Knowledge Base

How to register CodeTwo applications in Azure AD


You want to manually register CodeTwo Backup or CodeTwo migration software in your Azure Active Directory tenant.


CodeTwo Backup (starting version 2.3.x) as well as CodeTwo Office 365 Migration / CodeTwo Exchange Migration (starting version 3.2.x) connect to Microsoft 365 (Office 365) by using the secure OAuth 2.0 authorization protocol. To enable this connection, first you need to register your CodeTwo software in Azure AD for all Microsoft 365 tenants that will be used in the program (in backup, restore or migration jobs). Next, to allow the CodeTwo application to access your data and perform the necessary tasks, you also need to grant the necessary permissions to that application.


Keep in mind that CodeTwo Backup and both CodeTwo migration tools can perform the registration automatically. You simply need to provide an Office 365 global admin credentials in server connection wizard. To learn more, see the user's manual:

CodeTwo Backup

CodeTwo Office 365 Migration

CodeTwo Exchange Migration

Use the links below for guidelines on how to register the CodeTwo application in Azure AD:

  1. Register a new application in Azure AD
  2. Configure application permissions
  3. Assign certificates / secrets to an app in Azure

Registering a new application in Azure AD

  1. Sign in to your Azure Active Directory admin center.
  2. Navigate to Azure Active Directory > App registrations and click New registration (Fig. 1.). This opens the Register an application page.

840-1 New registration in Azure AD
Fig. 1. The App registration page in Azure AD.

  1. Enter a name for the application (e.g. CodeTwo Migration app,if you are using one of CodeTwo’s migration tools) and click Register (Fig. 2.). You can leave the other options to their defaults.

840-2 Registering a new app in Azure
Fig. 2. Registering the CodeTwo application with Azure AD.

Configuring application permissions

  1. On the application Overview page, click View API permissions (Fig. 3.). The API permissions page will open.

840-3 Accessing API permissions page
Fig. 3. Accessing the API permissions page.

  1. Click the Add a permission button and select Exchange (Fig. 4.).

840-4 Exchange permissions
Fig. 4. Selecting Exchange-related permissions.

  1. Click Application permissions, select full_access_as_app, and then click Add permission (Fig. 5.).

Adding permissions in Azure AD
Fig. 5. Adding new permissions in Azure AD.

  1. Click Add a permission again and this time select Microsoft Graph.
  2. Click Application permissions and select the permissions required by specific CodeTwo application and server connection type:

CodeTwo Backup

Connection to Exchange Online:

  • Directory.Read.All
  • Group.Read.All
  • MailboxSettings.ReadWrite
  • User.Read.All

Connection to SharePoint Online

  • User.Read.All

CodeTwo migration software

Connection to source Office 365

  • MailboxSettings.ReadWrite
  • Organization.Read.All
  • User.Read.All

Connection to target Office 365

  • MailboxSettings.ReadWrite
  • Organization.Read.All
  • User.Read.All
  • User.ReadWrite.All
  • DeviceManagementServiceConfig.Read.All
  1. Back on the API permissions page, click the Grant admin consent button (once it becomes available) and then click Yes to confirm (Fig. 6.).

840-6 Granting admin consent
Fig. 6. Granting the necessary consents.

Assigning certificates / secrets in Azure AD

You need to assign a certificate or client secret (app password) to the newly added application. This will allow the OAuth protocol to prove the application’s identity. Follow the steps below to assign a certificate or add a client secret to the CodeTwo application registered in Azure AD.

  1. Navigate to Azure Active Directory > App registrations and select the newly added application (in this example: CodeTwo Migration app).
  2. In the navigation menu, click Certificates & secrets (Fig. 7.). Now, you need to assign either a certificate or client secret to the CodeTwo application. 

840-6 Accessing the Certificates & secrets page
Fig. 7. Accessing the Certificates & secrets page.

  1. 3a To assign a certificate, click the Upload certificate button, select your certificate file and click Add (Fig. 8.). The certificate needs to be signed with a key size of 2048 bits.

Assigning a certificate in Azure AD
Fig. 8. Assigning a certificate in Azure AD.

  1. 3b To add a client secret, click the New client secret, enter a short description (e.g. CodeTwo Migration app), select the expiration time (whichever suites your needs), and click Add (Fig. 9.).


Make sure to copy the client secret value to clipboard or use it in your CodeTwo application straightaway, because once you refresh the page, you will not be able to view that value again. You will have to create another client secret.

840-8 Crating a new client secret in Azure AD
Fig. 9. Crating a new client secret for an application registered in Azure AD.

Once done, the application registration process is completed. You can now configure a connection to Office 365 in your CodeTwo software. All the information that you need to provide in the Application details step of the server connection wizard (Fig. 10.) is provided in Azure AD either on the application overview page (Application (client) ID and Directory (tenant) ID; refer to Fig. 3. above) or on the Certificates & secrets page (Certificate thumbprint or Client secret).


If you have used a certificate to identify the application, you can enter the Certificate thumbprint only if the certificate associated with the CodeTwo application has been added to the correct certificate store on the same machine, where the application is installed. If not, use the Import button to add the necessary certificate to that store.

840-9 Providing the registration details
Fig. 10. Providing the registration details in the Office 365 server connection wizard in CodeTwo Office 365 Migration.

For more information on how to configure server connections, refer to the user's manual: