Microsoft 365 Settings
Configuring Microsoft 365 (formerly known as Office 365) settings is a must for creating Microsoft 365 accounts for users via ADManager Plus. Since the account provided here will be used for creating new accounts in Microsoft 365, ensure that you provide an account with the necessary privileges.
To add a Microsoft 365 account in ADManager Plus:
- Log in to ADManager Plus as an administrator and navigate to the Admin tab.
- Under System Settings, select Microsoft 365/Google Workspace.
Note: Ensure that the MSOnline PowerShell module for Azure Active Directory is installed on the same machine where ADManager Plus is installed.
Click here for any help/information regarding installation of Azure AD module.
- Click the Add Microsoft 365 Account link located at the top right corner of 'Microsoft 365' page.
Note: For more information on how to configure a new Microsoft 365 account automatically or manually, refer to
this web page.
- Enter the User Name and Password of the Microsoft 365 account which has sufficient privileges (Global Admin) to create new accounts.
- Select the domains to which the Microsoft 365 option should be provided.
- Click Save.
- You can edit the existing Microsoft 365 tenants configured in the product.
- If you are using an account which has DirSync enabled, you can choose a different Source Anchor other than the objectGUID if you wish.
- To do this, click the relevant account from the list of Microsoft 365 accounts displayed in the 'Microsoft 365 settings page', select the desired 'Source Anchor' and click Update.
Prerequisites for configuring a Microsoft 365 account in ADManager Plus
Before you set out to add a Microsoft 365 account in ADManager Plus, ensure that:
- The MSOnline PowerShell module for Azure Active Directory is also installed on the machine where ADManager Plus is installed.
- Your firewall settings allow access to certain domains.
Installing the MSOnline PowerShell module
The MSOnline PowerShell module can be installed using software or through the PowerShell cmdlet.
Installing the MSOnline PowerShell module using software
To install the MSOnline module, install the software below on the same machine where the ADManager Plus server is located:
- The 64-bit version of the Microsoft Online Services Sign-in Assistant, which can be downloaded from this page.
- The 64-bit version of the Microsoft Azure Active Directory Module for Windows PowerShell, which can be downloaded from here.
Installing the MSOnline PowerShell module using the PowerShell cmdlet (supported for PowerShell versions 2 and above)
Execute the below cmdlets by running PowerShell as an administrator. Run the cmdlet shown in the image below to check the version of PowerShell installed on the machine where ADManager Plus is running.
To install the MSOnline PowerShell module through the PowerShell cmdlet, PowerShell version 2 and above is needed. To install the module, follow these steps:
- For PowerShell version 3 or 4, ensure that the PowerShellGet and PackageManagement modules are already installed. To check if they are installed, run the following cmdlets:
Import-Module PackageManagement
Import-Module PowerShellGet
- If any of the above cmdlets throw an error, you must reinstall the modules from here.
- Execute the following cmdlets as seen in the image displayed below:
Set-ExecutionPolicy RemoteSigned
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force -Scope CurrentUser
Install-Module MSOnline -Force -Scope CurrentUser
For more information, please refer to these pages:
List of domains that must be allowed by your firewall
The following domains must be allowed through your firewall.
Table 1: Domains that must be allowed by Azure AD general cloud users
Module |
Endpoint |
REST API |
login.microsoftonline.com |
login.microsoftonline.com |
graph.windows.net |
graph.microsoft.com |
manage.office.com |
portal.office.com |
login.windows.net/common/oauth2/token |
admin.microsoft.com/fd/CommerceAPI/my-org |
Exchange Online |
outlook.office.com |
outlook.office365.com/powershell-liveid |
Table 2: Domains that must be allowed by Azure Germany cloud users
Module |
Endpoint |
REST API |
login.microsoftonline.de |
graph.cloudapi.de |
graph.microsoft.de |
portal.office.de |
manage.office.de |
Exchange Online |
outlook.office.de |
outlook.office.de/powershell-liveid |
Table 3: Domains that must be allowed by Azure China cloud users
Module |
Endpoint |
REST API |
login.partner.microsoftonline.cn |
graph.chinacloudapi.cn |
microsoftgraph.chinacloudapi.cn |
manage.office.cn |
portal.azure.cn |
login.partner.microsoftonline.cn/common/oauth2/token |
Exchange Online |
partner.outlook.cn |
partner.outlook.cn/PowerShell |
Table 4: Domains that must be allowed by Azure United States cloud users
Module |
Endpoint |
REST API |
login.microsoftonline.us |
graph.windows.net |
graph.microsoft.us |
manage.office.us |
portal.azure.us |
login.microsoftonline.us/common/oauth2/token |
Exchange Online |
outlook.office365.us |
outlook.office365.us/powershell-liveid |
Troubleshooting
- If the error message "Unable to authenticate your credentials" is displayed while configuring an Microsoft 365 account, it could be because of any of these reasons:
- The user name or password entered is incorrect or there could be a problem with the user account.
- The user name was entered in an incorrect format.
- No internet connection.
- The user account could have the Azure Multi-Factor Authentication enabled; Microsoft does not currently support using the Azure Active Directory Module for Windows PowerShell to connect to Azure AD. For details, visit this page.
- If the error message "Access denied" is displayed in Exchange online Management task or Reports, it could be because of any of these reasons:
- The user name or password entered is incorrect or there could be a problem with the user account.
- Insufficent Exchange Admin role.
- The configured Microsoft 365 account is disabled for basic authentication. To overcome this, you have to install Exchange V2 PowerShell module in the server machine for Exchange modern authentication. For more information, refer to this page.
Note: To automate Microsoft 365 tenant configuration, refer to
this page.