Office 365 Adapter fails with an error when trying to capture the usage data
The new Office 365 (O365) adapter fails when trying to retrieve the usage data. The error in the Importer log will look like -
Failed to execute Reader 'Get Usage from Office 365 Exchange' from file C:\ProgramData\Flexera Software\Compliance\ImportProcedures\Inventory\Reader\microsoft 365\Usage.xml, at step line 1
Error: The remote server returned an error: (403) Forbidden.
The new O365 Adapter introduced in FNMS 2019 R1 release uses the Microsoft Graph API to collect information. Due to some changes made by Microsoft in December 2019, there are more permissions needed to capture the usage and hence, the O365 adapter will fail when trying to capture the usage data.
In order to resolve the issue, please do the following -
- For the account that is used to generate the refresh token needed for the O365 adapter, add a new roles in Azure AD - 'Reports Reader' and 'Cloud Administrator' See the screenshot for the addition of a role. -
- Generate a new refresh token and execute the adapter again
Note: both roles are required to generate the token, however we've found that once it's generated if you remove the administrator role the adapter will continue to work with just the 'reports only' role enabled.