Tenant Settings

This document shows you the steps for

Automatic Office 365 tenant configuration

  • If you are logging in to O365 Manager Plus for the first time, you will be directly taken to the Tenant Settings page where you should choose the Configure using Office 365 Login option. Otherwise, go to Tenant Settings → Add New Tenant and then choose the Configure using Office 365 Login option.
  • By clicking on Proceed in the pop-up that appears,
    1. An Azure AD application will be created that fetches Office 365 data using Microsoft Graph API.
    2. A service account will be created with Exchange Administrator and View-Only Organization Management roles.
    3. You will be redirected to the Office 365 login page where you must enter your Global Administrator credentials. You have to pass through multiple authentication methods, if your account is MFA-enabled.
    4. Note: O365 Manager Plus will not store your Global Administrator credentials.
  • Click on Accept in the pop-up that appears to allow O365 Manager Plus to,
    1. Create a service account with the Global Administrator credentials provided by you.
    2. Create an Azure AD application.
  • You will be now redirected to the Office 365 portal which will list the permissions required for your organization. Click on Accept. Make sure that you are granting the permissions with the Global Administrator account.
  • If the tenant configuration was successful, you can see your tenant listed in the Configure Office 365 Tenant page.

Manual Office 365 tenant configuration

  • Create an Azure AD application for O365 Manager Plus.
  • Create a service account with at least View-Only Organization Management, View Only Audit Log and Service Administrator permissions.
  • Login to O365 Manager Plus.
    1. If you are logging in to O365 Manager Plus for the first time, you will be directly taken to the Tenant Settings page where you should choose the Click here to configure an Office 365 tenant with a registered Azure AD application option. Otherwise, go to Tenant Settings → Add New Tenant and then choose the Click here to configure an Office 365 tenant with a registered Azure AD application.
  • Enter the Application ID and Application Secret Key in the pop-up that appears.
  • If the tenant configuration was successful, you can see your tenant listed in the Configure Office 365 Tenant page.
Note: If your service account is MFA-enabled, please check this section.

If you see one of the following conditions, the product needs some action from you to complete the tenant configuration,

  • REST API Access - Enable Now

    If the REST API column shows Enable Now, it means that you haven't granted all the permissions required by O365 Manager Plus while configuring the tenant.

    What should be done?

    REST API access must be enabled with required permissions. Please follow the steps in this document.

  • REST API Access - Update Permissions

    If the REST API column shows Update Permissions, it refers to the fact that O365 Manager Plus needs some additional permissions for the newly added features to work.

    What should be done?

    REST API access must be enabled with required permissions. Please follow the steps in this document.

  • Service Account - Configure Now / Status - Failed to create service account

    Service Account or Status column shows the above mentioned messages, if the service account creation could not be completed.

What should be done?

  • Create an Office 365 service account with Exchange Admin role.
  • In O365 Manager Plus, click on the Configure Now option under the Service Account column.
  • Provide the credentials of the service account you had created.
  • Click on Configure.
    1. Status - Service Account password has expired
    2. Status - Azure AD Secret Key is invalid

Check this document to know how to get your Azure AD Secret Key.

Steps to modify Office 365 tenant (Application details and service account details)

  • Click on the Tenant Settings option found at the top right corner.
  • You will see the list of Office 365 tenants configured with O365 Manager Plus.
  • Under the Actions column, click on corresponding to the tenant you need to modify.
  • Click on icon-edit adjacent to Application Details/Service Account Details to modify the corresponding values.
  • Choose Update once you have made the changes.

How to configure an MFA enabled service account

If your service account is MFA-enabled, you need to use either use Conditional Access or Trusted IP feature of Office 365 to by-pass MFA.

Steps to configure trusted IPs

  • Login to portal.azure.com using your global admin credentials.
  • Click on Azure Active Directory under Azure services.
  • Choose Security from the left pane.
  • Click on MFA under the Manage category in the left pane.
  • Choose the Additional cloud-based MFA settings option.
  • In the new window that opens, go to the trusted ips section.
  • Select the Skip multi-factor authentication for requests from federated users on my intranet option.
  • In the text box, enter the IP address of the machine in which you have installed O365 Manager Plus.
  • Click on Save.

Steps to configure conditional access

In this section we will create a policy to enforce MFA, and exclude the users of O365 Manager Plus so that they don't have to undergo multiple authentication.

Note: To use conditional access, you need Azure AD Premium P1 license.
  • Login to portal.azure.com using your global admin credentials.
  • Click on Azure Active Directory under Azure services.
  • Choose Security from the left pane.
  • Click on Conditional Access under the Protect category in the left pane.
  • Choose New Policy.
  • Provide a name for the policy.
  • Click on the Users and groups option.
  • Select the Exclude tab.
  • Select the Users and groups check box, and choose the O365 Manager Plus users for whom MFA must not be enforced.
  • Click on Done.
  • Under the Access controls section, click on Grant.
  • Select the Grant access radio button, and Require multi-factor authentication check box.
  • Click on Select.
  • Click on Create and the Save.

Managing O365 Manger Plus License

O365 Manager Plus is licensed based on the number of users. This section allows you to manage licenses and select the users that you wish to manage. O365 Manager Plus is licensed based on the number of users that you wish to manage. To manage licenses, click Manage Licenses. (Click Tenant Settings found in the top right corner → Manage Licenses). The Manage Licenses screen displays the following information at the top of the table.

  • Total License Count – This shows the number of licenses purchased.
  • Managed Users – This shows the number of users being managed by the product.
  • Available License Count – The number of unused licenses is shown here.

To modify the users to be managed:

  • Click on the icon under the Action column to manage all users for that tenant.
  • Click on the icon under the Action column to stop managing all users for that tenant.
  • To handpick the users to be managed, click the Total Number of Users in the Managed Users column. This will open a pop-up.
    • In the pop-up, select the type of users that you wish to see, i.e., only the managed users, or the unmanaged, or both.
    • Click icon to search for the user by name
    • Click the drop-down box on the right hand side of the pop-up to manage the number of users that will be displayed.
    • Select the check-boxes against each user to manage/unmanage them.
    • Click OK to save the selection.

In some cases, the number of Office 365 users managed and the number of licenses purchased might be different. In such cases, when new users/ additional licenses are added, the product automatically adds users to the managed users list.

Case 1 - Licenses purchased is greater than the number of users managed : In such a case, all existing users will be managed by the product. When new users are added, the product will automatically link the unused licenses with the new users.

Case 2 - Licenses purchased is lesser than the total number of users : In such a case, only the selected users will be managed by the product. When additional licenses are purchased, the unmanaged users will automatically be added to the managed users list based on availability of licenses.

NOTE: If you haven’t installed the Azure AD module, the pop-up while clicking the count in Managed Users column, gives details on mailboxes.

Get download link