Wiki source code of Microsoft 365
Last modified by Sabrina V. on 2025/05/15 12:38
Show last authors
| author | version | line-number | content |
|---|---|---|---|
| 1 | {{aagon.floatingbox/}} | ||
| 2 | |||
| 3 | = Register preparations for Microsoft Entra ID and enterprise application = | ||
| 4 | |||
| 5 | To use Microsoft 365, you must first navigate to the Microsoft Entra Admin Centre, register a business application, and grant the necessary permissions within that application. These steps are necessary to allow ACMP to access and import the required Microsoft 365 data. Detailed instructions on how to do this can be found [[here>>doc:ACMP.68.Unternehmensanwendung registrieren in der Microsoft Entra ID.WebHome]], along with all the permissions you will need to grant. | ||
| 6 | |||
| 7 | |||
| 8 | = Settings for Microsoft 365 = | ||
| 9 | |||
| 10 | The //Microsoft 365// section provides an overview of the portals you have saved and from which you want to import information. | ||
| 11 | |||
| 12 | == Managing Micrsoft 365 portals == | ||
| 13 | |||
| 14 | To manage the portals, in the open ACMP console, navigate to //System// > //Settings// > //Licence// //Management// > //Microsoft// //365//. The view is split into two parts. On the left, you will see the action fields where you can add ([[image:1731318667592-246.png]]), edit ([[image:1731318667592-758.png]]) or delete ([[image:1731318667592-156.png]]) the Microsoft 365 portals. At the bottom is a list of all the existing portals that you have previously created. On the right, you can see the details of the portal you selected. | ||
| 15 | |||
| 16 | [[Microsoft 365 portals overview>>image:68_M365_Hinzugefügtes Portal_1361.png||alt="67_M365_Hinzugefügtes Portal_1361.png"]] | ||
| 17 | |||
| 18 | == Add a Microsoft 365 portal == | ||
| 19 | |||
| 20 | To add a new portal, click the //Add// button ([[image:1731318849239-880.png]]) in the toolbar. A wizard will open to guide you through the next steps. First, under //General//, enter a name for the portal. Note that the portal name is used as a prefix for the imported licences and products and must be unique. Optionally, you can enter a description if you wish to provide additional information. Otherwise, click //Next >// to proceed. | ||
| 21 | |||
| 22 | [[General information when adding a Microsoft 365 portal>>image:67_M365_Wizard Allgemein_965.png]] | ||
| 23 | |||
| 24 | Now enter the Application ID (Client) and Directory ID (Client) in the fields provided. This information refers to the information provided in the Microsoft Entra ID (see Application Properties). | ||
| 25 | |||
| 26 | {{aagon.infobox}} | ||
| 27 | The Application ID (Client) is the ID of the registered application. The Directory ID (Client) indicates which client it is running under. | ||
| 28 | {{/aagon.infobox}} | ||
| 29 | |||
| 30 | Then select the type of authentication you want to use for the connection information. You can choose between //Certificate// and //Client Secret Key//. | ||
| 31 | |||
| 32 | === Certificate === | ||
| 33 | |||
| 34 | Select the //Certificate// authentication type and click the //Add// button. A new window will open where you must enter the public and private keys. To do this, click on the button [[image:1731318914156-387.png]] uand insert the appropriate key that you used earlier [[prepare the Microsoft Entra ID>>doc:||anchor="HVorbereitungenfFCrdieMicrosoftEntraID"]] Click //OK// to complete this step. | ||
| 35 | |||
| 36 | [[Adding a client certificate>>image:67_M365_Client Zertifikat hinzufügen_508.png]] | ||
| 37 | |||
| 38 | If you want to delete the certificate, click //Remove//. | ||
| 39 | |||
| 40 | === Secret client key === | ||
| 41 | |||
| 42 | To add a secret client key, you have to click on the button of the same name below the selection. A new window will open in which you have to enter the secret ID and the value of the secret client key. You also have to specify a validity period. Exit the step by clicking on //OK //and returning to the wizard. | ||
| 43 | |||
| 44 | [[Adding the secret client key>>image:67_M365_Geheimen Clientschlüssel hinzufügen_508.png]] | ||
| 45 | |||
| 46 | [[Connection information for the Microsoft 365 portal>>image:67_M365_Microsoft 365 Portal hinzufügen Verbindungsinformationen_965.png]] | ||
| 47 | |||
