A Microsoft 365 integration enables you to connect your client's apps, services, and data. This article walks you through the essential steps of configuring a Single-tenant Microsoft 365 integration, from ensuring you have the proper prerequisites and licenses to verifying connectivity and syncing user data.
| Note: This article captures third-party steps and/or an interface that may have since been updated. |
| Note: A configured Azure application is required to grant Lifecycle Manager access to your information to integrate Microsoft 365 with Lifecycle Manager. |
|
Who can use this feature?
|
|
What you'll need:
|
Creating multiple instances
Lifecycle Manager supports setting up multiple instances of the Microsoft 365 single-tenant integration directly through your account, without contacting Support for manual activation. Multiple single-tenant integrations allow you to maintain clear boundaries and proper data governance across client environments.
This separation allows you to:
- Enforce Data Isolation: Keep each client’s data and configurations separate, aiding security and compliance.
- Customize Access: Use unique Azure credentials and permissions for each tenant, enabling tailored integration settings per client.
- Granular Management: Align each tenant’s integration with different policy or licensing needs (e.g., one client might use specific Intune configurations, while another has different requirements).
Integration steps in Microsoft Azure
Creating the Lifecycle Manager application
We recommend creating a dedicated application that Lifecycle Manager uses to access device and software information.
- Sign in to Microsoft Azure as a Global Administrator.
- From the Azure Active Directory in the Azure Portal, navigate to Azure Active Directory App registrations.
- Click the +New Registration button
- Enter a user-facing display name for the new application registration (for example, Lifecycle Manager Microsoft 365 single tenant Integration).
- Under Supported account types, check Accounts in this organizational directory only (product only - Single tenant) is selected. Leave the rest of the default settings as is.
- Click Register to create the application.
- Note the Application (client) ID and the Directory (tenant) ID under the newly created application.
When adding the Microsoft 365 integration to Lifecycle Manager, you must add the Azure (Directory) tenant ID, Azure application (client) ID, and the Azure client secret value to the Microsoft 365 single tenant add integration page.
Configuring Lifecycle Manager application permissions
Users/admins must grant permissions to applications before they can call APIs. For full functionality, the following permissions are required:
- Microsoft Graph
- AuditLog.Read.All
- DeviceManagementApps.Read.All
- DeviceManagementManagedDevices.Read.All
- Organization.Read.All
- Reports.Read.All
- User.Read.All - The User.Read.All permission is necessary to retrieve user data.
- ReportSettings.ReadWrite.All
- SecurityEvents.Read.All
- Within the created application, navigate to the API permissions section.
- Click the Add a permission button.
- In the Request API permissions screen, select Microsoft Graph and then choose Application permissions.
-
In the Select permissions section, expand the categories listed below and select the documented API permissions.
- In the AuditLog module, select AuditLog.Read.All
- In the DeviceManagementApps module, select DeviceManagementApps.Read.All
- In the DeviceManagementManagedDevices module, select DeviceManagementManagedDevices.Read.All
- In the Directory module, select Directory.Read.All
- In the Organization module, select Organization.Read.All
- In the ReportSettings module, select ReportSettings.ReadWrite.All
- In the Reports module, select Reports.Read.All
- In the User module, select User.Read.All
-
In the SecurityEvents module, select SecurityEvents.Read.All
- Once all permissions are selected, click Add permissions.
- After selecting Add permissions, you must add administrator consent for each permission name. This is done by selecting Grant admin consent.
- After selecting Add permissions, you must add administrator consent for each permission name. This is done by selecting Grant admin consent.
Granting Lifecycle Manager application access
Client secrets, also known as application passwords, are secret strings the application uses to prove its identity when it requests a token.
- Within the created application, navigate to the Certificates & secrets section.
- In the Client secrets section, click the New client secret button.
- Add a description for the client secret. After entering a description, we recommend leaving the default expiry settings to 6 months.
- Click the Add button.
- Take note of the Client secret Value, as this value is required when adding the integration to Lifecycle Manager.
- Important: Keep the Client secret Value in a secure location. Once you navigate away, it is not recoverable.
Why 6 months for expiry? - We recommend 6 months because it strikes a balance between security and convenience. Microsoft’s guidelines simply require that the secret not be indefinite. Before a client secret expires, a new one can be created and saved in the existing integration with no downtime.
Authentication steps
Azure portal authentication
- Within the created application, navigate to the Authentication section on the left side of the Azure app management page.
- Under Platform configurations, unless Web is already present, click Add a platform and choose Web.
- If adding a new platform, enter https://app.scalepad.com/account/integration/oauth as the redirect URI, then click Configure.
- If the Web platform was already there, click Add URI and enter https://app.scalepad.com/account/integration/oauth, then click Save.
- Under Supported account types, check Accounts in this organizational directory only (product only - Single tenant) is selected.
Adding credentials to Lifecycle Manager
-
Within Lifecycle Manager, navigate to the Microsoft 365 single tenant add integration page and fill in the following information gathered previously:
- Azure tenant ID
- Azure application (client) ID
- Azure client secret
-
Click Connect now.
- After the page has been saved, click Authorize, which will open a popup to a Microsoft authorization page to run through.
When you click Connect now, Lifecycle Manager will be set up to receive M365 data.
It will take 24-48 hours for Microsoft 365 data to populate in Lifecycle Manager after a successful integration.
If data is not populating under Assets > Microsoft 365 after 48 hours have elapsed, please contact our Support team.
| 🎙️ Interested in attending a live Q&A session with our Product Adoption team? Sign up to attend Lifecycle Manager Office Hours and get real-time answers to your questions. |
| Any questions? Reach out to our Lifecycle Manager support team by submitting a support ticket. |