Visio Client Credentials

Best Practice:Flexera recommends creating the Microsoft 365 Client Credentials integration to view your organization’s Office 365 Client Credentials, Dynamics 365 Client Credentials, Power BI Client Credentials, Project Client Credentials, and Visio Client Credentials license usage data. Any existing Office 365 Client Credentials, Dynamics 365 Client Credentials, Power BI Client Credentials, Project Client Credentials, and Visio Client Credentials integrations in SaaS Management will be superseded by this new Microsoft 365 Client Credentials integration. To deactivate an existing integration, refer to Avoiding Duplicate Microsoft 365 Client Credentials Licenses between SaaS Management and IT Asset Management.

Microsoft Visio is software used for drawing a variety of diagrams. These diagrams include flowcharts, org charts, building plans, floor plans, data flow diagrams, process flow diagrams, business process modeling, swimlane diagrams, 3D maps, and more.

Important:This Visio integration requires the authentication method OAuth2 with client credentials.

•

Information Stored

•

Minimum Permissions Required

•

Authentication Method

•

Credentials Required

•

Obtaining Client Credentials and Tenant ID

•

Data Anonymization

•

Integrating Visio Client Credentials with SaaS Management

•

API Endpoints

Information Stored

The following table describes the available integration tasks and stored data.

Available Integration Tasks

Integration Task	Information Stored
Application Roster	• User ID (User Principal Name) • Email • First Name • Last Name • Active Date
Application Access	• User ID (User Principal Name) • Last Login

Note:The information stored is subject to change as enhancements are made to the product.

Minimum Permissions Required

Minimum API required permissions are based on the Application Permission and User Role .

Application Permission

Application Permission

Permission	Description	Integration Task Name
Directory.Read.All	To read the list of users in your Microsoft account	Application Roster
AuditLog.Read.All	To read the audit log details in your Microsoft account	Application Access

User Role

User Role

Role	Description
Global Administrator	To grant the application permissions, the user must have Global Administrator access. For details, refer to the Microsoft documentation Azure AD Built-In Roles.

Note:To fetch sign-in events, you must have an Azure AD Premium P1 or Premium P2 license assigned per tenant (for details, refer to Azure Active Directory editions), and you must ensure the Office 365 audit log is turned on (for details, refer to Turn Office 365 audit log search on or off).

Authentication Method

OAuth2 with Client Credentials. For details, refer to Microsoft’s instructions in Microsoft identity platform and OAuth 2.0 client credentials flow.

Credentials Required

•

Client ID

•

Client Secret

•

Tenant ID

Obtaining Client Credentials and Tenant ID

To obtain client credentials and tenant ID, perform the following steps.

To obtain Client Credentials and Tenant ID:

1.

Sign in to your Microsoft Azure Portal.

2.

In the Search box at the top of the screen, enter App registrations and click App registrations in the search results to select it. The App registrations page opens.

3.

Click New Registration. The Register an application page opens.

4.

Enter a Name and choose the Accounts in this organizational directory only option.

5.

Click Register.

6.

On the Overview tab, copy the Application (client) ID and copy the Directory (tenant) ID to a location you can access later. You will need these values in Integrating Visio Client Credentials with SaaS Management.

7.

To generate a Client secret, do the following:

a.

Click the Certificates & secrets tab.

b.

Under Client secrets, click New client secret. The Add a client secret dialog box opens.

c.

In the Description field, enter a name for the new secret.

d.

Under Expires, choose an expiration value.

e.

Click Add.

f.

Under Client secrets, copy the client secret value. You will need this in Integrating Visio Client Credentials with SaaS Management.

8.

Click the API permissions tab and do the following:

a.

Click Microsoft Graph. The Request API permissions panel opens.

b.

Click Application permissions.

Note:Do not select Delegated permissions. Delegated permissions will not work.

c.

In the Select permissions search box, enter AuditLog and then click the arrow to expand AuditLog, and select the AuditLog.Read.All permission check box.

d.

In the Select permissions search box, enter Directory and then click the arrow to expand Directory, and select the Directory.Read.All permission check box.

e.

Click Update permissions.

9.

Once the permissions are added, grant admin consent.

10.

Complete Integrating Visio Client Credentials with SaaS Management.

Data Anonymization

Data anonymization is the processing technique that removes or modifies identifiable information. Once the process is complete, data cannot be associated with a specific user. It helps protect private and sensitive data as well as private activities while maintaining its integrity.

When adding the Visio Client Credentials application, it is important to make sure that anonymized users are not imported from Office 365 into SaaS Management. You will need to access reports that provide information about your organization’s use of applications and services.

The following procedure is important as a prerequisite to ensure that anonymized user data is not imported when integrating Visio Client Credentials with SaaS Management.

To view reports with anonymized user data:

1.

Sign in to the Microsoft 365 Portal Admin Center.

2.

In the menu, go to Settings > Org settings and click the Services link at the top.

3.

Scroll down and click Reports.

4.

In the window that is displayed, clear the Display concealed user, group, and site names in all reports box.

5.

Proceed to Integrating Visio Client Credentials with SaaS Management.

Note:Ensure that data anonymization is disabled in your Microsoft account. Otherwise, all activity data will end up in Suspicious SaaS Activities. For more information, see the Microsoft documentation regarding Showing Anonymous User Names. If anonymized user data has been imported after integrating Visio Client Credentials with SaaS Management, submit a Support Case.

Integrating Visio Client Credentials with SaaS Management

To integrate Visio Client Credentials with SaaS Management, perform the following steps.

To integrate Visio Client Credentials with SaaS Management:

1.

In the Microsoft admin portal, enter your Global Administrator username and password to sign in.

2.

From your Microsoft account, copy the Client ID, Client Secret, and Tenant ID values.

3.

in SaaS Management, add the Visio Client Credentials application. Refer to Adding an Application.

4.

In the Add Application screen for Visio with Client Credentials:

a.

Select the Application Roster and Application Access check boxes located under Integration Tasks.

b.

Paste the previously copied values for Client ID, Client Secret, and Tenant ID.

c.

Click Authorize.

Note:All blocked users will be displayed as normal users in SaaS Management.

API Endpoints

Application Roster

https://graph.microsoft.com/v1.0/users

Application Access

https://graph.microsoft.com/v1.0/auditLogs/signIns

Note:Due to the limitations in Microsoft Graph APIs, we are not able to capture Suspicious Activities for the Visio integration.