KKeine Bearbeitungszusammenfassung |
KKeine Bearbeitungszusammenfassung |
||
(4 dazwischenliegende Versionen von einem anderen Benutzer werden nicht angezeigt) | |||
Zeile 30: | Zeile 30: | ||
| Launch Azure ''Active Directory admin center'' }} | | Launch Azure ''Active Directory admin center'' }} | ||
{{var | Menü Azure Active Directory | {{var | Menü Azure Active Directory | ||
| ''' | | '''Mandanten-ID''' im Menü ''Azure Active Directory'' '''notieren/kopieren''' | ||
| '''Note down/Copy ''' '''Tenant ID''' from the ''Azure Active Directory'' menu }} | | '''Note down/Copy ''' '''Tenant ID''' from the ''Azure Active Directory'' menu }} | ||
{{var | Menü Azure Active Directory--Bild | {{var | Menü Azure Active Directory--Bild | ||
| | | Azure_Actice_Directory.png | ||
| | | Azure_Actice_Directory-en.png }} | ||
{{var | Menü Azure Active Directory--cap | {{var | Menü Azure Active Directory--cap | ||
| | | | ||
* Anmelden unter [https://portal.azure.com Portal Azure] oder [https://entra.microsoft.com Microsoft Entra]{{info|In Microsoft Entra sind einige Menupunkte als Untermenupunkte eingerichtet.}} | |||
* Menü ''Azure Active Directory'' wählen | * Menü ''Azure Active Directory'' wählen | ||
* ''' | * '''Mandanten-ID notieren''', wird beim hinzufügen einer OAuth 2 Verbindung eingetragen | ||
| | | | ||
* Select ''Azure Active Directory'' menu | * Select ''Azure Active Directory'' menu | ||
* '''Note down or copy Tenant ID''', is entered | * '''Note down or copy '''Tenant ID''', is entered when adding an OAuth 2 connection }} | ||
{{var | Menü Azure Active Directory UMA--cap | {{var | Menü Azure Active Directory UMA--cap | ||
| | | | ||
* | * Anmelden unter [https://portal.azure.com Portal Azure] oder [https://entra.microsoft.com Microsoft Entra]{{info|In Microsoft Entra sind einige Menupunkte als Untermenupunkte eingerichtet.}} | ||
* ''' | * ''Azure Active Directory'' wählen | ||
* '''Mandanten-ID notieren''', wird bei Remote E-Mail-Konten und bei Einzelnes Postfach Importieren eingetragen | |||
| | | | ||
* Select ''Azure Active Directory'' menu | * Select ''Azure Active Directory'' menu | ||
* '''Note down or copy Tenant ID''', is entered | * '''Note down or copy Tenant ID''', is entered for remote e-mail accounts and for importing single mailboxes }} | ||
{{var | New registration | {{var | New registration | ||
| Neue App registrieren unter Menü ''App | | Neue App registrieren unter Menü ''App-Registrierung'' Schaltfläche ''Neue Registrierung'' | ||
| Register new app under the''App registration'' menu under the ''New registration'' button }} | | Register new app under the''App registration'' menu under the ''New registration'' button }} | ||
{{var | New registration--Bild | {{var | New registration--Bild | ||
| | | Azure_New_Registration.png | ||
| | | Azure_New_Registration-en.png }} | ||
{{var | New registration--cap | {{var | New registration--cap | ||
| Neue App registrieren: | | Neue App registrieren: | ||
* Menü ''App | * Menü ''App-Registrierung'' | ||
* Schaltfläche ''' | * Schaltfläche '''Neue Registrierung''' | ||
| Register new app: | | Register new app: | ||
* Menu ''App registration'' | * Menu ''App registration'' | ||
* Button '''New registration''' }} | * Button '''New registration''' }} | ||
{{var | Namen vergeben | {{var | Namen vergeben | ||
