Set up a Microsoft Entra App Registration to support the integration between PIM and Microsoft Teams. This process configures the necessary permissions and settings in Microsoft Entra to enable communication with PIM.

1. Switch back to the Entra Admin portal and navigate to App Registrations.
2. Click New Registration.
3. In the Name field, enter a descriptive name, such as 'PIM and Teams'.
4. Under Supported Account Types, select Accounts in this organization directory only (Single Tenant).
5. Under Redirect URI, do the following:
   1. Use the Select a Platform list to select Web.
   2. Paste the PIM redirect URI (copied from your PIM configuration page) into the field next to the platform list.
6. Click Register to complete the app registration.
7. On the App Registration configuration page for your new app, copy the client ID and tenant ID values and paste them into the relevant fields on the Add Microsoft Application window in PIM.
8. On the Entra App Registration page, click the Authentication tab, and do the following:
   1. Ensure that Access Tokens and ID Tokens under Implicit Grant and Hybrid Flows are not selected.
   2. Verify that Supported Account Types is set to Single Tenant only.
   3. Under Advanced Settings, set Allow Public Client Flows to No.
   4. Click Save.
9. Navigate to the Certificates and Secrets tab, and do the following:
   1. Enter a meaningful description.
   2. Set the expiration period to align with our organization's security policies.
      Attention: Keep track of the expiration date. You will need to refresh the secret both in Entra and in PIM when it expires.
   3. Copy the encoded secret value (not the secret ID) and paste it into the corresponding field on your PIM configuration page.
   4. Click Save on the PIM Config page.
10. Switch back to your app registration window in the Entra Admin portal, and do the following:
    1. On the API Permissions section, click Add a Permission and select Microsoft Graph at the top of the Microsoft APIs tab.
    2. Select Delegated Permissions, and use the search to add the following permissions:
       • Channel.ReadBasic.All
       • ChannelMessage.Read.All (Admin consent is required for this permission)
       • ChannelMessage.Send
       • offline_access
       • openid
       • profile
       • Team.ReadBasic.All
       • User.Read
    3. Go back to the main API Permissions page and click Grant Admin Consent to approve the permissions for the application on your domain.
    4. Confirm that the status for each permission is updated to 'Granted'.
11. To finalize the integration between PIM and Microsoft Teams, return to the Manage Microsoft Applications page in PIM, and click Enable against the new app.