Click here for Microsoft Azure-specific installation instructions

1. Navigate to https://portal.azure.com/ and log in with your Microsoft Azure account credentials
2. On the top menu, hover your mouse over App Services and select Create
3. A new page called Create Web App will load
4. Select the desired Resource Group from the drop-down menu
5. Under Instance Details:
   1. Choose a web app name that reflects your use; e.g., for our purposes, we'll use SafeSend8
   2. Publish - defaults to Code; this can stay as-is
   3. Runtime stack - .NET Core 6.0 (LTS)
   4. Operating System - choose your preferred operating system to host SafeSend
   5. Region - select your region
6. Skip the section called App Service Plan and click Next : Deployment >
7. On the next page, click Review + Create

Step 2 - The following steps are performed while Azure is deploying the App Service

1. After you have downloaded and extracted the SafeSend .zip file, open the SafeSendWebAddInWeb folder and open settings.json with a text editor like Notepad or Notepad++ 
2. Verify the following settings:
   • EmailProviderURL
   • LicenseKey
   • SafeDomains
   • Any other settings necessary/desired
     • Important note: Settings can also be configured after deployment. Anything configured via Azure portal will override the settings.json file
3. Take all files in the extracted SafeSendWebAddInWeb folder, select all (CTRL+A)
   • Right-click and select Send to > Compressed (zipped) folder
   • Name this anything you want but for this example, we'll name it SafeSendDeploy.zip
4. Move the newly created .zip file to a different location on your computer
5. In the same place you moved the newly created .zip file. right-click on the folder
   • Select New > Text Document
6. Name the text file packagename.txt
7. Open the txt file and add the name of the .zip file (in our case SafeSendDeploy.zip), save then close the .txt file

Step 3 - For the next part, go back to the Azure screen - you should see confirmation that deployment is complete

1. Click Go to resource
2. On the left-side menu, under Settings, select Configuration
3. Under Application Settings, select +New application setting
4. Under Add/Edit application setting:
   • Name = WEBSITE_RUN_FROM_PACKAGE
   • Value = 1
   • Click OK
   • Click Save at the top

Step 4 - You'll need an FTP Client (like Filezilla) for the next part

1. On the left-side menu, under Deployment, select Deployment Center
2. Select FTPS Credentials at the top
3. Copy the value in the FTPS endpoint field and paste it into the Host address field of your FTP Client
4. Under Application scope, copy the value in the Username field to the Username field of your FTP Client
5. Copy the value of the Password field to the Password field of your FTP Client
6. On your FTP Client, click Connect
7. After you're connected, under Remote site, create a new folder called Data
8. Right-click on the new folder Data and select Create a Directory
9. A box called Create Directory will open
   • Name your directory based on the Operating System you chose in Step 1.5.d above 
     • Examples: Windows based App Service =  C:\home\Data\sitepackages or Linux based App Service = /data/sitepackages
   • Click OK  
   
10. Going back to the location where you saved SafeSendDeploy.zip and packagename.txt, select those two files and drag them to your FTP Client to copy them to /Data/sitepackages

Step 5 - Go back to the browser screen that has Azure open

1. Configure additional settings as desired
   1. On the left-side menu under Settings, click New application setting
   2. Take the name of the setting from the settings.json file and add to Name field
   3. Use the settings.json file to determine the setting value
   4. Click OK
   5. Click Save at the top
2. On the left-side menu, select Overview then select Restart at the top
3. Azure will confirm you are sure you want to restart SafeSend - click Yes
4. In the top-right corner, you should see a notification showing the web app has been successfully restarted
5. You'll see a URL somewhat close to the top-right portion of the screen; clicking that URL should open a browser window and take you immediately to the SafeSend website to verify your installation and license status
6. Copy that URL and open the safesend-manifest.xml file with a text editor like Notepad or Notepad++
7. In safesend-manifest.xml, next to AppDomains, perform a Replace All to replace localhost:44355 with the URL you copied from Azure
8. Save and close safesend-manifest.xml

Congrats! SafeSend has now been installed.

Click here for Microsoft Graph API setup instructions

If you use Microsoft 365 with a Microsoft Azure deployment, the following instructions are required.