| Eindeutigen Namen vergeben und Schaltfläche | | Eindeutigen Namen vergeben und Schaltfläche Registrieren klicken | ||
| Assign a unique name and click the register button }} | | Assign a unique name and click the register button }} | ||
{{var | Namen vergeben--Bild | {{var | Namen vergeben--Bild | ||
| | | Azure_App_Namen_vergeben.png | ||
| | | Azure_App_Namen_vergeben-en.png }} | ||
{{var | Namen vergeben--cap | {{var | Namen vergeben--cap | ||
| | | | ||
* Eindeutigen Namen vergeben | * Eindeutigen Namen vergeben | ||
* Schaltfläche '' | * Schaltfläche ''Registrieren'' klicken | ||
| | | | ||
* Assign a unique name | * Assign a unique name | ||
* Click ''Register'' button }} | * Click ''Register'' button }} | ||
{{var | API Permissions | {{var | API Permissions | ||
| Menu ''API | | Menu ''API-Berechtigungen'' wählen | ||
| Select ''API permissions'' menu }} | | Select ''API permissions'' menu }} | ||
{{var | API Permissions--Bild | {{var | API Permissions--Bild | ||
| | | Azure_API_permissions.png | ||
| | | Azure_API_permissions-en.png }} | ||
{{var | | {{var | API Permissions--cap | ||
| | | Es wird eine Zusammenfassung der soeben registrierten App angezeigt | ||
* {{Alert}}Die hier angezeigte Object ID gehört '''nicht''' zur App und wird '''nicht''' benötigt! | |||
* Menu ''API | * Menu ''API-Berechtigungen'' wählen | ||
| | | A summary of the newly registered app is displayed | ||
* {{Alert}}The Object ID displayed here '''does not''' belong to the app and is '''not''' needed! | |||
* Select ''API permissions'' menu }} | * Select ''API permissions'' menu }} | ||
{{var | Add permission | {{var | Add permission | ||
| Im Menü ''API | | Im Menü ''API-Berechtigungen'' die Schaltfläche ''Berechtigung hinzufügen'' klicken | ||
| In the ''API permissions'' menu, click the ''Add a permission'' button. }} | | In the ''API permissions'' menu, click the ''Add a permission'' button. }} | ||
{{var | Add permission--Bild | {{var | Add permission--Bild | ||
| | | Azure_MC_Api_permission_hinzufügen.png | ||
| | | Azure_MC_Api_permission_hinzufügen-en.png }} | ||
{{var | Add permission--cap | {{var | Add permission--cap | ||
| | | | ||
* Schaltfläche '' | * Schaltfläche ''Berechtigung hinzufügen'' klicken | ||
| | | | ||
* Click ''Add a permission'' button }} | * Click ''Add a permission'' button }} | ||
{{var | Permission Office 365 | {{var | Permission Office 365 | ||
| Berechtigung für ''Office 365 Exchange | | Berechtigung für ''Office 365 Exchange Online'' im Reiter ''Von meiner Organisation verwendete APIs'' wählen | ||
| Select permission for ''Office 365 Exchange | | Select permission for ''Office 365 Exchange Online'' in the ''APIs my organization uses'' tab }} | ||
{{var | Permission Office 365--Bild | {{var | Permission Office 365--Bild | ||
| | | Azure_MC_Permission_Office_365.png | ||
| | | Azure_MC_Permission_Office_365-en.png }} | ||
{{var | Permission Office 365--cap | {{var | Permission Office 365--cap | ||
| | | | ||
* Reiter ''APIs | * Reiter ''Von meiner Organisation verwendete APIs'' wählen | ||
* Berechtigung für ''Office 365 Exchange | * Berechtigung für ''Office 365 Exchange Online'' wählen | ||
| | | | ||
* Select the tab ''APIs my organization uses'' | * Select the tab ''APIs my organization uses'' | ||
* Select permission for ''Office 365 Exchange | * Select permission for ''Office 365 Exchange Online'' }} | ||
{{var | Integration Assistent | {{var | Integration Assistent | ||