| 48 | Depending on the authentication type you have chosen, the corresponding fields will be filled in. In this explanation, the authentication type //Certificate// was used. | ||
| 49 | |||
| 50 | Check your connection by clicking //Test connection//. This will help you ensure that the information you have entered so far has been correctly inserted. Click //Next >// to continue with the exclusions for the import. | ||
| 51 | |||
| 52 | Here you have the option of excluding irrelevant licences from the import. The wizard page is divided into two: On the left side, you will find a list of all available licences. By enabling the checkbox below, you can display only the licences subscribed to in the portal. | ||
| 53 | |||
| 54 | Now drag all the items you want to exclude for the import to the right side ([[image:1731319034566-617.png]])). The items will be explicitly excluded for the upcoming import. You can remove excluded licences from the list by clicking the button([[image:1731319034566-751.png]]). | ||
| 55 | |||
| 56 | [[Exclusions for the import>>image:67_M365_Ausschlüsse für den Import_965.png]] | ||
| 57 | |||
| 58 | Finish the wizard by clicking //Done//. You will return to the overview page within the ACMP settings, where the new portal has been added to the list. | ||
| 59 | |||
| 60 | [[Added portal in the Microsoft 365 settings>>image:68_M365_Hinzugefügtes Portal_1361.png||alt="67_M365_Hinzugefügtes Portal_1361.png"]] | ||
| 61 | |||
| 62 | == Editing or deleting Microsoft 365 portals == | ||
| 63 | |||
| 64 | Existing Microsoft 365 portals can be edited or deleted. If you want to edit an existing portal, for example to change the authentication type or the licenses excluded from the import, click the //Edit //button ([[image:1731319340289-250.png]]). A window will open where you can customise the information that is now available. The information is divided into three tabs: //General//, //Connection Information //and //Exclusions for Import//. Change the desired information and then click //Save//. | ||
| 65 | |||
| 66 | {{aagon.infobox}} | ||
| 67 | When making any changes, follow the procedure described in the section [[Adding Microsoft 365 portals>>doc:||anchor="HMicrosoft365PortalhinzufFCgen"]] and note the information provided. | ||
| 68 | {{/aagon.infobox}} | ||
| 69 | |||
| 70 | {{aagon.infobox}} | ||
| 71 | If you subsequently exclude licences from an import, you may have to manually delete licences that have already been imported and the associated product in the licence management. | ||
| 72 | {{/aagon.infobox}} | ||
| 73 | |||
| 74 | To delete a portal, simply click the //Delete //button// //([[image:1731319500514-463.png]]) and confirm the action | ||
| 75 | |||
| 76 | {{aagon.infobox}} | ||
| 77 | After deleting the portal, already imported licenses and products remain. These must be deleted manually in License Management. | ||
| 78 | {{/aagon.infobox}} | ||
| 79 | |||
| 80 | = Licenses, products and compliance = | ||
| 81 | |||
| 82 | The execution of two [[server tasks>>doc:ACMP.68.ACMP-Solutions.System.Einstellungen.ACMP Server.WebHome||anchor="HGeplanteServeraufgaben"]] is required to import licenses and products and to calculate the status: | ||
| 83 | |||
| 84 | |**Server task**|**Description** | ||
| 85 | |1. Import Microsoft 365 licence data|The server task imports the Microsoft 365 licence and product data for License Management and creates the licences and products. | ||
| 86 | |2. Recalculation of the data for the compliance view|The compliance data is recalculated to determine the consumers and the status of the licence. | ||
| 87 | |||
| 88 | {{aagon.infobox}} | ||
| 89 | The execution interval of the Scheduled Server Tasks depends on the configured start condition. You can view the status of the server jobs using the [[Server Monitor>>doc:ACMP.68.Arbeiten mit der ACMP Console.Aufbau der Console.Ribbonleiste.Monitore.WebHome||anchor="HServermonitor"]]. | ||
| 90 | {{/aagon.infobox}} | ||
| 91 | |||
| 92 | The licences, products and required contacts are created when the data is imported. The compliance recalculation is used to calculate the status. | ||
| 93 | |||
| 94 | {{aagon.infobox}} | ||
| 95 | The new contacts can be accessed from the [[Master Data>>doc:ACMP.68.Arbeiten mit der ACMP Console.Aufbau der Console.Ribbonleiste.Stammdaten.WebHome]] (//Master Data //> //Contacts//). The contacts are required to complete the compliance calculation at the end and to record them as licence users and link them to the appropriate licences and products. | ||
