## Prerequisites - An app registration for Exchange Online access (you will need its **Application (Client) ID** and your tenant's **Organization** domain, e.g. `contoso.onmicrosoft.com`) - This can be created after following [Registering with Microsoft Entra ID](/halo/registering-with-microsoft-entra-id) - Azure CLI (ensure the CLI is logged in with `az login`) - OpenSSL (`openssl`) - (Optional) PowerShell Core (`pwsh`) - To skip the requirement for `pwsh` and `Connect-ExchangeOnline` validation, use the `--skip-verify` option ## (Automated) Setting up the app registration to connect to Exchange Online The StorageMonitor connects to Exchange Online using app-only (certificate-based) authentication via the `Connect-ExchangeOnline` cmdlet. This requires a `.pfx` certificate registered against an Azure AD (Entra ID) app registration. :::note You’ll need access to a Microsoft Entra tenant and an account with at least the **Privileged Role Administrator** role. ::: You can use [setup-exchange-online-certificate.sh](/.attachments/setup-exchange-online-certificate.sh) to automate the process of setting up the app registration and generating the certificate. Usage: ```sh ./setup-exchange-online-certificate.sh --app-id --organization .onmicrosoft.com ``` :::note The `organization` should be your tenant name, suffixed with `.onmicrosoft.com`, but may be your primary custom domain instead. You can find the primary domain using the following commands: ```powershell Connect-ExchangeOnline # If not already connected Get-AcceptedDomain | Where-Object { $_.Default -eq $true } ``` ::: The script is configurable with some options, to view them run with `--help`. ```sh ./setup-exchange-online-certificate.sh --help ``` The following are configurable: - Certificate name prefix (`StorageMonitorExchangeOnline` by default) - Certificate validity period (1 year by default) - Output directory for the `.cer` and `.pfx` files (./ by default) - Option to skip PowerShell stages, removing `pwsh` as a requirement