| ''IMAP.AccessAsApp''- | | ''IMAP.AccessAsApp''-Berechtigung für Office 365 Exchange Online hinzufügen | ||
| Add ''IMAP.AccessAsApp'' permission | | Add ''IMAP.AccessAsApp'' permission for Office 365 Exchange Online }} | ||
{{var | Integration Assistent--Bild | {{var | Integration Assistent--Bild | ||
| | | Azure_MC_Integration_assistant.png | ||
| | | Azure_MC_Integration_assistant-en.png }} | ||
{{var | Integration Assistent--cap | {{var | Integration Assistent--cap | ||
| | | | ||
* Schaltfläche ''Anwendungsberechtigungen'' klicken | |||
* Schaltfläche '' | |||
* nach ''imap'' suchen | * nach ''imap'' suchen | ||
* IMAP.AccessAsApp markieren | * IMAP.AccessAsApp markieren | ||
* Schaltfläche ''' | * Schaltfläche '''Berechtigungen hinzufügen''' klicken | ||
| | | | ||
* Click ''Application permissions'' button | * Click ''Application permissions'' button | ||
* Search for ''imap'' | * Search for ''imap'' | ||
Zeile 134: | Zeile 132: | ||
* Click the '''Add permissions''' button }} | * Click the '''Add permissions''' button }} | ||
{{var | Grant admin consent | {{var | Grant admin consent | ||
| Im Menü ''API | | Im Menü ''API-Berechtigungen'' den Eintrag ''Administratorzustimmung für [...] erteilen'' aktivieren | ||
| In the menu ''API permissions'' activate the entry ''Grant admin consent for...''. }} | | In the menu ''API permissions'' activate the entry ''Grant admin consent for [...]''. }} | ||
{{var | Grant admin consent--Bild | {{var | Grant admin consent--Bild | ||
| | | Azure_MC_Grant_admin_consent.png | ||
| | | Azure_MC_Grant_admin_consent-en.png }} | ||
{{var | Grant admin consent--cap | {{var | Grant admin consent--cap | ||
| | | | ||
* Erneut Menü ''API | * Erneut Menü ''API-Berechtigungen'' auswählen | ||
* Eintrag '' | * Eintrag ''Administratorzustimmung für [...] erteilen'' auswählen | ||
* Schaltfläche '' | * Schaltfläche ''Ja'' anklicken | ||
| | | | ||
* Select menu ''API permissions'' again. | * Select menu ''API permissions'' again. | ||
* Select entry ''Grant admin consent for...'' | * Select entry ''Grant admin consent for [...]'' | ||
* Click the ''Yes'' button }} | * Click the ''Yes'' button }} | ||
{{var | Granted admin consent | {{var | Granted admin consent | ||
Zeile 152: | Zeile 150: | ||
| }} | | }} | ||
{{var | Granted admin consent--Bild | {{var | Granted admin consent--Bild | ||
| | | Azure_MC_Granted_admin_consent.png | ||
| | | Azure_MC_Granted_admin_consent-en.png }} | ||
{{var | Granted admin consent--cap | {{var | Granted admin consent--cap | ||
| '' | | ''Administratorzustimmung für [...] erteilen'' erfolgreich gewährt | ||
| ''Grant admin consent for...'' successfully granted }} | | ''Grant admin consent for...'' successfully granted }} | ||
{{var | Add Client Secret | {{var | Add Client Secret | ||
| Im Menü '' | | Im Menü ''Zertifikate & Geheimnisse'' ein ''Geheimen Clientschlüssel'' erstellen | ||
| Create a ''Client secret'' in the ''Certificates & secrets'' menu }} | | Create a ''Client secret'' in the ''Certificates & secrets'' menu }} | ||
{{var | Add Client Secret--Bild | {{var | Add Client Secret--Bild | ||
| | | Azure_MC_Add_Client_Secret.png | ||
| | | Azure_MC_Add_Client_Secret-en.png }} | ||
{{var | Add Client Secret--cap | {{var | Add Client Secret--cap | ||
| | | | ||
* Menü '' | * Menü ''Zertifikate & Geheimnisse'' | ||
