Set up your own
Microsoft Entra ID app.

Open Microsoft Entra ID and start a new app registration

Sign in to portal.azure.com. In the global search bar at the top type Microsoft Entra ID and click the result. In the left sidebar pick App registrations → + New registration.

App registrations is where every Entra ID OAuth client lives.

Fill out the registration form

Name the app VelaReach-Ads. For Supported account types you must pick the multitenant + personal accounts option — otherwise OAuth will fail when users from outside your tenant try to consent.

Multitenant + personal accounts is the only setting that works for Microsoft Ads BYO.

Copy the Application (client) ID

After clicking Register, Azure drops you on the app’s overview page. Look for Application (client) ID — it’s a GUID that looks like a1b2c3d4-e5f6-7890-abcd-ef1234567890. Click the copy icon next to it and stash it somewhere safe.

You’ll also see Directory (tenant) ID on the same page — you don’t need this for VelaReach because you registered the app as multitenant, but it can be useful if you later need to debug.

Create a client secret

In the left sidebar of your new app pick Certificates & secrets → Client secrets tab → + New client secret. Describe it as VelaReach BYO and pick the longest expiry available (24 months at the time of writing). Click Add.

Azure displays the secret value exactly once. Miss this and you’ll have to delete and recreate the secret.

Add API permissions for Microsoft Advertising

Still inside your app, click API permissions → + Add a permission. In the picker that opens, select the APIs my organisation uses tab and search for Microsoft Advertising (it may also appear as Bing Ads). Click it.

Choose Delegated permissions and check the boxes for msads.manage and offline_access. Click Add permissions, then back on the permissions list click Grant admin consent for [your tenant]. The status column should flip from a yellow warning triangle to a green check.

Confirm the Redirect URI is saved

Click Authentication in the left sidebar of your app. Confirm that the redirect URL from Step 2 is listed under Web platform configurations. If it’s missing, click + Add a platform → Web and paste it now:

Also verify these checkboxes under Implicit grant and hybrid flows:

• · Access tokens (used for implicit flows) — unchecked
• · ID tokens (used for implicit and hybrid flows) — unchecked
• · Allow public client flows — No

Grab your Microsoft Advertising developer token

Open ads.microsoft.com in another tab and sign in. In the top navigation click Tools → Developer settings. The developer token is a 16-character alphanumeric string near the top of the page.

If the page says “Request token”, click that button — basic access is granted automatically and instantly for most accounts. Production scale tokens go through a manual review which takes 1–3 business days, but the basic token is enough for VelaReach.

Paste credentials into VelaReach and reconnect

Back in VelaReach: Settings → Integrations → click the Microsoft Ads card → Manage → Advanced tab → Set up BYO app. The wizard asks for three fields:

• · Application (client) ID — from Step 3 (Azure GUID)
• · Client secret value — from Step 4 (the alphanumeric Value column)
• · Developer token — from Step 7 (16-char string from ads.microsoft.com)

Click Test & save. VelaReach calls Microsoft’s token endpoint and the Bing Ads Customer Management service to verify all three credentials work together. Green check marks mean you’re ready to click Reconnect now →.

The OAuth consent screen will display your tenant name and your VelaReach-Ads app rather than VelaReach’s shared one. After consent, if you have access to multiple Microsoft Ads customer IDs, VelaReach will let you pick which ones to track from the account picker.