Prerequisites and Configuration Considerations

IT Asset Management (Cloud)

This topic describes prerequisites and configuration considerations for:

  • Each inventory beacon that needs to download data from Microsoft 365
  • The Microsoft 365 or Microsoft Office 365 (deprecated) connector.

The inventory beacon

The inventory beacon that will collect inventory for Microsoft 365 in the cloud requires a 64-bit operating system: Windows Server 2008 R2 SP1 or later, or Windows 7 SP1 or later.

Make sure that the following PowerShell connector prerequisite is met on each inventory beacon that needs to download data from Microsoft Office. This requirement should have been met when the inventory beacon was installed:

  • PowerShell 5.1 or later, with the PowerShell execution policy set to RemoteSigned
    Tip: Run PowerShell with administrator rights to execute the following commands:
    To check the currently-installed version of PowerShell:
    $PSVersionTable.PSVersion
    To set PowerShell execution policy:
    Set-ExecutionPolicy RemoteSigned

Only if you are using the Microsoft Office 365 (deprecated) connector, the following additional prerequisites must be also met (and are not required for the Microsoft 365 connector):

  • 64-bit version of the Microsoft Online Services Sign-in Assistant
  • Microsoft Azure Active Directory Module for Windows PowerShell (Microsoft Office 365 uses Azure Active Directory to manage user identities behind the scenes). Install the Microsoft Azure Active Directory Module for Windows PowerShell with these steps:
    1. Open an administrator-level PowerShell command prompt.
    2. Run the Install-Module MSOnline command.
    3. If prompted to install the NuGet provider, type Y and press ENTER.
    4. If prompted that the installer is not signed, type Y and press ENTER
    5. If prompted to install the module from PSGallery, type Y and press ENTER.
  • Skype for Business Online, Windows PowerShell Module 64-bit version (see https://docs.microsoft.com/en-us/skypeforbusiness/set-up-your-computer-for-windows-powershell/download-and-install-the-skype-for-business-online-connector).

The inventory beacon also needs an appropriate version of the FlexNet Beacon software. The FlexNet Beacon released with IT Asset Management 2018 R2 (13.1.1) or later is required to use the Microsoft 365 connector. However, installing the FlexNet Beacon included in the 2019 R1 (13.2.0) or later release provides maximum ease-of-use with the Microsoft 365 connector by including auto-populated values on the Create PowerShell Source Connection dialog (that otherwise need to be entered manually). In addition, if you are using a FlexNet Beacon released prior to IT Asset Management 2019 R1, then Microsoft Office 365 (deprecated) will not appear as a Source Type connection on the Create PowerShell Source Connection dialog, and instead will remain Microsoft Office 365.

Microsoft 365 connector configuration

There are three different possibilities for configuring your Microsoft 365 connector, each of which is described in detail in a following topic:
  1. You can configure the Microsoft 365 connector using a multi-tenant app supplied by Flexera (and thus avoid configuring your own app). This requires the Cloud Application Administrator and Reports Reader roles, so that FlexNet Beacon can retrieve a token allowing read-only access to Microsoft Graph APIs. Microsoft Graph APIs allow only an administrator to read Users, Subscribed SKUs, and Reports from Microsoft 365. For more background, see https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles. For a step-by-step procedure, see Using IT Asset Management’s Multi-Tenant App to Connect to Microsoft 365.
  2. You can configure the Microsoft 365 connector using your own single-tenant app. This offers two kinds of authentication:
    • You can use similar credentials to the first case of the Flexera-supplied app
    • Importantly, you can instead configure a client secret that, for the lifetime that you declare, can be used to collect the appropriate data (without using additional credentials).
    A detailed procedure covering either kind of authentication is available from Registering an App to Connect to Microsoft 365 Using the Azure Portal.
  3. If necessary, you can use the Microsoft Office 365 (deprecated) connector. If the maximum privileges of Global administrator cannot be used, then in order to collect usage data, the integration user must at a minimum have Exchange administrator and Skype for Business administrator roles in Microsoft 365 (available as check boxes under the Custom administrator role). For more information, see the Microsoft topic About admin roles in the Microsoft 365 admin center. For a step-by-step procedure, see Creating Connections Using the Microsoft Office 365 (Deprecated) Connector.

Microsoft 365 admin center configuration

For each tenant, the Display concealed user, group, and site names in all reports option in the Microsoft admin center is selected by default. This default configuration will prevent the Microsoft 365 connector from reading the usage data. Therefore, you need to change the default configuration by performing the following steps:
  1. In the Microsoft admin center, go to Settings > Org Settings > Services.
  2. Select Reports.
  3. Clear the selection for the statement Display concealed user, group, and site names in all reports, and then save your changes.
For more information, see the Show user details in the reports section in the Microsoft topic Microsoft 365 Reports in the admin center.

Network

For information relating to the network requirements for your firewall or proxy server, see the Microsoft topic Office 365 URLs and IP address ranges. You may also like to refer to the Flexera knowledge base article How to configure Office 365 connector in a proxy enabled environment or firewall.

IT Asset Management (Cloud)

Current