1. Sign in to Microsoft Azure Active Directory Admin Center with your administrator credentials
2. Select App Registrations, then click New Registration
3. On the Register an Application page, set the following values:
   1. Name: VIPRE SafeSend Graph API Resource
   2. Supported account types:
      • If the Microsoft Azure portal you're logging in to is the same account that you're using to sign in to your Microsoft 365 account, select Accounts in this organizational directory only (Single Tenant)
      • If the Microsoft Azure portal you're logging in to is not the same account that you're using to sign in to your Microsoft 365 account, select Accounts in any organizational directory (Multitenant) 
   3. In the Redirect URI section, select Web from the drop-down menu, then set URI to your SafeSend site URL using the following format: 'https://<yoursafesendsiteurl>/login'
      • This is the URL you made note of when you created the Web App above
4. Choose Register
5. On the SafeSend page, copy and save the Application (client) ID and AppTenantID; you'll need these later for the web server setup
6. Under the Manage section, select Authentication
7. Under Implicit Grant and Hybrid Flows, check the box next to Access Tokens (used for implicit flows) and ID Tokens, and click Save
8. Still, under the Manage section, select Token configuration
9. Click Add Optional Claims
10. Open Manage/Token configuration
11. Click Add optional claims
12. Choose Access type
13. Check email
14. Click Add at bottom
15. Check box next to Turn on the Microsoft Graph email permission
16. Click Add
17. Still, under the Manage section, select Certificates & Secrets, then Certificate
18. Under Certificates, select Upload Certificate
19. Select a certificate file (.cer extension) and enter a value for Description
    • This is a file you can create yourself or obtain through a third-party certificate authority; it is not provided to you by VIPRE; if you have not done that yet, stop here and complete those steps first (see: Prerequisites above)
    • The description can be left blank or be used to make notes about the certificate
20. Click Add, then copy and save the Thumbprint value; you'll need this later for a setting called AppCertificateThumbprint
21. Still, under Manage, select Expose an API
22. Choose the Add link that appears after Application ID URI
23. In the Add App URI panel, change the default value by adding your host before the GUID listed
    • Example: If the default value is api://05adb30e-50fa-4ae2-9cec-eab2cd6095b0, and your app is running on <yoursafesendhost>, the value should be api://<yoursafesendhost>/05adb30e-50fa-4ae2-9cec-eab2cd6095b0
24. Copy and save the Application ID URI; you'll need these later for the web server setup
25. Click Save
26. Select Add a Scope 
27. A panel will open; enter access_as_user as the Scope name
28. Who can consent? should be set to Admins only
29. For Admin consent display name* add Office can act as the user
30. For Admin consent description* add Enable Office to call the add-in's web APIs with the same rights as the current user
31. Set State to Enabled
32. Select Add Scope
33. In the Authorized client applications section, identify the applications that you want to authorize to your SafeSend add-in's web application
    1. Complete the steps below for each of the Client IDs listed that need to be pre-authorized:
       1. Select Add a client application button
       2. In the panel that opens, set the Client ID to the respective GUID
          • d3590ed6-52b3-4102-aeff-aad2292ab01c (Microsoft Office)
       3. Check the box for api://<yoursafesendhost>/$App ID GUID$/access_as_user
       4. Select Add application
    2. Repeat this step as needed for each of the remaining Client IDs:
       • ea5a67f6-b6f3-4338-b240-c655ddc3cc8e (Microsoft Office)
       • 57fb890c-0dab-4253-a5e0-7188c88b2bb4 (Office on the web)
       • 08e18876-6177-487e-b8b5-cf950c1e598c (Office on the web)
       • bc59ab01-8403-45c6-8796-ac3ef710b3e3 (Outlook on the web)
34. Under Manage, select API Permissions, then Add a Permission
35. On the panel that opens, choose Microsoft Graph then Delegated Permissions
36. Using the Select Permissions search box, search for the following permissions and select the checkbox for each permission as it appears:
    • Calendars.ReadWrite.Shared
    • Files.ReadWrite
    • Mail.ReadWrite.Shared
    • offline_access
    • openid
    • profile
    • User.Read
37. After selecting all of the permissions from Step 24, click Add Permissions at the bottom of the panel
38. On the same page, choose Grant Admin Consent for [tenant name] button
39. Select Yes to confirm

1. If you're not still logged in to http://portal.azure.com, please navigate back to it and login with your credentials
2. Go to the web app you created above
3. Click Go to resource
4. On the left-side menu, under Settings, select Environment Variables
5. Under App Settings, select +Add, enter the names and values below - do not click Deployment Slot Setting, leave that blank - then click Apply at the bottom
   1. Name = WEBSITE_RUN_FROM_PACKAGE; Value = 1
   2. Name = AppID (NOTE: The AppID value should have been obtained during the Graph API setup. If that has not been done, you should complete this now before proceeding.)
   3. Name = AppIdUri  (NOTE: The AppIdUri value should have been obtained during the Graph API setup. If that has not been done, you should complete this now before proceeding.)
   4. Name = AppTenantId  (NOTE: The AppTenantId value should have been obtained during the Graph API setup, called the Directory tenant ID. If that has not been done, you should complete this now before proceeding.)
   5. Name = AppCertificateThumbprint (NOTE: The AppCertificateThumbprint value should have been obtained during the Graph API setup. If that has not been done, you should complete this now before proceeding.)
   6. Name = Website_Load_Certificates (NOTE: The Website_Load_Certificates value should have been obtained during the Graph API setup. If that has not been done, you should complete this now before proceeding.)
   7. Name = LicenseKey; Value = license key obtained when you purchased SafeSend
6. Click Apply at the bottom of the Environment Variables screen
7. Still under Settings, select Configuration
8. Set Always on to On

