Skip to main content
Matrix42 Self-Service Help Center

Creating the service connection for Microsoft 365 Inventory

Overview

The Microsoft 365 Inventory add-on uses the Microsoft Entra ID service. This service is needed for creating a service connection to Azure Active Directory portal.

To create a service connection, take the following steps:

  1. Configure the authentication and authorization settings for integration on Azure Active Directory portal.
  2. Create a tenant in Enterprise Service Management.
  3. Create a service connection in Enterprise Service Management.

The ESM Platform subscription is the prerequisite to using the Microsoft 365 Inventory extension as it enables the usage of service connections.

Configuring the authentication and authorization on Microsoft Azure Portal

To configure the integration settings in Microsoft Azure portal, you will need to register your Enterprise Service Management application on the portal.

Registering an application

Information about required permissions to create and manage a Registered App in Azure is available here (external link).

  1. On the Microsoft Azure Portal home page, go to the Azure services and click App registrations.
  2. On the opened page, run the New registration action.
  3. Configure your application:
  • Provide a name for the application integration.
  • Choose Supported account types.
  • Add a Redirect URI: select Web and enter Redirect URI (in the following format: https://{your_domain_name}/wm/externalAuth/redirect.html).
  1. Click Register.

Assigning permissions

Permissions of two types can be granted in Azure for data access:

  1. Delegated permissions (access on behalf of a user)
  2. Application permissions (access independent from a user)

Please make sure you understood the impact of each permission type. Specific information provided by Microsoft is available here (external link).

For all "delegated" permissions you have granted to the registered App, it is required that the user who authenticates the created Service Connection in Enterprise Service Management has the corresponding access rights in Azure.

For all "application" permissions you have granted to the registered App, the access rights of the authenticating user are not effective.

  1. After the application is created, go to the API permissions section of the new application.
  2. Use the Add a permission action to add the following permissions, selecting your preferred permission type in each case. We recommend that you choose "application" permissions.
  • Azure Service Management
    • user_impersonation (can be "delegated" type only)
  •  Microsoft Graph
    • offline_access (can be "delegated" type only)
    • openid (can be "delegated" type only)
    • User.Read.All
    • Organization.Read.All
    • Reports.Read.All
  1. Then run the Grant admin consent action.

M365PermissionsAppType.jpg

Creating a secret key

  1. Go to the Certificates & secrets section of the new application.
  2. Run the New client secret action to create a secret key.
  3. Provide the description and expiration date for the key and click Add.
  4. After a new key is displayed, copy its value immediately. Later it will be hidden.

Save the secret key value. It will be used to create a service connection in Matrix42 Enterprise Service Management.

Retrieving the client ID and tenant ID

Client ID and tenant ID of your registered application are required for creating a service connection. You can find these values in the Overview section of the registered application.

M365Client&Tenant.png

Creating a tenant

In Matrix42 Enterprise Service Management, you need to create a tenant for the service connection.

  1. Go to the Administration application and open the Integration > Service Connections > Tenants navigation item.
  2. Run the Add Tenant action. A new tenant dialog opens.
  3. Provide an appropriate name for your tenant from the Microsoft Azure portal.
  4. Select Microsoft Entra ID in the Service field.
  5. Fill in the Client IDTenant and Client Secret fields with the data from Microsoft Azure.
  6. Save the dialog.

Creating a service connection

Next, create a service connection to your company's Microsoft Azure portal.

  1. In the Administration application, go to Integration > Service Connections > Connections.
  2. Run the Add Service Connection action. A new connection dialog opens.
  3. In the Service field, select Microsoft Entra ID - Microsoft 365 Inventory (Delegated) for delegated access or Microsoft Entra ID - Microsoft Entra ID (Application) for application access.
  4. In the Tenant field, select the tenant record that you have created earlier.
  5. Click Setup authentication.
  6. Provide the credentials for your company's Microsoft Azure portal and save the dialog in case of delegated access. The application based access will be authenticated immediately.

Now you can use this service connection in the configuration of the Microsoft 365 Inventory data provider.

For more information on creating and using service connections, please refer to this article.

  • Was this article helpful?