# Exchange Integration with Azure Application Authentication > This step-by-step guide will show you a popular method for creating a Microsoft Exchange application for Communications Mining™ in your Azure Cloud Platform. You will learn how to create an Application (client) with an ID and Client Secret, and find your existing Directory (tenant) ID. This will allow users to access Exchange mailbox integrations in Communications Mining. ## Introduction This step-by-step guide will show you a popular method for creating a Microsoft Exchange application for Communications Mining™ in your Azure Cloud Platform. You will learn how to create an Application (client) with an ID and Client Secret, and find your existing Directory (tenant) ID. This will allow users to access Exchange mailbox integrations in Communications Mining. :::note Microsoft will retire Exchange Web Services (EWS) on October 1, 2026. It is recommended to follow the [Exchange integration with Azure Application Authentication and Graph](https://docs.uipath.com/ixp/automation-cloud/latest/cm-user-guide/exchange-integration-with-azure-application-authentication-and-graph#exchange-integration-with-azure-application-authentication-and-graph) guide instead. ::: ## Why a successful integration is important Failure to create an Exchange-Communications Mining™ application in Azure can lead to permissions errors that prevent users from accessing their mailbox integrations. To gain the full benefits of Communications Mining, follow these steps and complete the process in its entirety. ## The step-by-step integration process 1. **Sign in with Azure.** Sign into your Azure Cloud Portal. 2. **Register a new application for Communications Mining.** Access the **App Registrations** menu and select the **New Registration** option. ![App registrations](https://dev-assets.cms.uipath.com/assets/images/ixp/ixp-app-registrations-497027-9b0057d2.webp) Register a new application: 1. Enter an application name—for example `reinfer-exchange-integration`. 2. Under **Supported account types**, select the single tenant option. 3. Hit **Register** to complete the registration. ![register an application](https://dev-assets.cms.uipath.com/assets/images/ixp/ixp-the-register-an-application-configuration-page-under-app-registrations-in-azure-portal-497031-f46e9932.webp) Azure will give you an **Application (client) ID** and a **Directory (tenant)ID**. ![essentials](https://dev-assets.cms.uipath.com/assets/images/ixp/ixp-the-image-shows-the-app-details-containing-the-application-client-id-and-directory-tenant-id-after-registering-an-app-in-azure-497035-1e560bdc.webp) 3. **Create a Client Secret for your Communications Mining application.** To keep your application secure, you must create a Client Secret to log into your application. First, select **Certificates & Secrets** under the **Manage** sidebar, then continue with the following steps: 1. Select the **Client secrets** option if it's not already selected. 2. Select **New client secret**. ![new client secret](https://dev-assets.cms.uipath.com/assets/images/ixp/ixp-new-client-secret-497039-c23e96fe.webp) 3. In the sidebar, add an easily recognizable description and select an expiry date—we recommend 12 months. 4. Hit **Add**. ![add a client secret](https://dev-assets.cms.uipath.com/assets/images/ixp/ixp-add-a-client-secret-497043-827a4a91.webp) You've now created a Secret Value for your Communications Mining™ application. ![client secrets](https://dev-assets.cms.uipath.com/assets/images/ixp/ixp-client-secrets-497047-93e35dd4.webp) :::note Azure will only display this Secret Value to you once, so make sure to copy it. If you ever lose your secret value, simply complete Step 3 again to create a new one. ::: 4. **Set API permissions** 1. Navigate to **API permissions** under the **Manage** sidebar. 2. Select **Add a permission** ![add a permission](https://dev-assets.cms.uipath.com/assets/images/ixp/ixp-add-a-permission-497051-42f7d311.webp) 3. Select **APIs my organization uses**. ![request apis permissions](https://dev-assets.cms.uipath.com/assets/images/ixp/ixp-request-apis-permissions-497321-ab93a685.webp) 4. Search for and select "Office 365 Exchange Online". 5. Select "Application Permissions". ![application permissions](https://dev-assets.cms.uipath.com/assets/images/ixp/ixp-application-permissions-497328-8f29e63d.webp) 6. Select the option "full_access_as_app". 7. Hit **Add permissions.** ![new app full access](https://dev-assets.cms.uipath.com/assets/images/ixp/ixp-new-app-full-access-497342-51515b33.webp) 8. Back in the **API permissions** menu, hit **Grant admin consent for Communications Mining**. 9. In the **Grant admin consent confirmation** pop-up, select **Yes**. ![admin consent](https://dev-assets.cms.uipath.com/assets/images/ixp/ixp-admin-consent-571994-e57422af.webp) 5. **Restrict access to the mailbox with a conditional access policy.** At this point, you will likely want to limit the applications permissions so that it can only access certain mailboxes within your organisation. To learn how to do this, read Microsoft's article [Limiting application permissions to specific Exchange Online mailboxes](https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access). 6. **Sign into Communications Mining.** Sign into Communications Mining through UiPath® Automation Cloud as usual. 7. **Create a new integration in Communications Mining.** 1. Navigate to the **Administration** page from Communications Mining. 