Important: The instructions in this section are for use
with the
Microsoft 365 connector. This is the recommended
connector to use to create a connection to Microsoft Office 365 on an
inventory beacon. If you would like instructions for using the legacy
Microsoft Office 365 (deprecated) connector, see
Creating Connections Using the Microsoft Office 365 (Deprecated)
Connector.
Important: The FlexNet Beacon released with IT Asset Management 2018 R2 or later is required to use the Microsoft 365
connector. However, installing the FlexNet Beacon included in the
2019 R1 or later release provides maximum ease-of-use with the Microsoft
365 connector by including auto-populated values on the Create
PowerShell Source Connection dialog (that otherwise need to be entered
manually).
The Microsoft 365 connector uses a pre-registered multi-tenant app that has
been configured by Flexera for the purpose of collecting Microsoft Office 365 data.
This app is configured to allow our customers to collect data without the hassle of
registering an app in their own instance. Use the following procedure to create a
connection to Microsoft 365 on an inventory beacon using IT Asset Management's multi-tenant app.
To to create a connection to Microsoft 365 on an inventory beacon
using IT Asset Management's multi-tenant app:
-
Log into the inventory beacon interface as an administrator (for example, in
the Windows Start menu, search for FlexNet Beacon, right-click it, and
select Run as administrator).
Tip: Remember that you must run the inventory beacon
software with administrator privileges.
-
From the Data collection group in the navigation bar,
choose Inventory Systems.
-
Choose either of the following:
- To change the settings for a previously-defined connection,
select that connection from the list, and click
Edit....
- To create a new connection, click the down arrow on the right of the
New split button, and choose
Powershell.
-
Complete (or modify) the values for the following required fields:
- Connection Name: The name of the inventory
connection. The name may contain alphanumeric
characters, underscores or spaces, but must start with either a
letter or a number.
When the data import through this connection is executed, the data
import task name is same as the connection name.
- Source Type: Select Microsoft
365 from this list.
-
Optionally, if your enterprise uses a proxy server to enable Internet access,
complete (or modify) the values in the Proxy Settings
section of the dialog box in order to configure the proxy server
connection.
- Use Proxy: Select this check box if your
enterprise uses a proxy server to enable Internet access. Complete the
additional fields in the Proxy Settings section,
as needed. If the Use Proxy check box is not
selected, the remaining fields in the Proxy
Settings section are disabled.
- Proxy Server: Enter the address of the proxy
server using HTTP, HTTPS, or an IP address. Use the format
https://ProxyServerURL:PortNumber
,
http://ProxyServerURL:PortNumber
, or
IPAddress:PortNumber)
. This field is enabled when
the Use Proxy check box is selected.
- Username and Password: If
your enterprise is using an authenticated proxy, specify the username
and password of an account that has credentials to access the proxy
server that is specified in the Proxy Server
field. These fields are enabled when the Use
Proxy check box is selected.
-
In the Microsoft 365 section, do the following:
-
Note that the following fields are auto-populated if you have installed
the FlexNet Beacon released with IT Asset Management 2019
R1 or later. If you have not installed this FlexNet Beacon,
then manually enter the following values into these fields:
- Token Endpoint:
https://login.microsoftonline.com/common/oauth2/v2.0/token
- Application (client) ID:
5bb1a5a2-0d97-4335-9448-119f7b27aff9
- Redirect URI:
https://login.microsoftonline.com/common/oauth2/nativeclient
- Authentication Flow: from the drop-down,
select Authorization Code.
Additional fields are exposed.
- Authorization Endpoint:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize
-
Next to the Refresh Token field, click the
Generate... button to generate a refresh
token that will be used to integrate with Microsoft 365.
When you click the Generate... button to the
right of the Refresh Token field, a
Microsoft popup appears asking you to
Pick an account to use to log into Microsoft
Office 365.
-
Choose an Active Directory account with Cloud application
administrator role privileges and enter the password.
Tip: The
Cloud application
administrator role is required in order for the
FlexNet Beacon to retrieve a token that allows read
only access to Microsoft Graph. For more information, see
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles.
The generated refresh token can only be used to access data that
user sees and consents to during the token generation process, which
is offline read-only access to Active Directory and Reports
(directory.
read.all, reports.
read.all, and
offline_access). Offline means the FlexNet Beacon can connect and
get data from Office 365 at schedule run without user actually
signing in.
A Permissions requested dialog appears.
-
Click Consent on behalf of your organization to
accept the read only permissions that will be granted to the refresh
token.
-
Click Accept.
The Refresh Token field is now
populated.
-
At the bottom of the FlexNet Beacon interface, click
Save.
Tip: Optionally, you may wish to select your connection, and click
Execute Now, before you exit.
You may also
want to schedule data imports through this connection, for which see
Scheduling a Connection.
-
When you are done, click Exit.
After a successful data import, the users,
applications, licenses, and usage data are all visible in the appropriate pages of
IT Asset Management.
IT Asset Management (Cloud)
Current