| 96 | {{/aagon.infobox}} | ||
| 97 | |||
| 98 | For more detailed information on products and licences, navigate to Licence Management. | ||
| 99 | |||
| 100 | {{aagon.infobox}} | ||
| 101 | All licence and product data from the portal is read-only and cannot be edited. The Microsoft 365 portal is the leading system and cannot be changed by the administrator. | ||
| 102 | {{/aagon.infobox}} | ||
| 103 | |||
| 104 | [[Read linked product from licence>>image:68_M365_Lizenzen Verknüpfte Produkte_1831.png||alt="67_M365_Lizenzen Verknüpfte Produkte_1831.png"]] | ||
| 105 | |||
| 106 | == Products == | ||
| 107 | |||
| 108 | Products are created on initial creation in the following output directory //Microsoft 365// > //Portal name// (here: Microsoft 365 Portal). Products can be dragged and dropped into other directories as required. The product name is made up of the portal name (prefix) and the licence title. | ||
| 109 | |||
| 110 | [[Reading Microsoft 365 portal products>>image:68_M365_Produkte markiert_1280.png||alt="67_M365_Produkte markiert_1280.png"]] | ||
| 111 | |||
| 112 | {{aagon.infobox}} | ||
| 113 | There is a new automatic consumer (type: Microsoft 365) to correctly identify consumers. This is only used for Microsoft 365 imports and is not available for selection when manually creating a product | ||
| 114 | {{/aagon.infobox}} | ||
| 115 | |||
| 116 | == Manually start recalculating compliance == | ||
| 117 | |||
| 118 | The compliance recalculation runs as a server task every five hours by default, thus keeping the data comparison up to date. If you want to start a recalculation independently of this and out of sequence, you can do so via //License Management //> //Compliance //> //Recalculate //> //Recalculate Completely//. Click on the button in the ribbon bar and start the recalculation manually. The function first starts a new import of the current Microsoft 365 data. Depending on the data in the licence management, the execution of the recalculation may take some time. If there are already products in compliance, these will be updated and the associated status will be checked and customised if necessary. | ||
| 119 | |||
| 120 | == Status //Producat cannot be synchronised// == | ||
| 121 | |||
| 122 | When recalculating compliance, the status of the products and licenses is compared. If, during the import of Microsoft 365 data, it is not possible to update data for a product or license that has already been imported, this is indicated by the new status [[image:1731319766843-853.png]]// Product cannot be synchronised//. | ||
| 123 | |||
| 124 | [[Licence status 'Product cannot be synchronised'>>image:67_M365_Lizenzstatus.png]] | ||
| 125 | |||
| 126 | There can be three reasons for this status: | ||
| 127 | |||
| 128 | |**Reason**|**Description**|**Solution** | ||
| 129 | |The product and/or license no longer exists in the Microsoft 365 portal. |The product and/or license has been deleted from the Microsoft 365 portal, which is why there is no connection between the ACMP Server and the product/license.|The products and/or licenses can be deleted from ACMP. Select the corresponding items and remove them by clicking on //Delete //in the ribbon bar. | ||
| 130 | |The license was defined retrospectively for the exclusion.|A license was subsequently excluded from import because changes were made to an existing portal.|((( | ||
| 131 | If you no longer require the newly added licence exclusion on the portal, you must delete the imported license and the products. | ||
| 132 | |||
| 133 | If the newly added exclusion was the result of a misconfiguration when editing the portal, you can edit the portal again and remove the exclusion. The next time the Microsoft 365 import is executed, the data will be updated again automatically. After recalculating compliance, the status will now be displayed correctly. | ||
| 134 | ))) | ||
| 135 | |The portal has been deleted.|The complete portal has been deleted from the settings and no longer exists.|If you have deleted the portal in the ACMP settings, you must manually delete the already imported products and licenses from the License Management. | ||
| 136 | |||
| 137 | {{aagon.infobox}} | ||
| 138 | You can find out more about the different statuses of the licenses [[here>>doc:ACMP.68.ACMP-Solutions.Lizenzmanagement.Compliance.WebHome||anchor="HStatusderLizenzen"]]. | ||
