Using IT Asset Management’s Multi-Tenant App to Connect to Microsoft 365

Important: The instructions in this section are for use with the Microsoft 365 connector. This is the recommended connector to use to create a connection to Microsoft Office 365 on an inventory beacon. If you would like instructions using the legacy Microsoft Office 365 (deprecated) connector, see Creating Connections Using the Microsoft Office 365 (Deprecated) Connector.

Important:The FlexNet Beacon released with IT Asset Management 2018 R2 or later is required to use the Microsoft 365 connector. However, installing the FlexNet Beacon included in the 2019 R1 or later release provides maximum ease-of-use with the Microsoft 365 connector by including auto-populated values on the Create PowerShell Source Connection dialog (that otherwise need to be entered manually).

The Microsoft 365 connector uses a pre-registered multi-tenant app that has been configured by Flexera for the purpose of collecting Microsoft Office 365 data. This app is configured to allow our customers to collect data without the hassle of registering an app in their own instance. Use the following procedure to create a connection to Microsoft 365 on an inventory beacon using IT Asset Management's multi-tenant app.

To to create a connection to Microsoft 365 on an inventory beacon using IT Asset Management's multi- tenant app:

1. Log into the inventory beacon interface as an administrator (for example, in the Windows Start menu, search for FlexNet Beacon, right-click it, and select Run as administrator).

Tip:Remember that you must run the inventory beacon software with administrator privileges.

2. From the Data collection group in the navigation bar, choose Inventory Systems.
3. Choose either of the following:
To change the settings for a previously-defined connection, select that connection from the list, and click Edit....
To create a new connection, click the down arrow on the right of the New split button, and choose Powershell.
4. Complete (or modify) the values for the following required fields:
Connection Name—The name of the inventory connection. The name may contain alphanumeric characters, underscores or spaces, but must start with either a letter or a number. When the data import through this connection is executed, the data import task name is same as the connection name.
Source Type—Select Microsoft 365 from this list.
5. Optionally, if your enterprise uses a proxy server to enable Internet access, complete (or modify) the values in the Proxy Settings section of the dialog box in order to configure the proxy server connection.
Use Proxy—Select this check box if your enterprise uses a proxy server to enable Internet access. Complete the additional fields in the Proxy Settings section, as needed. If the Use Proxy check box is not selected, the remaining fields in the Proxy Settings section are disabled.
Proxy Server—Enter the address of the proxy server using HTTP, HTTPS, or an IP address. Use one of the following formats:

https://ProxyServerURL:PortNumber

http://ProxyServerURL:PortNumber

IPAddress:PortNumber

This field is enabled when the Use Proxy check box is selected.

Username and Password—If your enterprise is using an authenticated proxy, specify the username and password of an account that has credentials to access the proxy server that is specified in the Proxy Server field. These fields are enabled when the Use Proxy check box is selected.
6. In the Microsoft 365 section, do the following:
a. Note that the following fields are auto-populated if you have installed the FlexNet Beacon released with IT Asset Management 2019 R1 or later. If you have not installed this FlexNet Beacon, then manually enter the following values into these fields:

Field

Value

Authorization Endpoint

https://login.microsoftonline.com/common/oauth2/v2.0/authorize

Token Endpoint

https://login.microsoftonline.com/common/oauth2/v2.0/token

Application (client) ID

5bb1a5a2-0d97-4335-9448-119f7b27aff9

Redirect URI

https://login.microsoftonline.com/common/oauth2/nativeclient

b. Next to the Refresh Token click the Generate button to generate a refresh token that will be used to integrate with Microsoft 365.

When you click the Generate button to the right of the Refresh Token field, a Microsoft popup appears asking you to Pick an account to use to log into Microsoft Office 365.

c. Choose an Active Directory account with Cloud application administrator role privileges and enter the password.

Tip:The Cloud application administrator role is required in order for the FlexNet Beacon to retrieve a token that allows read only access to Microsoft Graph. For more information, see Administrator role permissions in Azure Active Directory. The generated refresh token can only be used to access data that user sees and consents to during the token generation process, which is offline read-only access to Active Directory and Reports (directory.read.all, reports.read.all, and offline_access). Offline means the FlexNet Beacon can connect and get data from Office 365 at schedule run without user actually signing in.

A Permissions requested dialog appears.

d. Click Consent on behalf of your organization to accept the read only permissions that will be granted to the refresh token.
e. Click Accept.

The Refresh Token field is now populated.

7. At the bottom of the FlexNet Beacon interface, click Save, and if you are done, also click Exit.

Tip:Consider whether you want to select your connection, and click Execute Now, before you exit. For information about scheduling data imports through this connection, see Scheduling a Connection in the online help.

After a successful data import, the users, applications, licenses, and usage data are all visible in the appropriate pages of IT Asset Management.

Note:To know more about the operations available on the Inventory Systems tab of FlexNet Beacon, see Inventory Systems Tab. For scheduling data imports through this connection, see Scheduling a Connection.