cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Microsoft 365 - Azure User Account Roles / Token Generation - Interaction_required error

We have tried to integrate the Microsoft 0365 adapter and when refreshing the token we receive the attached error. The customer are not  willing to provide GA roles nor Cloud Admin Roles.  2FA is not enabled as well as per the attached doc on permissions.

Can you please advise what roles and permissions are exactly required for this to work.

(3) Replies
ChrisG
By Community Manager Community Manager
Community Manager

The rights and other requirements for connecting to Microsoft 365 can be found in the Managing Microsoft Office 365 Licenses chapter of the FlexNet Manager Suite Inventory Adapters and Connectors Reference. This gives the following guidance (but do check the document for a more complete and comprehensive information):

[The generated token requires] offline read-only access to Active Directory and Reports (directory.read.all, reports.read.all, and offline_access). Offline means the FlexNet Beacon can connect and get data from Office 365 at schedule run without user actually signing in.
(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)
@ChrisG - We have done the following or should i say the Azure Team: In the provided doc (Adapters Guide) they say: Page 222-224 has been completed previously. Page 223 Point 13 it doesn’t mention that it asks for an Azure account? As per the 1st attachment here the account has the Application Admin Role (see Pic 1 and 2) It complained that the service account did not have access and they have been through the doc and granted admin consent for all that it requires for AD and MS Graphs. (See pic 3 and 4 attached)
After doing the above it still does not work.