* Reiter '' | * Reiter ''Geheime Clientschlüssel'' | ||
* Eintrag '' | * Eintrag ''neuer geheimer Clientschlüssel'' | ||
* Eindeutige Beschreibung eingeben | * Eindeutige Beschreibung eingeben | ||
* gewünschte Laufzeit wählen (max. 24 Monate) | * gewünschte Laufzeit wählen (max. 24 Monate) | ||
* Schaltfläche '' | * Schaltfläche ''Hinzufügen'' anklicken | ||
| | | | ||
* Menu ''Certificates & secrets'' | * Menu ''Certificates & secrets'' | ||
Zeile 179: | Zeile 177: | ||
* Click ''Add'' button }} | * Click ''Add'' button }} | ||
{{var | App Secret | {{var | App Secret | ||
| ''' | | '''Wert''' notieren, wird beim hinzufügen einer OAuth 2 Verbindung als ''Geheimer Clientschlüssel'' eingetragen | ||
| Note down '''Value''', will be entered as ''Secret Client Key'' when adding an OAuth 2 connection }} | | Note down '''Value''', will be entered as ''Secret Client Key'' when adding an OAuth 2 connection }} | ||
{{var | App Secret UMA | {{var | App Secret UMA | ||
| ''' | | '''Wert''' notieren, wird als ''Client secret'' bei Remote E-Mail-Konten und Einzelnes Postfach Importieren eingetragen | ||
| Note down '''Value''', is entered as ''Client secret'' for Remote e-mail accounts and Import single mailboxes }} | | Note down '''Value''', is entered as ''Client secret'' for Remote e-mail accounts and Import single mailboxes }} | ||
{{var | App Secret--Bild | {{var | App Secret--Bild | ||
| | | Azure_MC_App_Secret.png | ||
| | | Azure_MC_App_Secret-en.png }} | ||
{{var | App Secret--cap | {{var | App Secret--cap | ||
| ''' | | '''Wert''' notieren, wird beim hinzufügen einer OAuth 2 Verbindung als ''Geheimer Clientschlüssel'' eingetragen | ||
| Note down '''Value''', will be entered as ''Secret Client Key'' when adding an OAuth 2 connection }} | | Note down '''Value''', will be entered as ''Secret Client Key'' when adding an OAuth 2 connection }} | ||
{{var | App Secret UMA--cap | {{var | App Secret UMA--cap | ||
| ''' | | '''Wert''' notieren, wird als ''Client secret'' bei Remote E-Mail-Konten und Einzelnes Postfach Importieren eingetragen | ||
| Note down '''Value''', is entered as ''Client secret'' for Remote e-mail accounts and Import single mailboxes }} | | Note down '''Value''', is entered as ''Client secret'' for Remote e-mail accounts and Import single mailboxes }} | ||
{{var | Enterprise applications | {{var | Enterprise applications | ||
| Menü '' | | Menü ''Unternehmensanwendungen'' öffnen und App wählen | ||
| Open menu ''Enterprise Applications'' and select app }} | | Open menu ''Enterprise Applications'' and select app }} | ||
{{var | Enterprise applications--Bild | {{var | Enterprise applications--Bild | ||
| | | Azure_MC_Enterprise_applications.png | ||
| | | Azure_MC_Enterprise_applications-en.png }} | ||
{{var | Enterprise applications--cap | {{var | Enterprise applications--cap | ||
| | | | ||
* Zurück zum Dashboard, Menü ''Azure Active Directory'' | * Zurück zum Dashboard, Menü ''Azure Active Directory'' | ||
* Menü '' | * Menü ''Unternehmensanwendungen'' | ||
| | | | ||
* Back to the dashboard, menu ''Azure Active Directory'' | * Back to the dashboard, menu ''Azure Active Directory'' | ||
Zeile 210: | Zeile 208: | ||
| }} | | }} | ||
{{var | Enterprise All applications--Bild | {{var | Enterprise All applications--Bild | ||
| | | Azure_MC_Enterprise_All_applications.png | ||
| | | Azure_MC_Enterprise_All_applications-en.png }} | ||
