Azure Active Directory (Entra ID) Onboarding

Generate credentials

Log in to https://azure.microsoft.com/en-gb/
Click on Portal.

Click on the Search box on the top navigation bar. Type and search “App Registrations”.
Click on App Registrations.

Click on New Registration. Add details as shown below and click Register.

https://login.microsoftonline.com/common/oauth2/nativeclient

Click on Certificates and secrets.
Click on New client secret.
Fill in the client secret details in the Description and Expires fields.
Click on Add.

Copy the Client Secret value and keep it secure for future use as you will not be able to retrieve it later.
Example: x_sWncr4m~.2lFeKlWR1pu3SgT42lg.254

Configure API Permissions.

Note: It's highly important that these permissions are of the type: Application permissions.

Click API permissions -> Add a permission -> Microsoft Graph -> Application permissions -> Add following permissions.

AccessReview.Read.All -> To get file sharing list of file
Application.Read.All  -> To get list of all applications.
Domain.Read.All       -> To get list of all organization domains
GroupMember.Read.All  -> To get list of all members of groups
Sites.Read.All        -> Here we have provided sites selected permission
User.Read             -> Default permission enabled for any app
User.Read.All         -> This is required for test connection on LightBeam.
ActivityFeed.Read (From Office 365 Management APIs)

Grant admin consent for all permissions.

These permissions can be added to the existing application credentials used for M365 apps like Sharepoint/OneDrive - no separate application registration required.