- Open Microsoft Entra and log in with your Microsoft 365 admin account.
- If you have more than one directory, expand the correct directory.
- Click Applications > App registrations in the side navigation bar.
- In the top menu, click ➕New Registration.
- Enter a display name for the application. This will be shown to users.
- Select a set of users who will have access to the application:
- Accounts in this organizational directory only (MSFT only - Single tenant): Only people who have a user or guest account in your Microsoft Entra can use your application.
- Accounts in any organizational directory (Any Microsoft Entra ID directory - Multitenant): Anyone who has a work or school Microsoft account can use your application. This excludes personal Microsoft accounts. Also enables multitenancy for your application.
- Accounts in any organizational directory (Any Microsoft Entra ID directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox): Anyone who has a personal, work, or school Microsoft account can use your application. Use this option to target the widest set of Microsoft accounts. Also enables multitenancy for your application.
- Personal Microsoft accounts only: Anyone with a personal Microsoft account – for example, who signs in to services like Xbox – can use your application.
Note: Changing this access setting after you’ve registered the application can cause errors.
- Select the platform and enter a URL for users to be redirected to after they log in.
- Click Register.
Entra will display the application in the Owned applications tab of the App registrations page. You can also view applications registered for your organisation by clicking Applications > Enterprise applications in the side navigation bar.
Alternatively, get to Microsoft Entra through the Microsoft 365 portal:
- Go to the Microsoft 365 portal and log in with your Microsoft 365 admin account.
- Click the Admin app in the side navigation bar.
- Scroll down to Admin centers in the sidebar and click Microsoft Entra ID.
You might need to click Show all to expand the sidebar and display all administration options.
Add Office 365 Management Activity API Permissions
- On the Owned applications tab of the App registrations page, click the name of your application.
- Click API permissions in the side toolbar.
- Click Add a permission.
- Click Office 365 Management APIs on the Microsoft APIs tab.
- Click Application permissions.
- Tick:
- ActivityFeed.Read
- ActivityFeed.ReadDlp
- ServiceHealth.Read
- Click Add permissions.
- Check that your changes have been saved on the API permissions page.
- Click Grant admin consent for [organisation name] to give the application access – on behalf of the whole organisation – to the permissions you added.
- Click Yes.
Entra will change the permissions table to reflect the admin consent grant.
Assign Microsoft Entra ID Roles to the Application
The supported roles for applications to access the Reporting Web Service are:
- Global Reader
- Security Reader
- In Microsoft Entra, click Roles & admins > Roles & admins on the side navigation bar.
Note: if you can't see this in the menu, you may need to click Show more. - Enter global into the search bar and click on Global Reader.
- Click ➕Add assignments.
- Click No member selected to assign the role to the app.
- Enter part of the application’s name in the search bar.
- Click the application name and click Select.
- Click the Setting tab.
- Enter a reason for assigning the role and click Assign.
Repeat steps for the Security Reader role.