Prerequisites and Configuration Considerations

FlexNet Manager Suite 2020 R1 (On-Premises)

This chapter describes prerequisites and configuration considerations for:

  • Each inventory beacon that needs to download data from Microsoft Office 365
  • The Microsoft 365 or Microsoft Office 365 (deprecated) connector

FlexNet Beacon

The FlexNet Beacon released with FlexNet Manager Suite 2018 R2 or later is required to use the Microsoft 365 connector. However, installing the FlexNet Beacon included in the 2019 R1 or later release provides maximum ease-of-use with the Microsoft 365 connector by including auto-populated values on the Create PowerShell Source Connection dialog (that otherwise need to be entered manually). In addition, if you are using a using a FlexNet Beacon released prior to FlexNet Manager Suite 2019 R1, then Microsoft Office 365 (deprecated) will not appear as a Source Type connection on the Create PowerShell Source Connection dialog, and instead will remain Microsoft Office 365.

In addition, the inventory beacon that will collect inventory for Office 365 in the cloud requires a 64-bit operating system: Windows Server 2008 R2 SP1 or later, or Windows 7 SP1 or later.

Microsoft connector

Ensure that the account used to connect to the Microsoft Office 365 tenant(s) has the required privileges:

  • For the Microsoft 365 connector, the Cloud Application Administrator and Reports Reader roles are required in order for the FlexNet Beacon to retrieve a token that allows read only access to Microsoft Graph. For more information, see the note below as well as: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles.
    Note: To be able to show Office 365 license consumption information in FlexNet Manager Suite, Microsoft requires read access for Users, Subscribed SKUs, and Reports from Office 365. FlexNet Beacon uses Microsoft Graph APIs to retrieve this data from Office 365. Microsoft Graph APIs only allow an administrator to read all of this information.

    However, FlexNet Beacon does not use credentials to connect to Office 365 via Microsoft Graph, which would give it full access as the user, but instead requests a token from Microsoft. Microsoft generates this token to allow access only to requested resources, and only for requested permissions. The token cannot be used to access any other resources and cannot be used to access any information on requested objects which requires other permissions. For example, a User.ReadAll permission only allows getting a list of users but does not allow getting a list of Calendar events or reading mail. The generated refresh token can only be used to access data that the user sees and consents to during the token generation process, which is offline read-only access to Active Directory and Reports (directory.read.all, reports.read.all, and offline_access). Offline means the FlexNet Beacon can connect and get data from Office 365 at schedule run without user actually signing in.

  • For the Microsoft Office 365 (deprecated) connector, if the maximum privileges of Global administrator cannot be used, then in order to collect usage data, the integration user must at a minimum have Exchange administrator and Skype for Business administrator roles in Office365 (available as check boxes under the Custom administrator role). For more information, see https://support.office.com/en-gb/article/About-Office-365-admin-roles-da585eea-f576-4f55-a1e0-87090b6aaa9d?ui=en-US&rs=en-GB&ad=GB.

Make sure that the following PowerShell connector prerequisite is met on each inventory beacon that needs to download data from Microsoft Office. These requirements should have been met when the inventory beacon was installed:

  • PowerShell 5.1 or later, with the PowerShell execution policy set to RemoteSigned
    Tip: Run PowerShell with administrator rights to execute the following commands:
    To check the currently-installed version of PowerShell:
    $PSVersionTable.PSVersion
    To set PowerShell execution policy: 
       Set-ExecutionPolicy RemoteSigned

The following Microsoft Office 365 (deprecated) connector-specific prerequisites must be also met on each inventory beacon that needs to download data from Microsoft Office 365. These prerequisites are required for the Microsoft Office 365 (deprecated) connector only and are not needed for the Microsoft 365 connector):

  • 64-bit version of the Microsoft Online Services Sign-in Assistant.
  • Microsoft Azure Active Directory Module for Windows PowerShell. Microsoft Office 365 uses Azure Active Directory to manage user identities behind the scenes). To install the Microsoft Azure Active Directory Module for Windows PowerShell with these steps:
    1. Open an administrator-level PowerShell command prompt.
    2. Run the Install-Module MSOnline command.
    3. If prompted to install the NuGet provider, type Y and press ENTER.
    4. If prompted that the installer is not signed, type Y and press ENTER
    5. If prompted to install the module from PSGallery, type Y and press ENTER.
  • Skype for Business Online, Windows PowerShell Module 64-bit version (https://www.microsoft.com/en-us/download/details.aspx?id=39366).

Network

For information relating to the network requirements for your firewall or proxy server, please refer to the Microsoft documentation https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges. You may also like to refer to the Flexera knowledge base article How to configure Office 365 connector in a proxy enabled environment or firewall

FlexNet Manager Suite (On-Premises)

2020 R1