Tenant Settings

This document shows you the steps for

If you are logging in to M365 Manager Plus for the first time, you will be directly taken to the Tenant Settings page where you can choose to automatically configure your tenant or manually configure it, if you already have a registered Azure AD application. If your tenant is created in Azure Germany, China or US Government clouds, then select the appropriate Azure environment from the drop down box by clicking on Choose the appropriate Azure Environment.

Automatic Microsoft 365 tenant configuration

  1. To perform an automatic tenant configuration, click on the Configure using Microsoft 365 Login option. If you wish to set up your tenant later, then go to Tenant Settings → Add New Tenant and then choose the Configure using Microsoft 365 Login option.
  2. Click on Proceed in the pop-up that appears. You will now be redirected to the Microsoft login page where you must enter your Global Administrator credentials. You have to pass through multiple authentication methods, if your account is MFA-enabled.
  3. Note: M365 Manager Plus will not store your Global Administrator credentials.
  4. Click on Accept in the pop-up that appears to allow M365 Manager Plus to,
    • Create a service account with the Global Administrator credentials provided by you. It will be created with the Exchange Administrator and View-Only Organization Management roles.
    • Create an Azure AD application to fetch Microsoft 365 data using Microsoft Graph API.
  5. You will be now redirected to the Microsoft 365 portal. Sign in with your Global Administrator account and Accept the permissions required for your organization.
  6. If the tenant configuration was successful, you can see your tenant listed in the Configured Microsoft 365 Tenants page.

Manual Microsoft 365 tenant configuration

  1. Create an Azure AD application for M365 Manager Plus.
  2. Login to M365 Manager Plus.
    • If you are logging in to M365 Manager Plus for the first time, you will be directly taken to the Tenant Settings page where you should choose the Click here to configure tenant with an already registered Azure AD Application option. Otherwise, go to Tenant Settings → Add New Tenant and then choose the Click here to configure tenant with an already registered Azure AD Application.
  3. Enter the Tenant name, Application ID, Application Object ID and Application Secret Key in the pop-up that appears.
  4. If the tenant configuration was successful, you can see your tenant listed in the Configured Microsoft 365 Tenants page.
  5. Create a service account with at least View-Only Organization Management, View Only Audit Log and Service Administrator permissions.
  6. Click on Configure under the Service Account column of the configured tenant.
  7. Enter the Service account name and Password in the Modify Service Account pop-up that appears.
  8. Click on Update.
Note: If your service account is MFA-enabled, please check this section.

Steps to modify Microsoft 365 tenant (Application details and service account details)

  • Click on the Tenant Settings option found at the top right corner.
  • You will see the list of Microsoft 365 tenants configured with M365 Manager Plus.
  • Under the Actions column, click on corresponding to the tenant you need to modify.
  • Click on icon-edit adjacent to Application Details/Service Account Details to modify the corresponding values.
  • Choose Update once you have made the changes.

How to configure an MFA-enabled service account

If your service account is MFA-enabled, you need to use either Conditional Access or Trusted IP feature of Microsoft 365 to by-pass MFA.

Steps to configure trusted IPs

  • Login to portal.azure.com using your global admin credentials.
  • Click on Azure Active Directory under Azure services.
  • Choose Security from the left pane.
  • Click on MFA under the Manage category in the left pane.
  • Choose the Additional cloud-based MFA settings option.
  • In the new window that opens, go to the trusted ips section.
  • Select the Skip multi-factor authentication for requests from federated users on my intranet option.
  • In the text box, enter the IP address of the machine in which you have installed M365 Manager Plus.
  • Click on Save.

Steps to configure conditional access

In this section we will create a policy to enforce MFA, and exclude the users of M365 Manager Plus so that they don't have to undergo multiple authentication.

Note: To use conditional access, you need Azure AD Premium P1 license.
  • Login to portal.azure.com using your global admin credentials.
  • Click on Azure Active Directory under Azure services.
  • Choose Security from the left pane.
  • Click on Conditional Access under the Protect category in the left pane.
  • Click on New Policy.
  • Provide a name for the policy.
  • Click on the Users and groups option.
  • Select the Exclude tab.
  • Select the Users and groups check box, and choose the M365 Manager Plus users for whom MFA must not be enforced.
  • Click on Select.
  • Under the Access controls section, click on Grant.
  • Select the Grant access radio button, and Require multi-factor authentication check box.
  • Click on Select.
  • Click on Create and the Save.
Get download link