2. Select **New Integration**. ![new integration](https://dev-assets.cms.uipath.com/assets/images/ixp/ixp-new-integration-497356-c61a9fe7.webp) 3. In the **Create new integration** page, under **Add basic info**, configure the following fields: * **Project** - Select an existing project. * **Title** - Optionally, enter a title. * **API Name** - Enter a name for your integration. :::note Once you set the API name, you cannot change it. ::: 4. Select **Continue**. ![create new integration](https://dev-assets.cms.uipath.com/assets/images/ixp/ixp-create-new-integration-497071-645333a3.webp) 5. Under **Connect with your application** configure the following: * Select the API type: **Graph API** or **EWS API**. * Select the authentication method: **With client secret**, **With private key & thumbprint**, or **With NTLM**. :::note NTLM only supports delegate access. For more information, check the [Microsoft documentation on delegate access and EWS in Exchange](https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/delegate-access-and-ews-in-exchange). ::: * **OAuth Authority URL** - Enter the OAuth authority URL using the tenant ID from step 2, when you registered a new application for Communications Mining, in the following format: `https://login.microsoftonline.com/{tenant_id}`. * **OAuth Client ID** - Enter the OAuth client ID from step 2. * **Client Secret** - Enter the client secret from Step 3. * Select one of the following options: * **With service user access** - Enter the username and password of your service account. :::note Graph API does not support service user access. ::: * **With application access** * Select **Validate & save credentials**. 6. Select **Continue**. ![validate credentials](https://dev-assets.cms.uipath.com/assets/images/ixp/ixp-validate-credentials-497555-677056d9.webp) 7. Under **Select your input data**, select **Add Mailbox** and configure the following fields: **Mailbox name** * **Email** - Enter the email address. **Bucket** * **New bucket** - Select one of the following: * **Create new bucket** - Automatically create a bucket for the mailbox. * **User define new bucket** - Define a custom bucket by specifying a **Project**, **Name**, and **Title**. * **Existing bucket** - Select an existing Orchestrator bucket. **Time filters** :::note Choose a date to sync from. You can update this to sync further back as required. Already synced data will not be impacted. If total volumes are unknown, it is recommended to gauge volumes by syncing a shorter period first. AI units are charged on upload. ::: * **From timestamp** - Configure the following field: * **Sync from timestamp** - Enter a date to sync from. It is typically recommended to sync at least 6 to 12 months of data. * **All time** - Syncs all available data. :::important This option may consume more AI units than expected. ::: **Folder filters** :::note When applying folder filters: * Nested folders are separated with a forward slash `/`. * Folders visible in Outlook are normally prefixed with `root/Top of Information Store/`. * Allowing folders means that folders not explicitly allowed are denied. * You can deny a folder within an allowed folder. * You cannot allow a folder within a denied folder. ::: * **Allowed folders** - Enter the allowed folders. * **Denied folders** - Enter the denied folders. :::note Make sure you enter the folder location in this format: `root/Top of Information Store/`. ::: :::tip Restrict the folder filter scope to the minimum your use case needs. If you leave **Allowed folders** empty, the integration continuously syncs from every folder in the mailbox — including Archive and Recoverable Items (purges) — which slows the sync dramatically. For most BAU processing, allow only: * `root/Top of Information Store/Inbox` * `root/Top of Information Store/Sent Items` ::: **Participant filters** :::note When applying participant filters: * Allowing participants means that participants not explicitly allowed are denied. * Any denied participant is denied even if it also appears in the allowed list. * Participant filters are case insensitive. ::: * **Allowed participants** - Enter the email addresses of the allowed participants. * **Denied participants** - Enter the email addresses of the denied participants. **Participant domain filters** :::note When applying participant domain filters: * Allowing domains means that participants not explicitly allowed are denied. * Any denied participant domain is denied even if it also appears in the allowed list. * You can wildcard the top-level domain. For example, `reinfer.*` matches `reinfer.dev` and `reinfer.com`. * Participant domain filters are case insensitive. ::: * **Allowed participant domains** - Enter the domains of the allowed participants, for example, `gmail.com`. * **Denied participant domains** - Enter the domains of the denied participants, for example, `gmail.com`. **Attachments** * **Sync attachment contents** - Enable this option to also sync email attachments. 8. Select one of the following options: * **Add Mailbox** * **Discard new mailbox**. 9. Select **Create Integration**. ![add mailbox](https://dev-assets.cms.uipath.com/assets/images/ixp/ixp-add-mailbox-497079-4379283b.webp) ## Final steps You have now successfully created an integration between Communications Mining™ and Microsoft Exchange through Azure. You can disable the integration using the toggle, as shown in the following image. To delete it, select the trash can icon. ![docs image](https://dev-assets.cms.uipath.com/assets/images/ixp/ixp-docs-image-497083-1223a38c.webp) You can also enable attachment syncing at mailbox level on an Exchange integration. The streams API then makes the attachments retrievable via an attachment reference. Check more about syncing attachments in the [Attachments](https://docs.uipath.com/communications-mining/automation-cloud/latest/developer-guide/attachments) and [Using Exchange Integrations](https://docs.uipath.com/communications-mining/automation-cloud/latest/user-guide/using-exchange-integrations) pages. If you have any questions or need assistance with the integration process, contact UiPath® support.