{{var | Enterprise All applications--cap | {{var | Enterprise All applications--cap | ||
| | | | ||
* Menü '' | * Menü ''Alle Anwendungen'' | ||
* Securepoint App wählen | * Securepoint App wählen | ||
| | | | ||
Zeile 220: | Zeile 218: | ||
* Select Securepoint app }} | * Select Securepoint app }} | ||
{{var | App Eigenschaften | {{var | App Eigenschaften | ||
| Aus den App Eigenschaften ''' | | Aus den App Eigenschaften '''Anwendungs-ID''' und '''Objekt-ID''' '''notieren''' | ||
| '''Note down''' from the app properties '''Application ID''' and '''Object ID'''. }} | | '''Note down''' from the app properties '''Application ID''' and '''Object ID'''. }} | ||
{{var | App Eigenschaften--Bild | {{var | App Eigenschaften--Bild | ||
| | | Azure_MC_App_Eigenschaften.png | ||
| | | Azure_MC_App_Eigenschaften-en.png }} | ||
{{var | App Eigenschaften--cap | {{var | App Eigenschaften--cap | ||
| Aus den App Eigenschaften '''notieren''': | | Aus den App Eigenschaften '''notieren''': | ||
* ''' | * '''Anwendungs-ID''', wird beim hinzufügen einer OAuth 2 Verbindung als ''Anwendungs-ID'' eingetragen | ||
* ''' | * '''Objekt-ID''', wird für die Vergabe der Berechtigung per Powershell benötigt | ||
| '''Note down''' from the app properties: | | '''Note down''' from the app properties: | ||
* '''Application ID''', is entered as ''Application ID'' when adding an OAuth 2 connection | * '''Application ID''', is entered as ''Application ID'' when adding an OAuth 2 connection | ||
Zeile 234: | Zeile 232: | ||
{{var | App Eigenschaften UMA--cap | {{var | App Eigenschaften UMA--cap | ||
| Aus den App Eigenschaften '''notieren''': | | Aus den App Eigenschaften '''notieren''': | ||
* ''' | * '''Anwendungs-ID''', wird als ''Anwendungs-ID'' bei Remote E-Mail-Konten und Einzelnes Postfach Importieren eingetragen | ||
* ''' | * '''Objekt-ID''', wird für die Vergabe der Berechtigung per Powershell benötigt | ||
| '''Note down''' from the app properties: | | '''Note down''' from the app properties: | ||
* '''Application ID''', is entered as ''Client ID'' for Remote E-mail Accounts and Import Individual Mailboxes | * '''Application ID''', is entered as ''Application (Client) ID'' for Remote E-mail Accounts and Import Individual Mailboxes | ||
* '''Object ID''', is required for the granting of the authorisation via Powershell }} | * '''Object ID''', is required for the granting of the authorisation via Powershell }} | ||
{{var | Powershell Berechtigungen | {{var | Powershell Berechtigungen | ||
Zeile 248: | Zeile 246: | ||
| | | | ||
* Auf einem Windows Client Administrator ''Powershell'' öffnen | * Auf einem Windows Client Administrator ''Powershell'' öffnen | ||
* ''ExchangeOnlineManagement'' Modul installieren {{info|1=Falls es Probleme beim Installieren des Moduls oder beim Verbinden gibt muss man ggf. Powershell auf TLS 1.2 konfigurieren:<br><nowiki>></nowiki>[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 }} | {{Hinweis-box| | ||
* ''ExchangeOnlineManagement'' Modul installieren {{info|1=Falls es Probleme beim Installieren des Moduls oder beim Verbinden gibt muss man ggf. Powershell auf TLS 1.2 konfigurieren:<br>{{code|1=<nowiki>></nowiki>[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12}} |class=inline-block}} | |||
