Introduction
This article details steps to address common issues where Microsoft 365 data fails to sync or display accurately within Lifecycle Manager.
| This article captures third-party steps and/or an interface that may have since been updated. |
Prerequisites (required)
Configure the integration
|
Validate Setup
|
Entra ID
Microsoft Partner Center
|
Expected Integration Behaviour
| Note: You may be missing data due to expected behaviour detailed below. |
|
Overview Lifecycle Manager uses Microsoft Granular Delegated Admin Privileges (GDAP) to retrieve user, licensing, and MFA data from your client’s MS365 tenants. This data populates the SaaS page, enriches contact records, and provides deeper visibility into each client’s MS365 usage, compliance, and security posture. |
|
Tenant-to-client matching Once a match is made, Lifecycle Manager retrieves and maps MS365 users for that client. Please note that our integration won’t create Clients based on Tenants to prevent polluting your client list. |
|
User & Contact mapping Within each matched client/tenant pair, Lifecycle Manager uses email-based matching to tie Microsoft 365 users to contacts. If a Microsoft 365 user’s primary email matches an existing Lifecycle Manager contact, that contact is updated; if no match exists, a new user record is created. First and last names are ignored during matching to avoid duplicate records caused by naming differences across systems. |
|
Data is pulled for each user For users that successfully map, Lifecycle Manager retrieves core identity details (including primary email and basic profile data), assigned MS365 licenses, MFA-related information (contingent on your customers' Entra Level). This data is grouped into the SaaS records page, giving you a consolidated picture of MS365 access and licensing at the user level. |
|
Sync Timing The Lifecycle Manager MS365 sync currently takes 24-48hrs for data to appear following a successful sync. |
Troubleshooting
| Use this troubleshooting workflow if you understand how the integration should be working, it shows as connected or “Synced”, and you’re still missing SaaS data for all clients, or for specific tenants. |
Finding the sync errors spreadsheet
Navigate to the Issues page: https://app.scalepad.com/account/integrations/issues
Scroll down to the "Sync had issues" section > Click "Download Sync
Warnings Spreadsheet" button
Key points when reading the file:
Each row represents a tenant or sync attempt.
The integration name column tells you which integration the row belongs to.
The last column contains a human‑readable description of the problem (for example,
missing permissions or GDAP access).
| Tip: Filter the integration name column to your M365 integration so you only see errors related to this integration. |
Common Errors
The sections below outline the most common Microsoft 365 multi-tenant sync issues you'll see
in the Integration issues page and sync warnings file, and how to resolve them.
|
After resolving any of these issues, always allow up to 48 hours for MS365 SaaS data to appear in Lifecycle Manager before assuming the integration is still failing. |
1. Missing Microsoft Graph or Partner Center permissions
One or more required Microsoft Graph delegated permissions (for example, ReportSettings.ReadWrite.All) or the Microsoft Partner Center user_impersonation permission are missing, or admin consent has not been granted on the app registration.
Typical error messages (found in Warnings Spreadsheet):
This tenant has not granted sufficient permissions. Missing permission: ReportSettings.ReadWrite.All.
-
Scope = Global
Unable to update the 'display concealed user names' report setting automatically, user data may not be accurate until this setting is changed.
This tenant has not granted sufficient permissions. Missing permission: '{permission name}'.
Resolution Steps
In Microsoft Entra ID, ensure your using a dedicated service account that has Global Administrator.
Ensure the role is directly assigned and not using PIM by visually checking Microsoft Azure > search for “Users” > find you service account > Click “Assigned Roles” in the side bar.
In Lifecycle Manager, open the Microsoft 365 multi-tenant integration and click Authorize again using a Global Administrator permissions.