| 139 | {{/aagon.infobox}} | ||
| 140 | |||
| 141 | = Error messages when accessing the Microsoft 365 GraphAPI = | ||
| 142 | |||
| 143 | An access token is required to access the Microsoft 365 GraphAPI. This token is generated by the scheduled server task when importing Microsoft 365 data for each configured portal. If there are problems generating the token, this will be displayed as an error message in the log. You can find the corresponding entry in the [[Server Monitor>>doc:ACMP.68.Arbeiten mit der ACMP Console.Aufbau der Console.Ribbonleiste.Monitore.WebHome||anchor="HServermonitor"]]. | ||
| 144 | |||
| 145 | Generally, there are two basic errors that can occur: | ||
| 146 | |||
| 147 | 1. An error reported by the GraphAPI was generated by the corresponding web server. | ||
| 148 | 1. An error occurred during the connection from the ACMP Server to the GraphAPI or during the evaluation of the GraphAPI response. | ||
| 149 | |||
| 150 | The following are some detailed error messages that may appear on your system: | ||
| 151 | |||
| 152 | |||
| 153 | |((( | ||
| 154 | **Error message** | ||
| 155 | )))|((( | ||
| 156 | **Error log** | ||
| 157 | ))) | ||
| 158 | |((( | ||
| 159 | Die GraphAPI meldet einen Fehler und eine Fehlerbeschreibung. | ||
| 160 | )))|((( | ||
| 161 | The ACMP Server could reach the Microsoft GraphAPI and received an error. | ||
| 162 | |||
| 163 | The error descriptions come from Microsoft and indicate the type of error reported by the Microsoft GraphAPI. | ||
| 164 | ))) | ||
| 165 | |((( | ||
| 166 | „Could not connect to GraphAPI server.“ | ||
| 167 | )))|((( | ||
| 168 | The ACMP Server could not establish a connection to the Microsoft GraphAPI. | ||
| 169 | |||
| 170 | **Solution**: Check if you have released the [[necessary URLs>>doc:ACMP.68.ACMP installieren.Checkliste zur Installation.WebHome||anchor="HErforderlicheURLs"]] for your environment. | ||
| 171 | ))) | ||
| 172 | |((( | ||
| 173 | „GraphAPI webcall returned success but information could not be deserialized.“ | ||
| 174 | )))|((( | ||
| 175 | The ACMP Server was able to establish a connection and the remote station reported a success (HTTP status 200), but the delivered response could not be successfully evaluated. It is possible that the format is different than expected. | ||
| 176 | |||
| 177 | A possible source of error is when a system retains information in the cache and returns it as a response. For example, check your proxy settings to see if the ACMP Server has stored the correct configurations to resolve the URL. If you have excluded this, please contact our Support. | ||
| 178 | ))) | ||
| 179 | |((( | ||
| 180 | „GraphAPI webcall returned failure but error information could not be deserialized.“ | ||
| 181 | )))|((( | ||
| 182 | The ACMP Server was able to establish a connection successfully, but the remote station reports an error. The response could not be evaluated | ||
| 183 | |||
| 184 | **Solution**: Check if the [[firewall/proxy settings>>doc:ACMP.68.ACMP installieren.Checkliste zur Installation.WebHome||anchor="HErforderlicheURLs"]] are configured correctly or whether you have something else in the network that is intercepting or blocking the communication.. If this has been excluded by you, please contact our Support. | ||
| 185 | ))) | ||
| 186 | |((( | ||
| 187 | „Thumbprint from public key could not be read.“ | ||
| 188 | )))|((( | ||
| 189 | This error only occurs if you have used the certificate as the authentication method. | ||
| 190 | |||
| 191 | In this case, the ACMP Server tries to generate a JSON Web Token for the GraphAPI. The fingerprint of the certificate's public key must be noted. An error occurred when reading this value. | ||
| 192 | |||
| 193 | **Solution**: When the error occurs, reinstall the certificate. | ||
| 194 | ))) | ||
| 195 | |((( | ||
| 196 | „JSON Web Token generation for authentication with GraphAPI failed.“ | ||
| 197 | )))|((( | ||
| 198 | This error only occurs if you have used the certificate as the authentication method. | ||
| 199 | |||
| 200 | The ACMP Server tries to sign a JSON Web Token for the GraphAPI with the certificate's private key. An error occurs. | ||
| 201 | |||
| 202 | **Solution**: This may be an expired certificate. Either create a new certificate or re-import the certificate when the error occurs. | ||
| 203 | ))) |