Microsoft Office 365 connector

TeamViewer DEX Platform 26.3 Red x | 1E Platform 23.11 Green checkmark | 1E Platform on-premises 9.x Green checkmark

The Microsoft Office 365 connector connects to an Office 365 application in InTune and pulls inventory and usage data.

The configuration procedure described below assumes that you have an InTune and Microsoft Office 365 subscription and can populate the connector with details from an Enterprise Application in your Microsoft Entra ID Console.

Prerequisites

Before adding this connector, you will need the following information from an Enterprise Application created in your AAD console:

  • An Azure cloud instance URL (optional). If this is not supplied, then AzurePublic is used as a default.

  • An Azure Tenant ID, which is available in the Overview node of your AAD console.

  • The registered application clientID (a string representing a GUID).

  • A client secret value that has been created for your chosen Enterprise Application.

  • Single sign-on-enabled service account with global reader permissions for running PowerShell cmdlets.

Enabling PowerShell to connect to Azure using MSOL

On the 1E server where the Microsoft Office 365 connector will be executed, PowerShell needs to connect to Azure using MSOL, which requires the following two modules installed:

  • Install-Module -Name Microsoft.Graph

  • Install-Module -Name MsOnline

You may see one of the following warnings when installing a module:

  • WARNING: Unable to download from URI 'https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409' to ''.

  • WARNING: Unable to download the list of available providers. Check your internet connection

If you see one of these warnings, run the following command first:

Copy 
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Preparing an AAD application

  1. In your Microsoft Entra ID console, navigate to Enterprise applications and click New application.

  2. Create a non-gallery application.

    In the version of AAD we're using in this example, this is done by clicking the Create your own application button.

  1. Provide a name for the application, for example, 1E O365 Connector. In this example, we select the Integrate any other application you don't find in the gallery (Non-gallery) option.

  2. Click Create in the bottom left of the screen.

  3. In the Overview tab of the new application, copy the Application ID value as this will be required for the connector.

    In 1E, the Application ID is called Tenant Id.

Adding app permissions

  1. Click the App registrations node of AAD, and click the name of the new application under the All Applications tab.

  2. In the Manage > API permissions node, click Add a permission.

  3. Click the Microsoft Graph tile, then click Application permissions.

  1. Scroll through the list of API permissions, and select them as appropriate using the following guide, then click Add permissions.

    Group

    Permission

    Device

    Read.All

    DeviceManagementApps

    Read.All

    DeviceManagementManagedDevices

    Read.All

    Reports

    Read.All

    User

    Read.All

  2. Click Grant admin consent for <organization>, where <organization> is the organization you set when you created your Intune instance. This means that as an administrator for your organization, you're consenting that the users of the application can use these permissions. Click Yes to confirm.

    The configured permissions should look like this:

Adding a client secret

  1. Click the Certificates & secrets node and then click New client secret.

  2. In the Add a client secret form that opens, add a description, select an expiry, and then click Add.

  1. Copy the new client secret value and save it, as you won't be able to retrieve it after you perform another operation or leave this page.

    If you navigate away from the Certificates & secrets page and have not copied the secret value, you will have to delete the client secret and recreate it as you will be unable to copy it again.

Adding a user with the necessary permissions to run the PowerShell scripts

An AAD user with Reports reader permissions must be made available in your organization's blade. The credentials for this user will be set in the Microsoft Office 365 connector when it is created in 1E.

Adding the connector

  1. Navigate to Settings > Configuration > Connectors.

  2. Click Add.

  1. In the Add Connector pop-up window, select Microsoft Office 365 as the connector type.

  2. In Connector name, enter a logical name for this connector.

    Use a naming convention for connector names, for example, <connector type> <scope> <RCR>. Scope describes where data is coming from or what it's being used for, for example, Demo, Test, Lab, Q2 Audit. Include RCR in the name if the Run Consolidation Reports option is available and you have enabled it.

  1. In Azure Cloud Instance, enter the URL for your Intune implementation. If you leave this field blank, AzurePublic is used as a default. For information on Azure Cloud Instance, refer to this Microsoft article.

  2. In Tenant Id, enter your Azure tenant ID, available in the Overview node of your AAD console.

  3. In Client Id, enter your registered application clientID.

  4. In Client Secret, enter the specific client secret value that you created for your Enterprise Application. Refer to Adding a client secret.

  1. In Login Email, enter the email address of the user with the appropriate permissions.

  2. In Password, enter the password associated with the login email.

  3. Click Add.

    For information on how to test or delete a connector, and how to sync data into a repository, refer to Connectors page.

    To see the software items from your AAD environment in the Inventory application, navigate to Inventory Insights > Software Inventory > Product Usage.