Wait up to 24–48 hours for permission changes to propagate and the SaaS data sync to complete, then re-check the SaaS page and the sync warnings file.
| The permissions can be downgraded to Application Administrator or Cloud Application Administrator at a later time after the data comes in. |
2. GDAP relationship or admin role issues
|
For that tenant:
|
Error message 1 (found in Warnings Spreadsheet):
{TenantID} {TenantName} has no GDAP relationship, the relationship is missing the
required roles, or the roles have not propagated. Consent can be granted manually at
https://login.microsoftonline.com/%7Bid%7D/adminconsent?client_id=%7BID%7D
Resolution Steps
Login as the GA of your client's tenant and interact and authorize with the
consent URL from the Warnings Spreadsheet (above)After GDAP changes are complete, return to Lifecycle Manager, click Authorize on the
integration, and wait for the next sync window (up to 48 hours) before re-checking the
SaaS page and warnings file.
| If you run into issues following these steps, proceed to the Resolution Steps for Error message 2 below. |
Error message 2 (found in Warnings Spreadsheet):
Unable to update our service principal for {TenantID} ({TenantName}). Verify the
GDAP relationship with this tenant has the correct roles or create a new
relationship to ensure the roles get propagated.
Resolution Steps
In Microsoft Partner Center, go to Customers, select the affected customer, and open
Admin relationships to confirm an active GDAP relationship exists.
https://partner.microsoft.com/dashboard/v2/customers/list > Admin Relationships-
Identify the security group bound to that GDAP relationship that includes one of:
Application Administrator, or
Cloud Application Administrator, or
Global Administrator.
-
In Microsoft Entra ID → Groups, open the AdminAgent group and check Members:
Add the dedicated service account used to authorize Lifecycle Manager (if it is
not already present).
If no suitable GDAP relationship exists, request a new GDAP relationship for that tenant
that includes Application Administrator or Cloud Application Administrator, then add your
GDAP Lifecycle Manager group to that security group.After GDAP changes are complete, return to Lifecycle Manager, click Authorize on the
integration, and wait for the next sync window (up to 48 hours) before re-checking the
SaaS page and warnings file.
| If you continue to get this error, there are likely problems with permission propagation on the MS side. To resolve, you’ll need to recreate your GDAP relationship for the customer tenant to re-issue the Application Administrator or Cloud Application Administrator role. Your MS365 admin should be able to complete this, but please email us at support@scalepad.com if you need additional help. |
3. Nothing in “Sync Warnings” spreadsheet but still missing SaaS records
Symptoms
Integration status is green or shows Synced, but you’ve waited 48 hours and the SaaS page still has 0 records or is missing specific customers.
Sync logs or internal notes indicate that the sync finished “too quickly” (for example, in a
few seconds) with zero assets.There are no relevant errors in the “Sync Warnings” spreadsheet
| Likely cause: client name mismatch between Microsoft 365 and Lifecycle Manager. If the Microsoft tenant name does not exactly match any Lifecycle Manager client name, no users are synced for that tenant. |
Resolution Steps
In the Microsoft 365 / Entra admin center under “Tenant properties”, find the
tenant/organization name for the affected customer.In Lifecycle Manager, open the client you expect to receive data for and compare the
client name.Rename the Microsoft 365 tenant so they match completely
Trigger a resync (or wait for the next scheduled sync) and re-check the SaaS page. If
data still does not appear 48 hours following a successful sync and there are no warnings for that tenant, contact support@scalepad.com with the responsible client and tenant, with screenshots of the names matching across systems.
4. “An unexpected error occurred. Please try again in a few minutes…”
Typical context
Appears in the integration UI while attempting to Authorize or Save and sync now.
May appear alongside permission‑related rows in the Integration issues page.
Resolution Steps
Confirm you are not using Privileged Identity Management (PIM) or time‑bound admin roles for the service account when authorizing. PIM can cause intermittent permission and sync failures even if the UI initially shows success.
Use a dedicated service account with a permanent admin role during setup (Global Administrator initially, then reduced to Application Administrator or Cloud Application Administrator after the first full sync).
Ensure the service account is a member of both AdminAgents and your GDAP Lifecycle Manager security group so it can reach Partner Center and all downstream tenants.
Re-run the Authorize flow in Lifecycle Manager using that account and verify the prompt completes without error.
-
If the error persists after confirming permissions and GDAP, download the latest sync warnings CSV and contact support@scalepad.com with:
The CSV file
The approximate time of your last authorization attempt
One or two example tenants that are missing data.
| Any questions? Reach out to our Lifecycle Manager support team by submitting a support ticket. |
Related to