Set up your Microsoft Azure account for the ServiceNow Microsoft Exchange Online integration

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 3 minutes to read

    • Complete the following setup tasks in your Microsoft Azure portal prior to installing the ServiceNow application for this integration. This account permits access to the Microsoft Exchange Online tenant for email message details.

    Before you begin

    Role required: Microsoft Azure portal administrator

    This account is required to access the Microsoft Exchange Online tenant to gather additional email message details and to delete email messages. This account is set up in the Microsoft Azure portal.

    The images in the following tasks are privileged and proprietary and are used with permission from Microsoft. This content is subject to updates by Microsoft. To verify that you have access to the most current content, see the Microsoft doc website.

    In the following images, ServiceNow Inc. is displayed for the account name in the examples for the Azure portal. In your Azure portal account, the company name for your account in the Azure portal is displayed.

    Procedure

    If you have not created an application ID for OAUTH authentication in the Microsoft Azure portal, follow these steps.
    1. Log in to the Microsoft Azure portal using your Azure portal administrator credentials.
    2. In the left navigation panel on the Home pane, click Azure Active Directory.
      Azure Active Directory highlighted in Microsoft Azure portal.
    3. In the Overview pane that is displayed, click App Registrations (Preview).
      App registrations previewin the Microsoft Azure portal.
    4. In the App registrations (Preview) pane that is displayed, click New Registration.
      New registration link highlighted in the ServiceNow App registrations preview pane in the Microsoft Azure portal.
    5. Fill in the Register an application form that is displayed.

      An example of a completed form is shown after the table.

      Field Description
      Name Name for the application. In this example, ServiceNow Exchange Online Integration is entered.
      Supported account types For this account, in Supported account types, click Accounts in this organizational directory only ServiceNow Inc.). This domain is used for the email searches.
      Redirect URL (optional) If you enter a value for this field, it is not used by the integration.
      Completed form in the App registrations preview Register an application pane.
    6. Click Register.
      An Application ID is created. This ID is similar to a user name. You enter this value on the configuration page in the OAUTH Application ID field during the configuration step in your ServiceNow AI Platform instance that is described in Configure the Microsoft Exchange Online integration with your ServiceNow AI Platform instance.
    7. With the Application (client) ID displayed in the ServiceNow Exchange Online Integration pane, click View API Permissions.
      Application client ID highlighted in the ServiceNow Exchange Online Integration pane in the Microsoft Azure portal.
    8. In the Request API permissions pane that is displayed, click Microsoft Graph.
      Request API permissions pane with Microsoft Graph API highlighted in the Microsoft Azure portal.
    9. In the ServiceNow Exchange Online Integration - API permissions pane that is displayed, click Add a Permission.
      Add a permission highlighted in the ServiceNow Exchange Online Integration - API permissions pane in Microsoft Azure portal.
    10. In the Request API permissions pane that is displayed, click Application permissions.
      Application permissions highlighted in the Request API permissions pane in the Microsoft Azure portal.
    11. In the Select Permissions field that is displayed, enter Mail.ReadWrite and select the Mail.ReadWrite check box.
      Select permissions and Mail.ReadWrite highlighted in the Request API permissions pane in the Microsoft Azure portal.
    12. Click Add Permissions.
    13. Repeat the steps from step i to step l to add one more permission, ThreatHunting.Read.All to the API Permissions list (refer the screenshot below).
      API Permissions
    14. In the ServiceNow Exchange Online Integration - API permissions pane that is displayed, click Grant Admin Consent for <your organization name>.
      Grant admin consent for ServiceNow Inc. highlighted in the ServiceNow Exchange Online Integration - API permissions pane in the Microsoft Azure portal.
    15. To confirm the previous API selection (Microsoft Graph API) that you entered, click Confirm.
    16. In the ServiceNow Exchange Online Integration - Certificates & Secrets pane, click Certificates & secrets followed by New Client secret (password).
      Certificates and secrets and New client secret highlighted in Microsoft Azure portal.
    17. In the form that is displayed on the ServiceNow Exchange Online Integration - Certificates & Secrets pane, enter the name for the application in the Description field, click an option for expiration, and click Add.
      Add button highlighted in Microsoft Azure portal.
      In the Certificates & Secrets pane that is displayed, in the Client secrets section, under Value, the row is populated with the new client secret (password). Save this password in a secure location. After you leave this page, this password value is no longer visible. You enter this password in the OAUTH Client Secret field on the configuration page during the configuration step for the integration in your ServiceNow AI Platform instance. The configuration steps for the integration are described in Configure the Microsoft Exchange Online integration with your ServiceNow AI Platform instance.
      Secret value highlighted in Microsoft Azure portal.

      You have successfully created an application ID for OAuth authentication in the Microsoft Azure portal.

    What to do next

    You are ready to set up your ServiceNow AI Platform® instance for the integration.