Search Engine: Elastic

Article ID: 126807, created on Sep 4, 2015, last review on Nov 7, 2017

  • Applies to:
  • Operations Automation 7.0
  • Operations Automation 7.1
  • Operations Automation 7.2
  • Operations Automation 6.0
  • Business Automation 7.0
  • Business Automation 7.1
  • Business Automation 7.2
  • Business Automation 6.0
  • APS 2.x

This article describes how to configure your CSP partner account to allow the Office 365 application to use the Graph API. Namely, you must configure pre-consent for the app that you created for the Graph API.

To configure your CSP partner account, perform the following actions:

  1. Prepare the login and password of an admin user. The admin user must have Global Admin permissions in your CSP partner account’s Azure Active Directory. The credentials will be used in further steps of the procedure.

  2. Prepare a Windows client or server machine with Azure Active Directory PowerShell Module Version 2. The machine will be used in further steps of the procedure. For the installation instructions, refer to https://www.powershellgallery.com/packages/AzureAD/2.0.0.98. Also note that the Install-Module -Name AzureAD command works on Windows 10. If your machine runs on Windows 8/8.1, you should install PackageManagement PowerShell Modules Preview (https://www.microsoft.com/en-us/download/details.aspx?id=51451) beforehand.

  3. Prepare the App ID of the native app intended for the Graph API:

    • If you are upgrading the Office 365 application to version 17.2, you can skip this step since you already have the App ID (it was prepared during the upgrade procedure).

    • In other cases, do the following:

      1. Log in the Odin Automation control panel.
      2. Navigate to the list of application instances of the Office 365 app. In the list, select the application instance that you need.
      3. Obtain and write down the value of the setting ID of Native Client for Azure AD Graph API (Office 365 17.2 or higher) / Client ID (Office 365 17.1.x or lower).
  4. Obtain the Object ID of the app intended for the Graph API:

    1. Log in to the Azure Management Portal.
    2. In the left-hand navigation pane, choose More services and click App registrations.
    3. On the App registrations blade, click on the app intended for the Graph API. Note that you can find the app by using its App ID.
    4. On the blade of the app, copy and write down the Object ID of the app.
  5. Configure pre-consent:

    1. On a machine having Azure Active Directory PowerShell Module Version 2 installed, open a Windows PowerShell command prompt session.

    2. Run the following command to connect to the Azure Active Directory:

      • Microsoft Cloud - run Connect-AzureAD -AzureEnvironment "AzureCloud"
      • Office 365 Operated by 21Vianet in China - run Connect-AzureAD -AzureEnvironment "AzureChinaCloud"
      • Microsoft Cloud Germany - run Connect-AzureAD -AzureEnvironment "AzureGermanyCloud"

      You will then be prompted for your credentials. Click Work or School Account and log in using the credentials of the admin user with Global Admin permissions in your CSP partner account’s Azure Active Directory.

    3. Modify the PowerShell script given below by specifying the Object ID of the app intended for the Graph API:

      #Specify the Application Object Id of the Native App
      $appObjectId = 'APPLICATION-OBJECT-ID-HERE'
      Set-AzureADApplication -ObjectId $appObjectId -AvailableToOtherTenants $true
      $azureADApp = Get-AzureADApplication -ObjectId $appObjectId
      #Get the Service Principal for the Application object
      $servicePrincipal = Get-AzureADServicePrincipal -All $true | ? {$_.AppId -eq $azureADApp.AppId}
      #Get the Admin Agents Group object
      $adminAgentsGroup = Get-AzureADGroup -All $true | ? {$_.DisplayName -eq 'AdminAgents'}
      #Run the below command to add preconsent for the application
      Add-AzureADGroupMember -ObjectId $adminAgentsGroup.ObjectId -RefObjectId $servicePrincipal.ObjectId
      
    4. Execute the modified script to configure pre-consent for the app.
  6. Validate that your CSP partner account has been configured correctly by the script provided above (for upgrade to Office 365 17.2, perform this step after you complete the upgrade):

    1. Create a customer account with an Office 365 subscription, and then log in as the customer.
    2. Add a user.
    3. Assign an Office 365 license to the user.
    4. Add a domain to Office 365.

    All of the operations must be successfully completed (no errors, no failed tasks).

5356b422f65bdad1c3e9edca5d74a1ae caea8340e2d186a540518d08602aa065 e12cea1d47a3125d335d68e6d4e15e07 198398b282069eaf2d94a6af87dcb3ff 3627d36199b8ff577605df76e2fa222b bb7e9177fb03488961a3ea554120f328 c0f836394088a28cc30dd0e5fe8b600e b2c3b33425dfc50c7d41a2efaa7f84f3 717db81efe94e616312b74fb03a5d474 70bf700e0cdb9d7211df2595ef7276ab 7c0b495571a6c1bec50e4f324a20ec14 ef171e3fccb12bd8e09076a7b49212c0 0871c0b47b3b86ae3b1af4c2942cd0ce 1941880841f714e458ae4dc3d9f3062d 31987597efff5a3a9ce779cc203bbe5e 8c199f0ee4305da1a577740620df4a51 956c448bddc7e1f3585373687602379f 6f1456866eed87488c0f02b298a741c0

Email subscription for changes to this article
Save as PDF