration. On the Register an application page, set the values as follows.
- Set Name to a friendly name for your app.
- Set Supported account types to the choice that makes sense for your scenario.
- For Redirect URI, change the dropdown to Public client (mobile & desktop) and set the value to https://login.microsoftonline.com/common/oauth2/nativeclient.
Choose Register. On the next page, copy the values of the Application (client) ID and Directory (tenant) ID and save them, you will need them later.

-> You will get Application (client) ID and Directory (tenant) ID here

2. Configure for app-only authentication

To use application permissions, follow these additional steps.

Select Manifest in the left-hand navigation under Manage.

Locate the requiredResourceAccess property in the manifest, and add the following inside the square brackets ([]):
JSONCopy

<p> 
{
  "resourceAppId": "00000002-0000-0ff1-ce00-000000000000",
  "resourceAccess": [
      {
          "id": "dc890d15-9560-4a4c-9b7f-a736ec74ec40",
          "type": "Role"
      }
  ]
}
</p>

Select Save.
Select API permissions under Manage. Confirm that the full_access_as_app permission is listed.
Select Grant admin consent for org and accept the consent dialog.
Select Certificates & Secrets in the left-hand navigation under Manage.
Select New client secret, enter a short description and select Add.
Copy the Value of the newly added client secret and save it

-> You will get Secret Value here

3. Configure for delegated authentication

Select API permissions in the left-hand navigation under Manage
Click Add a permission
You need to have these API permission with related status:
- user.read - [delegated]
- Calendars.ReadWrite.All - [delegated]
- full_access_as_app - [Application]
Please ensure all API permissions Status is Granted for your org

-> You will have correct API permissions here

🎊 And now, you will have those permissions and keys!

In this page