This article will guide you through how to register an Azure AD (Azure Active Directory) application and generate a certificate for backup authorization. The registration method depends on the version of Active Backup for Microsoft 365. Please check the version in Package Center first before proceeding with the instructions.

Applications and certificates will be automatically generated during the task creation. Follow the wizard to create your application and certificate.

Each backup task uses a different application to prevent Microsoft throttling from affecting backup speed. Please take the following steps each time you create a task:

1. Launch Active Backup for Microsoft 365.
2. Go to Task List and click Create to launch the Task Creation Wizard.
3. Select Create a backup task.
4. Set the endpoint type to Microsoft 365. Enter a strong and memorable password to protect your certificate.
5. Sign in to Microsoft 365 as a global admin. Click Accept if you agree to the permission request.
6. Download and keep your certificate in a secure place.
7. Follow the wizard to complete the backup settings. Your application details can be found in Task List > Edit > App Credentials.

Generate your application and certificate by running a PowerShell script.

Execution environment

• Windows 10/Windows Server 2016 or later as the operating system

Run a PowerShell script

Change the PowerShell execution policy

1. Type Windows PowerShell in the search bar.
2. Right-click Windows PowerShell (not Windows PowerShell (x86)) and select Run as Administrator.
   
3. To authorize the script provided by Synology, change the execution policy by entering the following command line. This command line changes the execution policy only once.
   
   Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process
4. Enter Y to confirm.
   

Download and run the PowerShell script

1. Click here to download the PowerShell script, AppGenerator.ps1.
2. Right-click the script, AppGenerator.ps1. Select Properties and copy the file path in the Location field.
3. Type the location into PowerShell using the following format: cd filepath
   
   cd C:\Users\username\Downloads
4. Specify the script file using the following format: .\filename
   
   .\AppGenerator.ps1
5. Enter R to run the script. If your PowerShell version is not up-to-date, you might need to enter Y to install and import the NuGet provider first and then enter Y again to install the modules from 'PSGallery'.
   
6. When prompted to enter a certificate password, enter a strong and memorable password and press Enter. You will have to enter the same password when creating a backup task. Keep a record of the password so as not to forget it.
7. A Microsoft 365 authorization window will pop up. Sign in as a global admin.
8. Once the script finishes running, the tenant ID, application ID, and certificate file path will be displayed in PowerShell. Copy them to your Notepad and do not delete the certificate. All of this information will be used later.
   

Authorize the application on Azure Portal

1. Copy the URL displayed in PowerShell and open it in your browser.
   
2. You will be led to the API permissions of the newly created application. Check if all the following permissions have been enabled. If not, add the permissions manually.

   Microsoft API	Application Permissions
   Microsoft Graph	Calendars.ReadWrite Channel.Create Channel.ReadBasic.All ChannelMember.ReadWrite.All ChannelMessage.Read.All ChannelSettings.ReadWrite.All Contacts.ReadWrite Directory.ReadWrite.All Files.ReadWrite.All Group.ReadWrite.All Mail.ReadWrite Sites.FullControl.All Team.Create Team.ReadBasic.All TeamMember.ReadWrite.All TeamSettings.ReadWrite.All TeamsTab.Create TeamsTab.ReadWrite.All User.ReadWrite.All
   Office 365 Exchange Online	full_access_as_app
   SharePoint	Sites.FullControl.All

3. Click Grant admin consent for Organization Name > Yes.
   

Create a backup task

1. Launch Active Backup for Microsoft 365.
2. Go to Task List and click Create to launch the Task Creation Wizard.
3. Select Create a new backup task and click Next.
4. Fill in the following information. The application credentials should be recorded in your Notepad from the previous steps:
   • Microsoft 365 endpoint: Select Microsoft 365.
   • Domain admin email address: The global admin account that you used to create the application
   • Tenant ID: Find in your Notepad.
   • Application ID: Find in your Notepad.
   • Certificate file: Find the file path in your Notepad.
   • Certificate password: Type the password you entered in PowerShell.
5. Follow the wizard to complete the backup settings.

• How do I register an Azure AD application for Active Backup for Microsoft 365?