Securing Microsoft 365 Service Provider Access
The Microsoft 365 Settings screen configures the Service Provider access to the customer's Microsoft 365 platform. Access is required by the Service Provider for initial onboarding and for Day Two management. Access is secured using token-based authentication. The token is generated upon customer consent to access their Microsoft 365 platform. In Day One Onboarding, customers are onboarded either by providing by Application Registration or by Token authentication triggered by an email link sent to the Customer administrator (see Secure Connection with Customer M365 Tenant Platform).
The following authentication methods can be used:
| ■ | Token-only: Using this option, the connection is secured using only Token-based authentication (see Switching to Token Authentication). This is the recommended method. |
Server-side GetCsOnlineUser filters can be configured in the UMP-365 database to enhance database performance. For example, a global corporation has 50,000 worldwide users and a filter is configured to only retrieve users in the Italy office e.g. 5000 users. See Get-CsOnlineUser (Microsoft Teams PowerShell).
| ■ | Application Registration: Using this option, the connection is secured using Application Registration credentials (Application Client ID and client secret). See Switching to App Registration |
| ➢ | To configure Microsoft 365 settings: |
| 1. | In the Service portal Navigation pane, select Configuration > M365 Configuration. |
| ● | If you added the customer using Admin Username and password, the following screen appears: |
| ● | If you added the customer using Token only, the following screen appears: |
| 2. | Configuration the Microsoft 365 credentials as described in the table below. |
Microsoft 365 Settings
|
Parameter |
Description |
|---|---|
|
Username |
M365 Global Admin or Service account username used to establish the Token connection. |
|
Password |
M365 Global Admin or Service account password used to establish the Token connection. |
|
Validate Authentication |
Validates the Global Admin or Service account credentials used to establish the M365 Token connection. |
|
Send Invitation |
Sends invitation including link to Token Invitation wizard to the email account of the Global Admin or Service account. |
|
Refresh Token Now |
Opens the Token Invitation wizard for generating a new token (see Secure Token Connection). |
|
Save Microsoft 365 settings |
Saves the settings updated in this screen. |
|
Switch to auth token |
Enables customer authentication by sending link to Global Admin or Service account for authentication (see Switching to Token Authentication). |
|
Grant Consent |
Enables customer to automatically grant consent to Service Provider administrator. For using this feature, Ensure that the Client Id of the Token Authentication Registration is configured in the Authentication Status screen (see Authentication Status). |
|
QOE Integration with Microsoft Teams (the details below are retrieved from the App Registration for the Microsoft Teams Notifications Service) which is setup by Live Platform Professional Services. |
|
|
Azure Application ID |
The username for connecting to the Microsoft Teams Notification Service. |
|
Azure Application password |
Application password for connecting to the Microsoft Teams Notification Service. |
|
Save QOE Integration Settings |
Saves the QOE settings above. |