How to create a single-tenant application with minimum permissions for harmon.ie

To create a harmon.ie-compatible app with minimum permissions, follow the steps below.

  • An app created with the permissions listed below will not include the Share to Teams feature.
  • harmon.ie only asks for delegated permissions, and not for application permissions.

Step 1: Create an Azure app:

  1. Open Home – Microsoft Azure and navigate to All Services > App registrations.
  2. Create a new app:
    1. Click the + New registration tab.
    2. Name the app.
    3. Set the account type to single tenant.
    4. Click Register. The new app is created.
    5. Copy the Application (client) ID, you will use it later.
  3. Configure the app as follows:
    1. Click Authentication > Add platform.
    2. On the right, under Configure platforms, select Mobile and desktop applications.
    3. Set Redirect URI. You can create a public link for your app or use MS detaults.
    4. Click API permissions > Add a permission.
    5. On the right, click Microsoft Graph > Delegated Permissions.
    6. Check the following permissions:
      • User.ReadBasic.All
      • Files.ReadWrite.All
      • Sites.ReadWrite.All
      • Team.ReadBasic.All
      • Channel.ReadBasic.All
      • offline_access
    7. Click Add permissions.
    8. Click API permissions > Add a permission.
    9. On the right, click SharePoint > Delegated Permissions.
    10. Check the following permission:
      • AllSites.Manage
    11. Click Add permissions.

Step 2: Connect your new Azure app to harmon.ie and disable ‘Share to Teams’:

  1. Add the Office365GraphInfo registry key.
    • Add a String Value called ClientId and set its value to the Application (client) ID you created in the 1st step.
    • Add a String Value called RedirectUrl and set its value to the redirect URI you configured in the 1st step.
    • Add a String Value called TenantId and set to the tenant Id.
  2. Add the EnableShareToTeams registry key and set its default value to False.