The Flexera Community is currently in maintenance mode to prepare for the upcoming launch of the new community. Click here for more information.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

M365 SaaS Module Account Config

The Flexera documentation for M365 SaaS manager connectivity states that the account requires the user role Application Administrator.  As this is a privileged role, Microsofts' best practice says it should be used with MFA which is obviously not feasible given how the account is used.  It's been suggested that we investigate using Entra App registration (Service Principal) instead of the service account.  I've checked documentation and can't see any information on Entra. Is anyone able to advise if this is possible or if there alternative ways to ensure that the access given is secure?

(2) Replies

@AndyTyson If there are any issues with the M365 authorization flow due to MFA and would prefer to use other variants of M365 such as Microsoft 365 client credentials or Certificate Based Authentication. as neither is impacted by Entra MFA. Please let me know if you have any further questions. Thank you!

We created an app registration in Entra ID. It was super easy and then we created the integration in SaaS Manager. The instructions to complete the integration are available in the documentation including the minimum required roles. I don't recall it explaining exactly how to create the app registration, but your Entra ID Admin should be able to help you with that part.