====== Azure AD configuration ======
//Important: in order to authenticate through Azure AD you need to have Mail Gateway version [[https://builds.lundalogik.com/api/v1/builds/mail-gateway/versions/latest/file|2.1.13.0 or later]]//

Follow these steps to configure authentication for Mail Gateway against Azure AD:

  - Navigate to the Azure Active Directory Admin Center and select //App registrations//.
  - Select **New registration**.
  - On the first page specify:
    * A display name for the application, e.g. //Lime CRM Mail Gateway//.
    * That the application is for your own tenant only.
    * For //Redirect URI// select **Public client** and set ''https://login.microsoftonline.com/common/oauth2/nativeclient'' as the URI.
  - For the newly created application registration, go to //Authentication// and enable **Allow public client flows**. \\ {{:addons:mail-gateway:screen_shot_2021-05-18_at_11.17.37.png?400|}}
  - Configure API permissions:
    - Go to //API permissions// and select //Add a permission//.
    - Select //Office 365 Exchange Online// from the //APIs my organization uses// section.
    - After choosing "Delegated permissions", check the EWS > ''EWS.AccessAsUser.All'' permission and click **Save**.
    - click **Grant admin consent**.
  - Go to the //Overview// page and make a note of the following identifiers that you need for the ''[[addons:mail-gateway:configuration#mailbox|mailbox]]'' elements in the Mail Gateway configuration file:
    * Application (client) ID
    * Directory (tenant) ID 
A sample of how the configuration should look can be found ''[[addons:mail-gateway:configuration#sample-configuration|here]]'' and the actual configuration file can be found either through the software ''Mail Gateway Configurator'' or the file ''MailGateway.Service.exe.config'' found in the installation folder, typically ''C:\Program Files (x86)\Lundalogik\LIME Pro Mail Gateway''