**{{code|> Install-Module -Name ExchangeOnlineManagement -allowprerelease}} | **{{code|> Install-Module -Name ExchangeOnlineManagement -allowprerelease}} | ||
**{{code|> Import- | }} | ||
**{{code|> Connect-ExchangeOnline -Organization | * ''ExchangeOnlineManagement'' importieren und mit Tenant verbinden: | ||
* Neuen Dienst Prinzipal anlegen: | **{{code|> Import-Module ExchangeOnlineManagement}} | ||
**{{code|> New-ServicePrincipal -AppId Enterprise-oApp-ooID-oooo-oooooooo -ServiceId}} | **{{code|> Connect-ExchangeOnline -Organization Mandanten-ID}} (Siehe Abb.1) | ||
''' | * Neuen Dienst Prinzipal anlegen und eindeutigen Namen vergeben: | ||
* Mailbox Permissions vergeben: | **{{code|> New-ServicePrincipal -DisplayName SecurepointServicePrincipal -AppId Enterprise-oApp-ooID-oooo-oooooooo -ServiceId Enterprise-oObj-ooID-oooo-oooooooo}} | ||
**{{code|> Add-MailboxPermission -AccessRights FullAccess}} | **Bei Enterprise-oApp-ooID-oooo-oooooooo die '''Anwendungs-ID''' und bei Enterprise-oObj-ooID-oooo-oooooooo die '''Objekt-ID''' (siehe Abb. 14) eintragen | ||
* Im Anschluss Mailbox Permissions vergeben: | |||
**{{code|> Add-MailboxPermission -Identity alice@anyideas.onmicrosoft.com -User SecurepointServicePrincipal -AccessRights FullAccess}} | |||
| | | | ||
* Open ''Powershell'' on a Windows client administrator | * Open ''Powershell'' on a Windows client administrator | ||
* Install ''ExchangeOnlineManagement'' module {{info|1=If there are problems installing the module or connecting, you may need to configure Powershell to TLS 1.2:<br>>[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12}} | * Install ''ExchangeOnlineManagement'' module {{info|1=If there are problems installing the module or connecting, you may need to configure Powershell to TLS 1.2:<br>>[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12}} | ||
**{{code|> Install-Module -Name ExchangeOnlineManagement -allowprerelease}} | **{{code|> Install-Module -Name ExchangeOnlineManagement -allowprerelease}} | ||
* Import ''ExchangeOnlineManagement'' and connect to Tenant: | |||
**{{code|> Import-module ExchangeOnlineManagement}} | **{{code|> Import-module ExchangeOnlineManagement}} | ||
**{{code|> Connect-ExchangeOnline -Organization | **{{code|> Connect-ExchangeOnline -Organization Tenant ID}} (See Fig.1) | ||
* Create a new service principal: | * Create a new service principal and assign a unique name: | ||
**{{code|> New-ServicePrincipal -AppId Enterprise-oApp-ooID-oooo-oooooooo -ServiceId}} | **{{code|> New-ServicePrincipal -DisplayName SecurepointServicePrincipal -AppId Enterprise-oApp-ooID-oooo-oooooooo -ServiceId Enterprise-oObj-ooID-oooo-oooooooo}} | ||
''' | **For Enterprise-oApp-ooID-oooo-oooooooo enter the '''Application ID''' and for Enterprise-oObj-ooID-oooo-oooooooo enter the '''Object ID''' (see Fig. 14) | ||
* | * Then assign mailbox permissions: | ||
**{{code|> Add-MailboxPermission -AccessRights FullAccess}} }} | **{{code|> Add-MailboxPermission -Identity alice@anyideas.onmicrosoft.com -User SecurepointServicePrincipal -AccessRights FullAccess}} }} | ||
{{var | Exchange admin center | {{var | Exchange admin center | ||
| Empfängermailbox im ''Exchange admin center'' auswählen und als Delegation ''Read and manage (Full Access)'' wählen | | Empfängermailbox im ''Exchange admin center'' auswählen und als Delegation ''Read and manage (Full Access)'' wählen |
UTM/APP/Azure-OAuth.lang: Unterschied zwischen den Versionen
Aus Securepoint Wiki