Upgrading M365 Connection to Delegated Token Authentication

Customers upgrading who consented to the Service Provider for securing access to their Microsoft 365 platform with provided username and password, must now secure this connection using Microsoft Graph Token-based authentication as a result of enhanced Microsoft security policies.

The Token-based authentication can be secured using the following methods:

■

Password-based authentication and Token authentication: A Microsoft Graph access token is claimed based on the configured user name and password. For implementing this option, select the Grant Consent option in the Microsoft 365 Settings screen (see procedure below).

■

Token-only authentication: A Microsoft Graph access token is claimed directly, triggered by an email link sent to the customer. For implementing this option, select the Switch to auth token option in the Microsoft 365 Settings screen (see Switching to Token Authentication). This is the recommended the method.

Once consent is provided, an Enterprise application is created on the customer Azure tenant including the following permissions:

■

Access Microsoft Teams and Skype for Business as the signed in user

■

Read and write all groups

■

Access directory as the signed-in user

■

Read all users' full profiles

■

Read and write to all app catalogs

■

Maintain access to data you have given it access to

➢

To secure Token-based connection with Grant Consent:

1.

In the Service portal Navigation pane, select Configuration > M365 Configuration.

2.

Click Grant Consent.

3.

Enter customer IT Administrator credentials with "Global" Admin permissions.

a.

Click "Consent on behalf of your organization" and then click Accept.

Once the process has completed successfully, the following confirmation is displayed: