This update only applies to partners who set up Microsoft access to CloudRadial prior to January 17, 2022.
To update your Office 365 permissions to take advantage of Microsoft's updated API, please review the following steps for delegated access or direct access.
Delegated Access
If you set up your Office 365 connection using the "Microsoft Partner" option under Partner Settings, you have two options. Rerunning the PowerShell script is the preferred method.
- Rerun the PowerShell script and make sure that the options "ServiceHealth.Read.All" and "ServiceMessage.Read.All" are included in the $permissionsList variable near the top of the script.
- Go to your Azure Active Directory admin center:
https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade - Add the Microsoft Graph application permission to your CloudRadial Partner Application found under App Registrations.
Direct Access
If you made a connection to Office 365 using the options under a client's Account Settings tab, you will need to click the "Connect Office 365" button and accept the new settings. Be sure you log in as a global administrator in the affected account. Do not connect to 365 as a global administrator in your own/partner tenant.
Comments
12 comments
Jeff - a couple comments:
The CallRecords permission is not required as of now. I think this is leftover from an internal test. I'll update the screenshot. Unfortunately, as we add more features and in order to stay the least permissive, adding rights may be a regular issue as we add more features or as Microsoft reworks their existing interface. For example, there is now a Domain.Read.All permission we can use to replace the more permissive Domain.ReadWrite.All. The PowerShell script will include this change as well next week.
I don't mind making changes to the partner app, actually it is one of the easiest things I have done all week. The only thing I would suggest is having a way to check into the status of permission health, is that something we can get as a feature? (or is it already there and I didn't know about it)
We are using a really cool app called CIPP for multi-tenant 365 management and it has a handy permission checker, adding a screengrab for that below.
That is pretty cool. The goal is to check permissions and flag problems in the Partner Advisories, but we don't have that up yet.
You guys should really look at CIPP and the MSPGeek organization. So much integration :D
I do see the user logins app in the AAD Enterprise apps, but not in Azure App registrations. I think if you did a Direct Access this is how it shows up, and you cannot modify the permissions via the AAD Portal.
also, do you have a link to the powershell script or the KB article there?
The correct PowerShell script is now available under Partner Settings - Microsoft Partner under the PowerShell tab. You just rerun the original setup script for Microsoft integration. To reconnect, companies set up directly just go to Account - Settings (client-side) and just reconnect the Admin application. It prompts for the updated permissions.
Thanks for making this an easy process! Could you make the screenshot clickable so we could see it clearer? My eyes ain't what they used to be.
I get the following error when running the script:
I'm sorry but this is not working.
hi Dave,
Open the ps1 in Notepad, and then re-save it via Save As, and change the encoding to UTF-8 w/ BOM
I don't know why, but that fixed it for me.
Downloading and running the file always seems to have issues. Following the steps here and running through ISE always seems to work:
https://support.cloudradial.com/hc/en-us/articles/360031039112-Setting-up-Microsoft-Partner-Access
Don't have a click and zoom in Zendesk so simply right-click the image open in a new tab and it appears full size.
Article is closed for comments.