Creating an application Instance

In order to authenticate against Microsoft 365 services, an application is required. To create applications, follow these steps:

1. Navigate to https://portal.azure.com/ and login with your Microsoft 365 global administrator account

2. Navigate to App Registrations as shown below and click "New registration"

3. Set a name for your application (it should be descriptive) and check the "Single tenant" option (this is required in order to allow end users the option to consent to this application without administrator intervention)

4. After creation, an overview of the application will be shown. Note the Application (client) ID, which we will need to use with the target TAP Actions. This should be saved for reference as future access to this resource will be done through this ID. In order to finish application setup, please click on "Add a Redirect URI"
5. Click the "+ Add a platform" button and select "Mobile and Desktop applications"

6. Check these two options and click Configure

7. Check the "Allow public client flows" option

8. Click "Add URI" option in the "Mobile and desktop applications" section and add "urn:ietf:wg:oauth:2.0:oob" (no quotes). The platform configuration screen should look like this:
9. Next, we need to assign API Permission to the application. To do so, navigate to the "API permissions" section in the left pane. Initially only "User.Read" permission will be enabled. It is important to check exactly what permissions are required - for the TAP Actions that will be used with this application - and enable them. For instance, mail automation might require "Mail.Read", "Mail.ReadBasic", "Mail.ReadWrite".

10. Optionally, you can also add additional information and branding info using the "Branding & properties" section in the left pane.

You should now have a working Azure AD application that can be used by the TAP Actions for Microsoft 365 automations. Please note that these will require both user credentials and the application ID mentioned previously for authentication / authorization.

Note: Before the first use, you will need to use the "Application Consent" button within the TAP Microsoft 365 Authentication Action to trigger an interactive login prompt which will require the user to manually consent to the application you've created. This only needs to be done once, before first use for every account you plan on using. Once consented, all automations can then be run unattended.