PST Flight Deck can now be configured to use Modern Authentication (oAuth) in order to authenticate with Microsoft Office 365.  Please see underneath the video for a text step-by-step guide.

Note: oAuth is currently supported over the EWS endpoints. Support for PowerShell is anticipated in the future.

Configuring oAuth with a certificate

Step 1: Create a new Registered Application in Azure (details steps with screenshots can be found here)

To get an application ID: 

  1. Go to and log in to your Office 365 tenant with an administrator account. 
  2. From the left menu, select Azure Active Directory > App registrations. 
  3. Click New registration. 
  4. Enter a name. 
  5. From the Supported account types, select Supported Account Type – Single tenant.
  6. Select Web for the application type under the Redirect URI section. 
  7. Enter the URL value: http://localhost 
  8. Click Register. 
  9. Copy the Application (client) ID and save it somewhere you will remember and securely. You will need it later. 


Step 2: Add a certificate to the server running the O365 module. 
For this step you will need a SHA-1 certificate that will be used to establish a secure connection from this workstation to O365. This can be done with a certificate from a trusted certificate authority or a self-signed certificate. Below we assume you do not have a trusted certificate to use and need to create a certificate to use. There are many ways to create a certificate on a Windows server and below we are using PowerShell modules.
To create a self-signed certificate in Windows Server 2016: 

  1. Access the server where the O365 module is installed. 
  2. Launch PowerShell and type the following commands: 

 # Create certificate 

$cert = New-SelfSignedCertificate -DnsName “” -CertStoreLocation “cert:\LocalMachine\My” -Provider ‘Microsoft RSA SChannel Cryptographic Provider’

$password = ConvertTo-SecureString -String “Password123456” -Force -AsPlainText

# Used for authentication -> load it from disk 

Export-PfxCertificate -Cert $cert –FilePath ($localPath.Path+”\PSTFlightDeck.pfx”) -Password $password 

# Export certificate to a .cer file: 

Export-Certificate -Type CERT -Cert $cert –FilePath ($localPath.Path+”\PSTFlightDeck.cer”) 

* Where “UseSecurePasswordHere” is the desired password of the certificate. 
To add an untrusted certificate to your bridgehead server’s local certificate store: 

  1. Access the server where the PSTFlightDeck O365 Ingest module is installed.
  2. Open the certificates manager by start/run certlm.msc 
  3. Expand Trusted Root Certificate Authorities > Certificates. 
  4. Right-click Certificates and select All Tasks > Import… to launch the Certificate Import Wizard. 
  5. Locate the (.cer) certificate file and follow the wizard prompts. 
  6. Supply password, if required. 
  7. Right-click Certificates and select All Tasks > Import… to launch the Certificate Import Wizard. 
  8. Locate the (.pfx) certificate file and follow the wizard prompts. 
  9. Supply the password, if required. 

Step 3: Get a Thumbprint. 
To get a thumbprint: 

  1. Return to the Azure portal and access Azure Active Directory > App registrations > owned applications, and find the application you created in Step 1 above. 
  2. Select your application, and then select API Permissions. 
  3. Click Add a Permission. 
  4. In the Add API access section > Select an API, choose Exchange. 
  5. In the Select permissions > Enable Access section, select the option to Use Exchange Web Services with full access to all mailboxes(full_access_as_app) 
  6. Click Add permissions. 
  7. Click Grant Admin consent. 
  8. Go to Certificates & Secrets and click the Upload Certificate button. 
  9. Upload your certificate file from Step 2. 
  10. Copy the certificate Thumbprint and save it somewhere. You will need it later.


Step 4: Add your Application ID and Thumbprint on the server running the PST Flight Deck O365 ingest module 
To do this: 

  1. Open Credential Editor (By default it can be found under “C:\Program Files\Quadrotech\PST Flight Deck\Modules\Office365 Module”.)
  2. Select the Office365  tab and click Add. 
  3. Enter the Application ID, Thumbprint, and Tenant (eg. 
  4. Save and close the Credential Editor. 
Print Friendly, PDF & Email