1. Sign in to Microsoft Azure Active Directory Admin Center with your administrator credentials
2. Select New Registration
3. On the Register an Application page, set the following values:
   • Name: SafeSend
   • Supported account types: Accounts in any organizational directory (any Entra ID directory - Multitenant) and personal Microsoft accounts (e.g., Skype, Xbox, etc)
   • In the Redirect URI section, select Web from the drop-down menu, then set URI to 'https://<yoursafesendhost>'
4. Choose Register
5. On the SafeSend page, copy and save the Application (client) ID; you'll need this later
6. Under the Manage section, select Authentication
7. Under Implicit Grant and Hybrid Flows, check the box next to Access Tokens (used for implicit flows) and ID Tokens, and click Save
8. Still, under the Manage section, select Certificates & Secrets, then New Client Secret
9. Enter a value for Description, select an appropriate option for Expires, then click Add
10. Copy and save the Client Secret value; you'll need this later

    • Please note that this is the only opportunity you will have to save the Client Secret value; please ensure you save it in a secure location

11. Still, under Manage, select Expose an API
12. Choose the Set link that appears after Application ID URI
13. In the Set App URI panel, change the default value by adding your host before the GUID listed
    • Example: If the default value is api://05adb30e-50fa-4ae2-9cec-eab2cd6095b0, and your app is running on <yoursafesendhost>, the value should be api://<yoursafesendhost>/05adb30e-50fa-4ae2-9cec-eab2cd6095b0
14. Click Save
15. Select Add a Scope 
16. A panel will open; enter access_as_user as the Scope name
17. Who can consent? should be set to Admins only
18. Fill in the fields for configuring the admin consent prompt with values that are appropriate for the `access_as_user` scope
    • This enables the Office client application to use your SafeSend add-in's web APIs with the same rights as the current user
    • Examples: 
      • Admin consent display name**: Office can act as the user
      • Admin consent description**: Enable Office to call the add-in's web APIs with the same rights as the current user
19. Set State to Enabled
20. Select Add Scope
21. In the Authorized client applications section, identify the applications that you want to authorize to your SafeSend add-in's web application
    • Each of the following IDs needs to be pre-authorized:
      • d3590ed6-52b3-4102-aeff-aad2292ab01c (Microsoft Office)
      • ea5a67f6-b6f3-4338-b240-c655ddc3cc8e (Microsoft Office)
      • 57fb890c-0dab-4253-a5e0-7188c88b2bb4 (Office on the web)
      • 08e18876-6177-487e-b8b5-cf950c1e598c (Office on the web)
      • bc59ab01-8403-45c6-8796-ac3ef710b3e3 (Outlook on the web)
22. For each of the IDs above, take the following steps:
    1. Select Add a client application button
    2. In the panel that opens, set the Client ID to the respective GUID 
    3. Check the box for api://<yoursafesendhost>/$App ID GUID$/access_as_user
    4. Select Add application
23. Under Manage, select API Permissions, then Add a Permission
24. On the panel that opens, choose Microsoft Graph then Delegated Permissions
25. Using the Select Permissions search box, search for the following permissions
    • Calendars.ReadWrite.Shared
    • Files.ReadWrite
    • Mail.ReadWrite.Shared
    • offline_access
    • openid
    • profile
    • User.Read
26. Select the checkbox for each permission as it appears; after selecting the permissions, click Add Permissions at the bottom of the panel
27. On the same page, choose Grant Admin Consent for [tenant name] button
28. Select Yes to confirm

29. Update the following settings via Azure portal configuration:
    1. Update AppID using the AppID from Step 5 above
    2. Update AppSecret using ClientSecret from Step 10 above
    3. Ensure EmailProviderUrl is set to https://graph.microsoft.com
30. Navigate to https://<yoursafesendhost>/safesend-manifest.xml,to download the safesend-manifest.xml file

Using SafeSend Web Add-in with a Different Tenant than the one you Registered the Application with

In order to use the SafeSend Web Add-in with a different tenant than the one you registered with, you will need access to a tenant administrator account to perform consent for all of your Microsoft 365 users

1. Browse to `https://login.microsoftonline.com/common/adminconsent?client_id={AppId}&state=12345`, where `{AppId}` is the application ID shown in your app registration
2. Sign in with your administrator account then review the permissions and click Accept
3. The browser will attempt to redirect back to your app, which may not be running
   • You might see a This Site cannot be Reached error after clicking Accept; this is okay as the consent was still recorded