1. Log on to https://portal.azure.com/.
2. From the left menu, click Azure Active Directory:
   
3. In the Manage section, select App registrations -> New registration:
   
4. On the Register an application screen, enter the following details:
   1. In the Name field, type FortiSOAR Graph Mail.
   2. From the Supported account types list, select Accounts in this organizational directory only (Default Directory only - Single-tenant).
   3. Leave the Redirect URI field blank.
      
5. Select Register to display the Overview Pane.
   Copy the Application (client) ID and Directory (tenant) ID from the overview pane. You will require the client ID and tenant ID for further configurations and also when you are configuring the Microsoft Graph Mail connector.
6. Select Add a Redirect URI.
   
7. Select Add a Platform, and then select Web applications.
   
8. In the Redirect URIs field, enter a valid Redirect URI and copy this URI to be used for further configurations and also when you are configuring the Microsoft Graph Mail connector.
   Note: If not sure about the Redirect URI use https://localhost.
   
9. Select Configure.
10. From the left menu, select  Certificates and then select Client Secrets -> New client secret.
    
11. Enter the Description and Expiration for the client secret, and then select Add.
12. Copy the Value of the client secret, which will be required later when the Microsoft Graph Mail connector is configured.
    Note: The value of the client secret is not displayed again.
13. From the left menu, select API Permissions -> Add a Permissions.
14. Select Microsoft Graph API -> Delegated Permissions. Scroll to the Mail section, and add the following options. Select  Add Permissions to save the newly added permissions.
    
15. Open the following URL and replace the TENANT_ID, CLIENT_ID, and REDIRECT_URI with the values that you have saved in the earlier steps:
    

    https://login.microsoftonline.com/TENANT_ID/oauth2/v2.0/authorize?response_type=code&scope=offline_access  User.Read Mail.ReadWrite Mail.Send Mail.Read&client_id=CLIENT_ID&redirect_uri=REDIRECT_URI 

16. Sign in with the Microsoft account of the user to whom needs to delegate Email permissions. A  Permissions requested screen will be visible:
    It will redirect to the URL set in your Response URI, and the URL will have the following format:
    REDIRECT_URI?code=AUTH_CODE&session_state=SESSION_STAT
    Copy the Auth_CODE from the above URL to be used later when you are configuring the Microsoft Graph Mail connector.
    If specified https://localhost as the redirect URL, the following page will be visible:
    
17. Configure the Microsoft Graph Mail connector using saved Tenant ID, Client ID, Secret, and Auth Code.

For more information, see Use Microsoft Defender for Endpoint APIs article.