cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Hi,

Has anyone been experiencing issues connecting to O365 lately? My one customer keeps getting Inventory gathering failed. Error: The remote server returned an error: (403) Forbidden. I regenerated the token but keep getting a 403. I test the connection and it is showing success. Anyone else experiencing the same?

(1) Solution
The adapter must be granted permissions to access the Microsoft data. The application requires read only access to this data.
The change that Microsoft has announced requires that the individual account granting our adapter the read only access must now have an elevated privilege.
This does not impact the application's read only permissions. We don't store the grantor's credentials either. 
Customers should follow Microsoft's guidance on the elevated privilege for the grantor and obtain a new refresh token from the elevated account for the adapter to continue functioning.  
 

View solution in original post

(32) Replies

Hi Erick,
Can you try working with the Azure admin and have the 'Reports Reader' role added for the O365 user you are using to generate the token? It should look like the following. In my test, adding this extra role allowed the O365 adapter to capture the usage information successfully.

Alpesh_0-1578098817202.png



Please let me know what is the behavior you see after adding this extra role.
Thanks,
Alpesh

This resolved our issue.
Erick Hacking, CSAM, CHAMP
IT Software Asset Manager, Lead Sr.
Thank you for circling back, EHacking!
If you appreciate my efforts, please give me a kudo
Accept as solution to help others find it faster.

Thanks Erick for letting us know. We will be publishing a KB article documenting this solution for the benefit of our customers.

 

I still have issues with Import. I have a cloud customer who has this issue.

Early January I had elevated my privileges to 'Cloud App Admin' temporarily and got the token created and import worked well until privilege's were downgraded.

Later I discovered we have to have 'reports reader' additionally, so went ahead to order as dedicated service account that has both 'Cloud App Admin' and 'Reports Reader'. But import doesn't work yet. Most times I get 403 and occasionally I get 502 in terms of error.  Any help is appreciated. Thanks in advance!

 

For the Microsoft 365 connector, the Cloud Application Administrator and Reports Reader roles are required in order for the FlexNet Beacon to retrieve a token that allows read only access to Microsoft Graph.
 
Check the account and verify. If, in fact, you do have these and have a problem, please open a support ticket so we can address this. 
I have a case open for this subject already. Came here in search of some clues that will help me.

Hi Savin,

The additional role (Reports Reader) is required due to a change made by Microsoft. More details can be found in the earlier message in this thread -- https://community.flexera.com/t5/FlexNet-Manager-Forum/O365-errors/m-p/127784/highlight/true#M4148.

Please try with these two roles and see what you find. 

Thanks!

Hi Alpesh,
I have gotten Reports Reader and Cloud Admin both to a service account, but still have issues during import. It gives me 403 Forbidden error yet.
From which region of the world are you connecting from, europe?
In case of europe have you proxy openings towards these URLs since 403 usually is firewall related
https://reports.office.com
https://reportsweu.office.com
GraphAPI do redirects to these

Firstly, thanks for these insights.
The beacon server am using is based out of Australia(APAC).