How to set up your tenant for the switch to Microsoft Graph API
Modified on Fri, 15 Sep 2023 at 06:58 AM
Categories
-
What's New
-
Release Information
- CoreView Release Notes September 2023
- CoreView Release Notes August 2023
- CoreView Release Notes July 2023
- CoreView Release Notes June 2023
- CoreView Release Notes May 2023
- CoreView Release Notes April 2023
- CoreView Release Notes March 2023
- CoreView Release Notes February 2023
- CoreView Release Notes January 2023
- CoreView December 2022 Release Notes
- CoreView November 2022 Release Notes
- CoreView October 2022 Release Notes
- September 2022 Release Notes
- August 2022 Release Notes
- Release 22.06 Key Features
- Release 22.05 Key Features
- Release 22.04 Key Features
- Release 22.03 Key Features
- Release 22.01 Key Features
- Release 21.12 Key Features
- Release 21.11 Key Features
- Release 21.10 Key Features
- Release 21.09 Key Features
- Release 21.08 Key Features
- Release 21.07 Key Features
- Release 21.05 Key Features
- Release 21.04 Key Features
- Release 21.03 Key Features
- Release 21.02 Key Features
- Release 21.01 Key Features
-
Release Information
- Getting Started with Customer Care
-
Getting Started with CoreView
-
Configuring
- Configuration Overview
- Creating CoreView Tenant Administrators
- CoreView Operator Uses Cases & Dependencies
- Creating a License Pool
- Understanding Virtual Tenants
- "Send As" DNS Requirements for CoreAdoption Campaigns (Optional)
- How to enforce MFA on CoreView service accounts
- Creating a License Pool
- How to ensure security for CoreView service accounts
- Disabling MFA for CoreView service accounts
- Set Conditional Access to grant access only inside the CoreView data center
-
Configuring
-
How to
-
Exchange Online
- How to check and analyze the Message Trace
- How To Configure Email Forwarding
- How to convert a Shared Mailbox to a User Mailbox
- How to convert a user mailbox to a shared mailbox in Exchange Online
- How to Create Microsoft 365 Groups for Improved Collaboration
- How To Create Shared Mailbox
- How To Create User Mailbox
- How To Grant Access To Mailbox
- How to List all the Mailboxes a User has access to in Microsoft 365
- How to remove delegates from Mailbox
- How to remove user access to Mailbox
- How to review and manage Exchange online mailbox permissions
- How to verify if a user has updated the Password
- Read Permission for Mailbox
- What are security groups and How to create it
- What is a Distribution Group and How to create it
-
Exchange Online
- Custom Actions Library
- Getting Started with CoreHybrid
-
Knowledge Resources
-
Understanding CoreView - Quick Start Guides.
- CoreView Quick Start Guide Overview and Index - Tenant Admins
- CoreView Quick Start Guide Overview and Index - Operators
- Understanding CoreView Tenant Configuration – Management
- Understanding the CoreView Operator Profile
- Understanding CoreView Operator Roles (New UX)
- Understanding CoreView Operator Roles
- Understanding CoreView Operator Delegation
- Understanding CoreView - Report Column Filtering
- Understanding CoreView Tenant Configuration - V-Tenant User Filters
- Understanding CoreView Tenant Configuration - Portal Information
- Understanding CoreView Tenant Configuration Options
-
Troubleshooting Common Issues
- Unable to see OneDrive, SharePoint and Exchange Data
- Remote Office 365 PowerShell session can Conflict CoreView Management Actions
- Why I cannot save the changes on existing License pool?
- Error when attempting to perform a Management Action
- Unable to modify the Assigned Licenses in my License Pool Report
- Enabling Permission for Endpoint Manager Actions
- How to enable permission for BitLocker keys report
-
Tenant Administration
- How to recreate Admins Read-only
- How to add an operator to the portal?
- How to enable and configure CoreView management session
- How to provide a consent to activate Azure AD Reports Feature and activate Partial Import?
- Tips & Tricks: Leverage Pivot Reports to Prototype License Pool Criteria Filter
- Tips & Tricks - How to manage email notifications for newly added Operators.
- Disable MFA from Read Only Service Accounts
- How To: Report on "Consumed Portal Licenses"
- How to Configure Allowed IP Addresses for CoreView Service Accounts
- Tips & Tricks: How to merge License Pools
- How to Use CoreView's Global Report Filters
- How to use the What If tool to check Azure AD conditional access policies
- How to Configure Allowed IP Addresses for CoreView Service Accounts
- How to Archive a Teams Group
- How to Restore a Teams Group
- On-demand Import for a Single Device in Endpoint Manager (Intune)
- Custom Actions using the Microsoft Graph API
- How to set up your tenant for the switch to Microsoft Graph API
- GraphAPI configuration: How to get Client ID and Client Secret
- How to provide consent to import exchange information
-
Reporting and Analytics
- How do I Check and Manage Calendar Permissions for a User?
- How CoreView can help you with your Microsoft 365 Chargeback Goals.
- New UX: Understanding the new License Centers
- Understanding the Savings Opportunities Dashboard
- Understanding the License Optimization center
- Understanding License Pool Snapshots report
- Understanding Call quality dashboard
- Understanding Call quality report
- Understanding User call quality report
- Understanding Teams groups activity report
- Understanding Teams Adoption Growth Report
- Understanding Endpoint Manager reports
- Understanding Teams dashboard
- Understanding Risky Users report
- Understanding Storage Dashboard
- Troubleshoot Active Users (License Usage) data
- Legacy Protocol Management
- Report Columns: Is active 30/60/90
- Quarantined Messages Report - Understanding The Reports
-
Managing and Administration
- Teams Voice: Direct Routing Support
- How to enable management function?
