Create & Test a Microsoft Office 365 Connection for Microsoft Modern Exchange Connector (Graph) & EWS

This guide outlines how to create and test a secure connection between Riva On-Premise and Microsoft 365 using OAuth with client credentials.

Certificate Requirements

A self-signed certificate is typically sufficient for this setup, provided your organization manages both ends of the connection securely. Riva On-Premise operates within your secure environment, and the connection to Microsoft 365 is established through an application registered in your organization's Azure portal. Therefore, a third-party signed certificate is generally unnecessary unless your organization's policies dictate otherwise.

Step 1: Generate a Self-Signed Certificate

On Windows Server 2016+

Use PowerShell's New-SelfSignedCertificate cmdlet to create a self-signed certificate:​

1. Open PowerShell as an administrator.

2. Run the following command, replacing "YourCertificateName" with your desired certificate name (e.g., "RivaSyncOAuth"):​

   New-SelfSignedCertificate -Subject "YourCertificateName" -CertStoreLocation "Cert:\LocalMachine" -KeyExportPolicy Exportable -KeySpec Signature -HashAlgorithm sha256 -KeyLength 2048

   Optionally, you can append -NotAfter (Get-Date).AddYears(3) to the command to make the certificate valid for 3 years. To extend or shorten the certificate validity period, change the value in AddYears(n) accordingly.
    

3. Note the certificate name and store location for use in configuring the Riva OAuth connection.

4. Close PowerShell.

Note that on Windows Server 2012, the Microsoft PowerShell New-SelfSignedCertificate cmdlet cannot be used to generate a self-signed certificate for the Riva OAuth connection to Office 365. MakeCert can be used to generate the certificate.

Step 2: Create and Configure an Azure Application

Depending on the type of connection:

• For Graph-based connections, follow the steps in Create a Graph Azure Application for Riva.

• For EWS-based connections, refer to Create and Configure OAuth App in Azure.

Step 3: Upload the Certificate to Azure

1. Export the certificate without the private key from the Windows Certificate Store.

   • Click Start, search for Manage computer certificates, and open it. 
     This opens the Certificate Manager for local computer.

   • In the left-side panel, locate the certificate based on the folder where the new certificate was generated. (e.g., Personal > Certificates or Trusted Root Certification Authorities > Certificates)

   • Right-click the new certificate, then select All Tasks > Export...
     This opens the Certificate Export Wizard.

   • In the wizard, export the certificate without the private key and save it in one of the .CER formats.

   For more information about Certificate Stores, see Microsoft’s Certificate Stores documentation. 

2. In the Azure portal:

   • Navigate to Azure Active Directory > App registrations.

   • Select your application.

   • Go to Certificates & secrets > Certificates.

   • Select Upload certificate, then upload the exported public key (.cer) file.

Step 4: Configure the Connection in Riva

• Microsoft Graph Riva Connection Setup
• Microsoft EWS Riva Connection Setup

Step 5: Authenticate and Complete the Connection

1. You’ll be redirected to the Microsoft 365 login page.

2. Sign in with an admin account authorized to grant application permissions.

3. Accept the requested permissions for the Azure app.

4. Upon successful authentication, you'll return to Riva Manager.

5. Click Finish to complete the setup.