Troubleshooting Microsoft 365 Connector Imports from Microsoft 365

IT Asset Management (Cloud)
Important: The troubleshooting in this section applies to connections to Microsoft 365 that use the Microsoft 365 connector. For help with troubleshooting connections using the Microsoft Office 365 (deprecated) connector, see Troubleshooting Microsoft Office 365 (Deprecated) Connector Imports from Office 365.
Symptom Recommendation
The Authorization Endpoint, Token Endpoint, Application (client) ID or Redirect URI values are blank in the PowerShell connection dialog.

Check whether you are using a FlexNet Beacon older than the one included with IT Asset Management 2019 R1.. If so, you will need to manually enter these values:

  • Authorization Endpoint: https://login.microsoftonline.com/common/oauth2/v2.0/authorize
  • Token Endpoint: https://login.microsoftonline.com/common/oauth2/v2.0/token
  • Application (client) ID: 5bb1a5a2-0d97-4335-9448-119f7b27aff9
  • Redirect URI: https://login.microsoftonline.com/common/oauth2/nativeclient
A blank pop-up screen appears when you click the Generate... button (next to the Refresh Token field) when attempting to generate a refresh token that will be used to integrate with Microsoft 365. You most likely need to set the PowerShell execution policy. Run PowerShell with administrator rights to execute the following command:
   Set-ExecutionPolicy RemoteSigned
You get a Need admin approval dialog saying that the FlexNet Beacon needs permission to access resources in your organization that only an admin can grant.

Ensure that the account used to connect to the Microsoft 365 tenant(s) has the Cloud application administrator role. This role is required in order for the FlexNet Beacon to retrieve a token that allows read only access to Microsoft Graph. For more information, see https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles.

You receive an authorization error that informs that you are not authorized to access this site.

This may be because the machines do not have permissions to access the Microsoft Authentication site. Ensure that you provide proxy information if the machine uses proxy settings. Also, open a Web browser, navigate to https://login.microsoftonline.com and log on when asked, to validate that you can successfully authenticate on this machine.

If you still see issues, contact Flexera with information from this and other steps. Note the steps that caused your issue and save any necessary screenshots to report to Flexera. Also include what kind of authentication service is used in your organization and what region and country the machine and Microsoft 365 tenant reside. Note that some regions (e.g., Germany) have separate login URLs as explained in https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-national-cloud.

You receive an Inventory gathering or Usage error. Errors like Inventory gathering failed. Error: The remote server returned an error: (403) Forbidden may occur when the Reports Reader and Cloud Application Administrator roles privilege are not present for the account used to generate your token.

IT Asset Management (Cloud)

Current