Need instruction how to create an Application Service principal account on the Windows Azure Portal needed in Synchronization Tool configuration.

In order to synchronize data from Microsoft 365, an Application must be created on the Office 365 portal.

Log into the Azure portal https://portal.azure.com using an account with permission to register applications and with Microsoft.Authorization/*/Write access.

When signed into the Microsoft Windows Azure Management Portal, create and configure the Application on the App registrations blade as follows:

1. in the resource panel on the left click on Azure Active Directory.
   If not shown, click All services, and select Azure Active Directory from the IDENTITY section;
2. in the Active Directory blade create an application registration:
   1. select App registrations;
   2. select New registration;
   3. enter a name for the application, e.g. Schemus;
   4. select Accounts in this organizational directory only;
   5. do not provide a Redirect URI;
   6. select Register.
3. make a note of the Application (client) ID;
4. add and grant permissions to the application registration. To grant permission to read Groups, Group members, Users and Contacts:
   1. select the Application;
   2. select API Permissions;
   3. select Add a permission;
   4. select Microsoft Graph;
   5. select Application permissions;
   6. expand Group and select Group.Read.All;
   7. expand GroupMember and select GroupMember.Read.All;
   8. expand OrgContact and select OrgContact.Read.All;
   9. expand User and select User.Read.All;
   10. select Add permissions;
   11. select Grant admin consent and confirm by selecting Yes;
   12. ensure that no permissions are granted for write access.
5. Create a key:
   1. select Certificates & secrets;
   2. select New client secret;
   3. enter a description e.g. Schemus key;
   4. select a duration for the key in the EXPIRES column;
   5. select Save.

Note: The key can not be accessed again after the blade is closed, so be sure it is copied first.