1. Change SCM Basic Auth Publishing to On
2. Change FTP Basic Auth Publishing Credentials to On
3. Click Save at the top

Upload the Private Key Certificate

1. On the left-side menu, under Settings, select Certificates
2. Click the Bring your own certificates tab 
3. Choose Add certificate
4. Select Upload certificate (.pfx)
5. Browse to the directory where you saved the .pfx file and upload it here
6. Enter your Certificate password
7. Fill in the Certificate friendly name - this can be whatever you want
8. Click Add

 You'll need an FTP Client (like Filezilla) for the next part

1. On the left-side menu, under Deployment, select Deployment Center
2. Select FTPS Credentials at the top
3. Copy the value in the FTPS endpoint field and paste it into the Host address field of your FTP Client
4. Under Application scope, copy the value in the Username field to the Username field of your FTP Client
5. Copy the value of the Password field to the Password field of your FTP Client
6. On your FTP Client, click Connect 
7. After you're connected, under Remote site, create the following directories based on your operating system
   • Windows based App Service =  C:\home\Data\sitepackages
   • Linux based App Service = /data/sitepackages
8. Upload the SafeSendWebPackagev.r.m.b.zip and packagename.txt files found in SafeSendArchive-v.r.m.b.zip\SafeSendWeb_v.r.m.b.zip to the sitepackages folder

Optional: Go back to the browser screen that has Azure open

This section is optional and can be completed at anytime. Refer to the Web Add-in Settings Reference for the following section:

1. Configure additional settings as desired:
   1. On the left-side menu, under Settings, select Environment Variables
   2. Under App Settings, select +Add
   3. Take the name of the setting from Web Add-in Settings Reference and add it to the Name field
      1. For example, to enable the client keyword domain list setting, you could copy ClientKeywordDomainList from Web Add-in Settings Reference into the Name field of Azure  

2. Determine the appropriate values for each setting using the Web Add-in Settings Reference 

3. Click OK then select Apply
4. Click Continue to save changes
5. On the left-side menu, select Overview, then select Restart at the top
6. Azure will confirm you are sure you want to restart SafeSend - click Yes
7. In the top-right corner, you should see a notification showing the web app has been successfully restarted

These steps will complete the SafeSend deployment

1. You'll see a URL somewhat close to the top-right portion of the screen labeled Default Domain; clicking that URL should open a browser window and take you immediately to the SafeSend website to verify your installation and license status

3. Append /manifest to the URL to download the manifest.xml file; you will need this manifest or the URL to it when sideloading or deploying the add-in to users

Please note if you are using IIS, you'll need to download and install the .NET Core Hosting Bundle found here. 

Configure IIS

1. After you have downloaded and extracted the SafeSend Web add-in .zip files, create a folder called SafeSend in the c:\ directory of the server hosting IIS
2. Copy the contents from the extracted folder to your new c:\SafeSend
3. Open Internet Information Services (IIS) Manager
4. Right-click on Sites
5. Select Add Website and complete the following properties:
   • Site Name: SafeSend
   • Physical Path: c:\SafeSend
   • In the Binding section:
     • Type: https
     • Add the SSL certificate
     • IP address and port should be according to your needs
        
6. Click OK
7. Select Default Website, then click on Stop in the right panel
8. In the left panel, click Application Pools
9. Right-click SafeSend
10. Select Basic Settings
    • .NET CLR version: No Managed Code
11. Click OK

Edit the settings.json file

1. Open the folder called SafeSend that you created in the c:\ directory of the server hosting IIS
2. Look for the file called settings.json and right-click on the file and open it with Notepad 
3. Adjust the following settings:
   1. IsOffice365
      • Default value is true
      • If you are using Microsoft 365, IsOffice365 should be true
      • If you are using an Exchange Server, IsOffice365 should be false and update the EmailProviderUrl below
   2. EmailProviderURL
      • If you are using Microsoft 365, the EmailProviderURL should already be correct
      • The AppID and AppSecret values should have been obtained during the Graph API setup. If that has not been done, you should complete this now before proceeding.)
      • If you are using an Exchange Server, you will need to update that setting as appropriate
   3. Set LicenseKey
   4. Set SafeDomains
   5. Set EnablePlatform to True if you will be using Web, PC, or Mac and False for the platforms you will not be using
      • If you are using Microsoft 365, Web Add-in works for all 3 available platforms
      • If you are using Exchange Server, Web Add-in does not work for Outlook for Mac or OWA in Safari
        • For full details, the latest release notes
      • If you intend to use both the PC add-in and the Web add-in, set the PC platform to False to avoid double prompts
4. Append /manifest to the URL to download the manifest.xml file; you will need this manifest or the URL to it when sideloading or deploying the add-in to users