Microsoft 365 Settings

    Configuring Microsoft 365 (formerly known as Office 365) settings is a must for creating Microsoft 365 accounts for users via ADManager Plus. Since the account provided here will be used for creating new accounts in Microsoft 365, ensure that you provide an account with the necessary privileges.

    To add a Microsoft 365 account in ADManager Plus:

    • Log in to ADManager Plus as an administrator and navigate to the Admin tab.
    • Under System Settings, select Microsoft 365/Google Workspace.
      Note: Ensure that the MSOnline PowerShell module for Azure Active Directory is installed on the same machine where ADManager Plus is installed. Click here for any help/information regarding installation of Azure AD module.
    • Click the Add Microsoft 365 Account link located at the top right corner of 'Microsoft 365' page.
      Note: For more information on how to configure a new Microsoft 365 account automatically or manually, refer to this web page.
    • Enter the User Name and Password of the Microsoft 365 account which has sufficient privileges (Global Admin) to create new accounts.
    • Select the domains to which the Microsoft 365 option should be provided.
    • Click Save.
    • You can edit the existing Microsoft 365 tenants configured in the product.
    • If you are using an account which has DirSync enabled, you can choose a different Source Anchor other than the objectGUID if you wish.
    • To do this, click the relevant account from the list of Microsoft 365 accounts displayed in the 'Microsoft 365 settings page', select the desired 'Source Anchor' and click Update.

    Prerequisites for configuring a Microsoft 365 account in ADManager Plus

    Before you set out to add a Microsoft 365 account in ADManager Plus, ensure that:

    • The MSOnline PowerShell module for Azure Active Directory is also installed on the machine where ADManager Plus is installed.
    • Your firewall settings allow access to certain domains.

    Installing the MSOnline PowerShell module

    The MSOnline PowerShell module can be installed using software or through the PowerShell cmdlet.

    Installing the MSOnline PowerShell module using software

    To install the MSOnline module, install the software below on the same machine where the ADManager Plus server is located:

    • The 64-bit version of the Microsoft Online Services Sign-in Assistant, which can be downloaded from this page.
    • The 64-bit version of the Microsoft Azure Active Directory Module for Windows PowerShell, which can be downloaded from here.

    Installing the MSOnline PowerShell module using the PowerShell cmdlet (supported for PowerShell versions 2 and above)

    Execute the below cmdlets by running PowerShell as an administrator. Run the cmdlet shown in the image below to check the version of PowerShell installed on the machine where ADManager Plus is running.

    Installing the MSOnline PowerShell module

    To install the MSOnline PowerShell module through the PowerShell cmdlet, PowerShell version 2 and above is needed. To install the module, follow these steps:

    1. For PowerShell version 3 or 4, ensure that the PowerShellGet and PackageManagement modules are already installed. To check if they are installed, run the following cmdlets:

      Import-Module PackageManagement

      Import-Module PowerShellGet

      Installing the MSOnline PowerShell module

      Installing the MSOnline PowerShell module

    2. If any of the above cmdlets throw an error, you must reinstall the modules from here.
    3. Execute the following cmdlets as seen in the image displayed below:

      Set-ExecutionPolicy RemoteSigned

      Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force -Scope CurrentUser

      Install-Module MSOnline -Force -Scope CurrentUser

      Installing the MSOnline PowerShell module

    For more information, please refer to these pages:

    List of domains that must be allowed by your firewall

    The following domains must be allowed through your firewall.

    Table 1: Domains that must be allowed by Azure AD general cloud users

    Module Endpoint
    REST API login.microsoftonline.com
    login.microsoftonline.com
    graph.windows.net
    graph.microsoft.com
    manage.office.com
    portal.office.com
    login.windows.net/common/oauth2/token
    admin.microsoft.com/fd/CommerceAPI/my-org
    Exchange Online outlook.office.com
    outlook.office365.com/powershell-liveid

    Table 2: Domains that must be allowed by Azure Germany cloud users

    Module Endpoint
    REST API login.microsoftonline.de
    graph.cloudapi.de
    graph.microsoft.de
    portal.office.de
    manage.office.de
    Exchange Online outlook.office.de
    outlook.office.de/powershell-liveid

    Table 3: Domains that must be allowed by Azure China cloud users

    Module Endpoint
    REST API login.partner.microsoftonline.cn
    graph.chinacloudapi.cn
    microsoftgraph.chinacloudapi.cn
    manage.office.cn
    portal.azure.cn
    login.partner.microsoftonline.cn/common/oauth2/token
    Exchange Online partner.outlook.cn
    partner.outlook.cn/PowerShell

    Table 4: Domains that must be allowed by Azure United States cloud users

    Module Endpoint
    REST API login.microsoftonline.us
    graph.windows.net
    graph.microsoft.us
    manage.office.us
    portal.azure.us
    login.microsoftonline.us/common/oauth2/token
    Exchange Online outlook.office365.us
    outlook.office365.us/powershell-liveid

    Troubleshooting

    1. If the error message "Unable to authenticate your credentials" is displayed while configuring an Microsoft 365 account, it could be because of any of these reasons:
      • The user name or password entered is incorrect or there could be a problem with the user account.
      • The user name was entered in an incorrect format.
      • No internet connection.
      • The user account could have the Azure Multi-Factor Authentication enabled; Microsoft does not currently support using the Azure Active Directory Module for Windows PowerShell to connect to Azure AD. For details, visit this page.
    2. If the error message "Access denied" is displayed in Exchange online Management task or Reports, it could be because of any of these reasons:
      • The user name or password entered is incorrect or there could be a problem with the user account.
      • Insufficent Exchange Admin role.
      • The configured Microsoft 365 account is disabled for basic authentication. To overcome this, you have to install Exchange V2 PowerShell module in the server machine for Exchange modern authentication. For more information, refer to this page.
    Note: To automate Microsoft 365 tenant configuration, refer to this page.

    Don't see what you're looking for?

    •  

      Visit our community

      Post your questions in the forum.

       
    •  

      Request additional resources

      Send us your requirements.

       
    •  

      Need implementation assistance?

      Try onboarding