HaloITSM

HaloITSM Guides

Documentation to assist with the setup and configuration of the HaloITSM platform

Guides > Azure Mail Setup

Azure Mail Setup

Setup of Azure Application


Halo can connect to standard licensed mailboxes and also Shared Mailboxes. All other kinds of mailboxes are currently unsupported.

The first step is to register the application in Azure. Please see the steps below for this part.


If using a shared mailbox, the user that authorizes the connection in Halo will also need "Read and Manage" as well as "Send As" permissions for the shared mailbox. This should be added using the M365 Admin Centre and not via the Exchange Admin Console.


1. Navigate to the Azure Active Directory Admin Center and create a New Registration in App Registrations.



2. Enter a name and your Halo Application URL appended with '/azure/auth' (format shown below). 



3. Once registered, navigate to the 'Authentication' tab and add a second redirect URI. This is your Halo Application URL appended with '/account/azureresponse'. 


4. Note down the Application (Client) ID and Directory (Tenant) ID as we will need to use these later.



5. Go to the Certificates & Secrets tab and create a new secret, Take Note of the VALUE and not the Secret ID.



6. Next go to API Permissions and click Add permission.



 

7. Choose Microsoft Graph and then Delegated



8. For ALL Mailboxes select the below permissions highlighted in yellow and save. (ensure these are Delegated and not Application)


(For Shared Mailboxes there are two additional permissions that need to be added: Mail.ReadWrite.Shared and Mail.Send.Shared)


 



9. Grant Admin Consent for these permissions.



Setup of Mail in Halo


After the application is registered in Azure and given the correct permissions you can setup the mailbox in Halo.


1. In Halo go to Configuration > Email > Mailbox Setup > Create a new entry and choose Office 365/Azure.


2. Fill out all details below, taking the Client ID, Tenant ID and Secret Value that we created above in step 3 and 4 Then click the Authorize button which will take you to your tenant to sign in with the details of the mailbox that you want to use. Please note that, if you are using a shared mailbox, the licenced user is added as a delegate user on the shared resource and has Read & Manage permissions added to the shared mailbox (via Manage Mailbox Permissions in 365 admin center).


IMPORTANT: Adding a new mailbox will remove ALL emails from the inbox and turn them into tickets, deleting the emails in the process. Depending on your configuration, it may also send acknowledgement emails out of these tickets. For this reason it is recommended that you start with an empty mailbox. 



 

 3. To ensure that the Azure method is used you will need to pass the sending function to the server processing application. To do this go to Configuration > Email and untick the below setting.




Once this is completed and the mailbox is enabled the mailbox setup is complete.


NB: To ensure the authenticating account has access to the shared mailbox, you can first log into the authenticating account in 365, then head to the shared mailbox via the 'Switch Account' option:




Once you're in the shared mailbox, right click on the inbox folder > Permissions & ensure the authenticating (licences) address is marked as having full access. If you do not see the licenced address in here, please add it in as an owner.


Popular Guides

Pin It on Pinterest