- Forward SMTP Address vs Forward Address management actions
- How to add the users in bulk while executing Users management actions?
- How to Create & Manage Custom Actions
- How to schedule a report to be sent automatically, and how to modify its scheduling options?
- How to schedule an alert report for the License Count
- Tips & Tricks – How to read and modify license pool report?
- Overview of CoreView Workflow
- How to delegate Workflow management using roles
- How to configure CoreView and ServiceNow integration
- How to Enable Multi Factor Authentication for Operators and Admins who Access the CoreView Portal
- How Can I Migrate from Group-Based Licenses to Direct Licenses Managed by CoreView?
- Naming convention rules
- Custom Actions: Forbidden and Warning Values
- How to add users to Distribution Group in bulk using via CSV
- Not able to manage licenses error
- Using custom action json output as an input in the workflow
- Setting the Sensitivity Label on SharePoint as a Mandatory Field
- DistinguishedName vs OnPremisesDistinguishedName
-
Understanding CoreView - Quick Start Guides.
- CoreView Product Manual
- Health Check
- Actions
-
Playbooks
-
Out-of-the-Box playbooks
- Introduction
- Overview
- Configuring predefined policies
- Edit policy settings: Set and monitor thresholds
- Edit remediation settings: Manual and automatic remediation
- Edit remediation settings: Configure attestation
- Remediation settings: Security & Identity policies
- Remediation settings: Teams Management policies
- Remediation settings: License Management policies
- Remediation settings: SharePoint & OneDrive Management policies
- Remediation settings: Exchange Management policies
-
Out-of-the-Box playbooks
- Workflows
- Learning Platform
- Internal Customer Care Resources
- Archive
- PowerShell
- Webinars and Events
- CoreVoice
- Internal Support
To prevent a loss of CoreView functionality, customers must authorize the use of the Graph API by entering a client ID and client secret within the CoreView application by September 30, 2023. |
Microsoft announced the end-of-life date for Entra ID (aka Azure AD) and MSOnline cmdlets at the end of June 2023. However, all cmdlets related to licenses in these two modules will be deprecated by the end of March 2023. CoreView has been preparing for the transition to the Graph API to replace these cmdlets; however, customers must authorize the use of the Graph API by entering a client ID and client secret within the CoreView application.
Configuration
Within CoreView, navigate to Settings > My organization > Graph Management and enter the client ID and client secret for your account.
Getting a Client ID and Client Secret
If you do not already have a client ID and client secret, there are two main ways you can create one:
- Via the Entra ID (aka Azure Active Directory) admin center.
- Via the PowerShell script linked at the bottom of the page.
Using the Entra ID (aka Azure Active Directory) admin center
- Select "App registrations".
- Select "New registration".
3. Enter an application name (I.e., CoreView Integration) and click "Register".
4. You have now registered the application. Please copy and store the application ID. You will need to upload this information to CoreView's portal.
5. From the registered application, click "API permissions" and then "Add a permission".
6. Select "Microsoft Graph" from the list of services.
7. Select "Application permissions" and add the "User.ReadWrite.All", "Directory.ReadWrite.All" and "Group.ReadWrite.All" permissions. If you need to perform the action Remove Channel User it is required also the additional permission "ChannelMember.ReadWriteAll".
8. Once you have added the three permissions, check the box next to "Grant admin consent".
9. Select "Certificates & secrets".
10. Select "New client secret".
11. Enter a description and expiration date for the client secret, then select "Add". We suggest an expiration date of 18 months.
12. Copy the value of the secret immediately after creation, as it will be encrypted the moment you leave the page.
13. Now it's time to copy the Application ID, client secret, and expiration date to CoreView’s portal. You can do it by clicking on Settings > My organization, then "Graph Management":
14. Once you have saved your configuration, you’ll have the ability to update the client secret when needed or delete the configuration entirely.
Client ID matches the Application ID from Azure Entra ID:
And the Client Secret is also pulled from Azure Entra ID:
Using PowerShell
- Run a command as administrator
- Type PowerShell
- Make sure that you have installed the module Azure AD, otherwise run the following:
Install-Module -Name AzureAD -RequiredVersion 2.0.2.137 -Confirm:$false -Scope AllUsers -Force
- Retrieve the data as below using the location of the folder where it was copied:
. "path\RegisterAzureAdApp.ps1"
- Call the function as below:
Register-AzureadApp -Name "CoreView Management Integration" -permissions "User.ReadWrite.All", "Directory.ReadWrite.All", "Group.ReadWrite.All"
- To perform the action "Remove Channel User" it is also required the additional permission:
"ChannelMemberReadWriteAll".
- To manage membership for role-assignable groups, it is required the additional permission:
"RoleManagement.ReadWrite.Directory".
- By default, the expiration date of the Client Secret is one year from the moment the script is executed. We suggest adding the parameter to extend the expiration date to 18 months.
ExpiresClientSecret "12/31/2023"
The script will generate the Client ID, the Client Secret, and URL that you need to use to provide the consent on Azure AD.
- You can add the below optional parameter:
-Urlredirect "myurl"The URIs we will accept as destinations when returning authentication responses (tokens) after successfully authenticating or signing out users. If not specified, by default it will set to: https://coreview.com Copy and paste the URL in a web browser and provide the consent using a user with global admin rights.
Attachments (1)