Integrate Office 365 templates with Microsoft Graph

You can configure the following Office 365 templates to work with Microsoft Graph, a product that offers a single REST API endpoint where SAM can access data for Office 365 services such as OneDrive, SharePoint, and Skype.

To learn more about Graph, see:

All Microsoft links in this topic are © 2019 Microsoft Corp., available at https://docs.microsoft.com, obtained on May 8, 2019.

Requirements

  • PSMSGraph PowerShell module for the Microsoft Graph API is installed and configured on the Orion server.
  • Collect the following values in the Microsoft Azure Portal for use in arguments for Office 365 component monitors.
  • Reports.Read.All-level rights for Delegated Permissions and Application Permissions in Microsoft Graph.

Set up the PSMSGraph module on the Orion server

To install and configure the PSMSGraph module on the Orion server:

  1. Install PSMSGraph by following steps from either of these websites:
  2. Verify the module is installed correctly.
    1. In the PowerShell console, type: Get-Module -ListAvailable -Name "psmsgraph"
    2. Compare the output to the following screenshot; it should be similar.

Register the app

To provide SAM and the PSMSGraph module with read access to Azure data, you'll need to register an Azure Active Directory (AD) app in the Azure portal.

When you create the app, use a recognizable name, such as "SAM Office 365 Graph".

Here are some links that provide more information about configuring Azure AD apps:

To register an app in the Azure AD instance:

  1. Navigate to https://apps.dev.microsoft.com/
  2. Log into the Application Registration Portal.
  3. On the My applications page, click Add an app.
  4. Enter your Application Name in the field provided and click Create.
  5. Under Properties page, provide the Name for the app.
  6. Record the Application ID that appears beneath the Name field.

    When you deploy Office 365 templates, you'll need to pass the Client/Application ID, password, and Tenant ID, as arguments in application monitors. You'll also need to provide those details to your Azure AD admin.

  7. Click Generate New Password.
  8. Under Microsoft Graph Permissions, select the Reports.Read.All level for the following permission types, and then click OK.
    • Delegated Permissions
    • Application Permissions
  9. Click Save.

Your Azure AD admin must approve permission levels before they become active.

Get Admin Consent for the app

To approve permissions for your app, your Azure AD admin can follow these steps.

  1. Log into https://portal.azure.com using the Global Administrator account.
  2. Navigate to All Services > Identity > Azure Active Directory.
  3. On the Azure Active Directory page, click App registration (preview) and select the app you just registered.
  4. In the app, note the Client ID and Tenant ID. They should match IDs recorded earlier in the process.
  5. Click View API Permissions.
  6. On the API permissions page, click Add a permission to grant Report.Read.All rights for:
    • Delegated Permissions, and
    • Application Permissions
  7. Under Grant consent, click Grant admin consent for (requestor).
  8. Click Yes to confirm record updates.

    A "Successfully granted admin consent for requested permissions" message should appear.

Disclaimer: Please note, any custom scripts or other content posted herein are provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software that you have purchased from SolarWinds, and the information set forth herein may come from third party customers. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment. Any custom scripts obtained herein are provided to you “AS IS” without indemnification, support, or warranty of any kind, express or implied. You elect to utilize the custom scripts at your own risk, and you will be solely responsible for the incorporation of the same, if any.