Visio

Best Practice:Visio is no longer available when selecting Add Application on the Managed SaaS Applications page. Use instead the Microsoft 365, Microsoft 365 Certificate Based Authentication, or Microsoft 365 Client Credentials integration to view your organization’s Office 365, Dynamics 365, Power BI, Project, and Visio license usage data. To deactivate an existing integration, see Avoiding Duplicate Microsoft 365 Licenses between SaaS Management and IT Asset Management.

Microsoft Visio is software used for drawing a variety of diagrams. These diagrams include flowcharts, org charts, building plans, floor plans, data flow diagrams, process flow diagrams, business process modeling, swimlane diagrams, 3D maps, and more.

The following sections provide prerequisites, resources, and instructions for integrating with SaaS Management.

Stored Visio Information
Required Minimum Permissions for Visio
Visio Authentication Method
Required Visio Credentials
Data Anonymization for Visio
Integrating Visio With SaaS Management
Visio API Endpoints

Stored Visio Information

The following table describes the available integration tasks and stored data.

Available Integration Tasks

Information Stored

Application Roster

User ID (User Principal Name)
Email
First Name
Last Name
Active Date

Application Access

User ID (User Principal Name)
Last Login

Note:The information stored is subject to change as enhancements are made to the SaaS application.

Required Minimum Permissions for Visio

Minimum API required permissions are based on the Required Application Permissions for Visio and the Required User Role for Visio.

Required Application Permissions for Visio

Application Permission

Description

Integration Task Name

Directory.Read.All

To read the list of users in your Microsoft account

Application Roster

AuditLog.Read.All

To read the audit log details in your Microsoft account

Application Access

Offline_access

This permission is necessary for the refresh token generation.

 

Required User Role for Visio

Note:The following SaaS application user role is not applicable to Flexera One roles.

User Role

Description

Application Administrator

To grant the application permissions, the user must have Application Administrator access. For details, see Microsoft’s description of the Application Administrator.

Note:the following:

After the Authorization is completed and the integration tasks are executed successfully, the user role can be reduced to the Report Reader role.
After Authorizing, changing the password, or revoking the user roles for the user used for authorizing will result in an integration task failure.
To fetch sign-in events, you must have an Azure AD Premium P1 or Premium P2 license assigned per tenant (for details, see Azure Active Directory editions), and you must ensure the Office 365 audit log is turned on (for details, see Turn Office 365 audit log search on or off).

Visio Authentication Method

OAuth2 with Authorize flow. For details, see Microsoft’s instructions in Microsoft identity platform and OAuth 2.0 authorization code flow.

Required Visio Credentials

Username
Password

Note:Username and Password are required only for authorizing the application permissions. These values are not stored in SaaS Management.

Data Anonymization for Visio

Data anonymization is the processing technique that removes or modifies identifiable information. After the process is complete, data cannot be associated with a specific user. It helps protect private and sensitive data as well as private activities while maintaining its integrity.

When adding the Visio application, it is important to make sure that anonymized users are not imported from Visio into SaaS Management. You will need to access reports that provide information about your organization’s use of applications and services.

The following procedure is important as a prerequisite to ensure that anonymized user data is not imported when integrating Visio with SaaS Management.

To view reports with anonymized user data:

1. Sign in to the Microsoft 365 Portal Admin Center.
2. In the menu, go to Settings > Org settings and click the Services link at the top.
3. Scroll down and click Reports.
4. In the window that is displayed, clear the Display concealed user, group, and site names in all reports box.
5. Proceed to Integrating Visio With SaaS Management.

Note:Ensure that data anonymization is disabled in your Microsoft account. Otherwise, all activity data will end up in Suspicious SaaS Activities. For more information, see the Microsoft documentation regarding Showing Anonymous User Names. If anonymized user data has been imported after integrating Visio with SaaS Management, submit a Support Case.

Integrating Visio With SaaS Management

Complete the following steps to integrate Visio with SaaS Management.

To integrate Visio with SaaS Management:

1. In SaaS Management, add the Visio application. For details, see Adding an Application.
2. Click Authorize, which will redirect you to the Microsoft portal.
3. In the Microsoft portal, enter your Application Administrator username and password to sign in.
4. In the Microsoft Permissions requested window, click Accept to authorize and provide access to the account for the APIs used in the integration.

Clicking the Accept link redirects you to the Microsoft portal.

Note:All blocked users will be displayed as normal users in SaaS Management.

Visio API Endpoints

Application Roster

https://graph.microsoft.com/v1.0/users

Application Access

https://graph.microsoft.com/v1.0/auditLogs/signIns

Note:Due to the limitations in Microsoft Graph APIs, we are not able to capture Suspicious Activities for the Visio Client Credentials integration.