Registering an App to Connect to Microsoft 365 Using the Azure Portal
IT Asset Management
(Cloud)
Important: The instructions in this section are for use with the
Microsoft 365 connector. This is the recommended
connector to use to create a connection to Microsoft Office 365 on an inventory beacon.
This requires Global Administrator privileges for the initial registration. Using this process, it is possible to specify a client secret (under OAuth) to be used for regular operation of the connector, so that a separate user name and password are not required for operational use.
To register an app in the Azure portal to connect to Microsoft 365:
- With an Azure account with Global Administrator privileges, login to the Microsoft Azure portal.
- In the left navigation bar, click Azure Active Directory.
- Click App registrations.
-
Click the New registration button.
The Register an application page appears.
-
In the Register an application page, do the
following:
- In the Name field, enter FlexNet Beacon.
- In the Supported account types section, choose Accounts in this organizational directory only.
-
Click Register.
The Azure AD application is created, and its FlexNet Beacon overview page appears.
-
On the FlexNet Beacon page, click
Authentication in the middle group of the navigation
bar and do the following:
-
In the Redirect URIs section, either:
- Choose the redirect you would like to use, such as
https://login.microsoftonline.com/common/oauth2/nativeclient
; or - Click Add URI to expose a field where you may enter your preferred value, and then click the check mark at the end of that field.
- Choose the redirect you would like to use, such as
-
Click Save at the top of the page.
After a period of time, the registration completes, and the FlexNet Beacon overview page is displayed.
-
In the Redirect URIs section, either:
-
If you wish to use a client secret to authenticate normal operations of the
Microsoft 365 connector, add a client secret for the FlexNet Beacon
add-in:
- In the navigation bar, select Certificates & secrets.
-
In the Client secrets section of the page, click
New client secret.
A new Add a client secret panel appears.
- Add a Description, which acts as a friendly name for your client secret.
-
Choose how long your client secret should remain valid (between 6
months and two years).
Choose a period that best suits your business processes. Shortly before the client secret expires, you need to generate a new client secret and update your add-in.
-
Click Add at the bottom of the panel.
Your new secret appears temporarily in the list of Client secrets.Important: You must immediately use the copy icon on the right of your new client secret value to capture the client secret and save it to a secure location where you can refer to it later, as it will not be shown in the Azure Partner Center again. Also record the Expires date, so you know the period of validity of your client secret (best practice is to set a reminder in your preferred enterprise technology calendar system to update the client secret shortly before it expires, as described in https://docs.microsoft.com/en-us/office/dev/store/create-or-update-client-ids-and-secrets#bk_update).
-
Only after you have safely copied your new client secret, select
API permissions in the navigation bar, and
then click Add a permission > Microsoft graph > Application permissions.
These permissions are required for the connector to authenticate as itself, without user interaction.
-
Under Select permissions:
- Expand Directory, and select Directory.Read.All.
- Expand Reports, and select Reports.Read.All.
Tip: These permissions require admin consent, described next. The required button is only enabled when you are an administrator and have selected the permissions as just described. -
Above the set of permissions, click Grant admin consent for
client-name. In the confirmation
dialog that appears, confirm the consent action.
The Status column in the list of permissions is updated with green check icons and Granted for client-name against each permission. This completes the settings in the Azure portal, and you can prepare to copy values into your inventory beacon interface.
-
In the navigation bar select Overview again, and
from the tabs across the top, select
Endpoints.
Keep this panel open for copying values to your inventory beacon interface in step 12.
-
On the inventory beacon that will exercise the connection to Microsoft
365, log into the inventory beacon interface as an administrator (for
example, in the Windows Start menu, search for FlexNet Beacon, right-click it, and select Run as
administrator).
Remember: You must run the inventory beacon software with administrator privileges.
- To create a new connection, click the down arrow on the right of the New split button, and choose PowerShell.
-
Complete the following required fields:
- Connection Name: Enter the name of the inventory
connection. The name may contain alphanumeric characters, underscores or
spaces, but must start with either a letter or a number. When the data
import through this connection is executed, the data import task name is
same as the connection name. Example:
Microsoft 365 import
- Source Type: Select Microsoft 365 from this list.
- Connection Name: Enter the name of the inventory
connection. The name may contain alphanumeric characters, underscores or
spaces, but must start with either a letter or a number. When the data
import through this connection is executed, the data import task name is
same as the connection name. Example:
-
Optionally, if your enterprise uses a proxy server to enable Internet access,
complete the values in the Proxy Settings section of the
dialog box in order to configure the proxy server connection:
- Use Proxy: Select this check box if your enterprise uses a proxy server to enable Internet access. Complete the additional fields in the Proxy Settings section, as needed. If the Use Proxy check box is not selected, the remaining fields in the Proxy Settings section are disabled.
- Proxy Server: Enter the address of the proxy
server using HTTP, HTTPS, or an IP address. Use the format
https://ProxyServerURL:PortNumber
,http://ProxyServerURL:PortNumber
, orIPAddress:PortNumber
). This field is enabled when the Use Proxy check box is selected. - Username and Password: If your enterprise is using an authenticated proxy, specify the username and password of an account that has credentials to access the proxy server that is specified in the Proxy Server field. These fields are enabled when the Use Proxy check box is selected.
-
Complete the fields in the Microsoft 365 section:
The source contents for most fields in this section are waiting in your Azure session, opened to the FlexNet Beacon product overview page.
-
In the Azure product overview, ensure that you have clicked the
Endpoints tab (near the top), and have open
the panel listing multiple endpoints.
- Click the Click to copy icon to the right of the OAuth 2.0 token endpoint (v2) field.
- Paste this value into the Token Endpoint field in the inventory beacon interface.
-
In Azure, in the Overview page:
- Click the Click to copy icon to the right of the Application (client) ID field.
- Paste this value into the Application (client) ID field in the inventory beacon interface.
-
In Azure, in the Overview page, click the
hyperlink in the Redirect URIs section. This opens
the Authentication page.
- Click the Click to copy icon to the right of theRedirect URIs setting you selected; or if you specified a custom URI, copy that URI.
- Paste this value into the Redirect URI field in the inventory beacon interface.
-
In the inventory beacon interface, from the
Authentication Flow drop-down, choose
either:
- Client Credentials if you are using a client secret to authenticate connection to Microsoft 365. A Client Secret field appears: copy your client secret from the secure location where you previously saved it, and paste it into this field.
- Authorization Code if you are
not using a client secret, and instead are using a
refresh token to authenticate connection to Microsoft 365. An
Authorization Endpoint field appears.
- In Azure, in the Overview page, click Endpoints again.
- Click the Click to copy icon to the right of the OAuth 2.0 authorization endpoint (v2) field.
- Paste this value into the Authorization Endpoint field in the inventory beacon interface.
- To generate a Refresh Token to authenticate the connection to Microsoft 365, click the Generate... button.
- In the pop-up, log into Azure with your account name and password.
- In Azure, in the panel for Permissions requested, select Consent on behalf of your organization, and click Accept.
- Optionally, validate your settings in Azure by navigating to API permissions, where your Configured permissions list should display green "Granted" check marks for all four rights under Microsoft Graph.
-
In the Azure product overview, ensure that you have clicked the
Endpoints tab (near the top), and have open
the panel listing multiple endpoints.
- At the bottom of the FlexNet Beacon interface, click Test connection for a success message (or use the error message to commence your trouble-shooting).
-
When the connection is successful, click Save.
Tip: Optionally, you may wish to select your connection, and click Execute Now, before you exit.
- When you are done, click Exit.
IT Asset Management (Cloud)
Current