Creating a Microsoft Cloud Services application for scanning and email

Prerequisites

• The scanning service must be able to reach the below URLs
  • For retrieving data: https://graph.microsoft.com
  • For generating an authentication token: https://login.microsoftonline.com
• At least TLS 1.2 needs to be enabled on the device that is hosting the Lansweeper scanning service.

Values needed to be gathered while configuring the Microsoft Cloud Services application for scanning or mailing

The values below will be necessary to configure mailing or scanning in Lansweeper using Microsoft Cloud Services. These values will be gathered by following the steps further down in the article.

• Application (client) ID
• Directory (tenant) ID
• A client secret or a certificate thumbprint

How to set up the Azure application

In this section of the article we'll be logging onto the Azure portal to create and configure the application that is needed for scanning or mailing.

Step 1: Log into your companies' Azure account

Log on to https://portal.azure.com

Step 2: Go to App Registrations and create a new registration

Open the App Registrations service (easiest by searching at the top) or click on App registrations in the Azure services bar.

Create a new app registration via New registration and give the application a descriptive name.

Step 3: Register the application

Select one of the supported account types to access the API.

Click the register button.

Step 4: Save the Application (client) ID and Directory (tenant) ID

On the overview tab, copy the Application (client) ID and the Directory (tenant) ID and save them for later.

Step 5: Create and save a client secret and/or certificate

On the Certificates & Secrets tab, choose how you want to authenticate, using a client secret or a certificate.

Client secret

A client secret is a passphrase only known to your application and the authorization server. It is used to authenticate with Microsoft Graph. A client secret can be used for both scanning and mailing.

Click on New client secret, enter a descriptive name and choose when the client secret should expire. Click Add.

Copy the Client Secret from the value column and save it for later.

Certificate

A certificate can be used if the application will be used for scanning. Make sure to generate or purchase a certificate prior to performing these steps. Add this certificate to the root certificate store of your Lansweeper scanning server that will be used to scan this target.

Browse to your application and click on Upload certificate

Select a certificate (public key) with one of the following file types: .cer, .pem, .crt, the same certificate that you've already installed on your scanning server. Click Add.

Afterwards, copy the thumbprint and save it for later.
How to use the Microsoft Cloud Services application for scanning or mailing in Lansweeper

The application you've created can be used for O365 mailing in the helpdesk and email alert module. It can also be used to scan O365, Intune and Azure AD. Depending on the final usage of the application, certain permissions must be applied. Please refer to the relevant articles below to complete the process.

• Office 365 scanning using Microsoft Graph and modern authentication.
• Intune scanning using Microsoft Graph and modern authentication.
• Azure Active Directory scanning using Microsoft Graph and modern authentication.
• Helpdesk and email alert mailing using modern authentication.