Documentation forServer & Application Monitor

Integrate Office 365 templates with Microsoft Graph in SAM

This topic describes how to configure SAM to support the integration of the following application monitor templates with Microsoft Graph, a product that offers a single REST API endpoint for Microsoft 365 services.

Starting in SAM 2020.2.5, apiversion=v1.0 is required in PowerShell scripts for legacy Microsoft Office 365 Teams and Microsoft Office 365 OneDrive templates and related application monitors. Otherwise, scripts return [ERROR] The remote server returned an error: (404) Not Found. messages. Alternatively, use one of the Microsoft 365 API poller templates.

To learn more about Graph, see:

All Microsoft links in this topic are © 2019 Microsoft Corp., available at https://docs.microsoft.com, obtained on May 8, 2019.

Requirements

  • The PSMSGraph PowerShell module for the Microsoft Graph API is installed and configured on the Orion server, as described next.
  • The PSMSGraph module is a registered Azure Active Directory (AD) app in the Microsoft Azure portal with the following Microsoft Graph API permissions:
    • Reports.Read.All (Delegated)
    • Reports.Read.All (Applications)
  • When you register the PSMSGraph Module as an app, gather the following details so you can pass them as arguments for different component monitors in SAM templates:
    • App name
    • Client ID/Application ID
    • Tenant ID
    • Password

Set up the PSMSGraph module on the Orion server

To install and configure the PSMSGraph module on the Orion server:

  1. Obtain PSMSGraph from either of the following websites and install it.
  2. Verify the module is installed correctly.
    1. In the PowerShell console, type: Get-Module -ListAvailable -Name "psmsgraph"
    2. Compare the output to the following screenshot; it should be similar.

Register the app

To provide SAM templates with access to the Microsoft Graph API, register the PSMSGraph module as an Azure AD app in the Microsoft Azure portal with the following permissions:

  • Reports.Read.All (Delegated)
  • Reports.Read.All (Applications)

When creating apps, use a recognizable name, such as "SAM Microsoft 365 Graph".

An Azure AD admin must authorize the endpoint before SAM can access the API.

To learn more, see these Microsoft resources: