Creating a Microsoft Cloud Services application for scanning and email

Scanning Microsoft Cloud Services is a feature introduced in Lansweeper 8.3. If you are using an older Lansweeper release, you will need to update by following the instructions in this knowledge base article.
In previous Lansweeper versions, you were already able to set up connections with various Microsoft Cloud Services. Some of these, namely Office 365 and Intune, used basic authentication. Since Lansweeper 8.3 it is possible to scan Intune and O365, and to perform mailing using your O365 tenant using modern authentication.
You can now configure a Microsoft Cloud Services application via the Azure portal that can be used in combination with an Office 365(v2) scanning target, Intune(v2) scanning target or helpdesk and alert mailing. The application is used to perform scanning or mailing via the Microsoft Graph API. This article explains what the prerequisites are, what you'll need to perform further configuration in Lansweeper, how you can create the Azure application, and how you use the Azure application in Lansweeper.

 

Prerequisites

  • The scanning service must be able to reach the below URLs
    • For retrieving data: https://graph.microsoft.com
    • For generating an authentication token: https://login.microsoftonline.com
  • At least TLS 1.2 needs to be enabled on the device that is hosting the Lansweeper scanning service.

Values needed to be gathered while configuring the Microsoft Cloud Services application for scanning or mailing

The values below will be necessary to configure mailing or scanning in Lansweeper using Microsoft Cloud Services. These values will be gathered by following the steps further down in the article.

  • Application (client) ID
  • Directory (tenant) ID
  • A client secret or a certificate thumbprint
If your goal is to set up an application for helpdesk or alert mailing, you must use a client secret, not a certificate. For scanning O365, a certificate is recommended, but not strictly required.

How to set up the Azure application

In this section of the article we'll be logging onto the Azure portal to create and configure the application that is needed for scanning or mailing.

Step 1: Log into your companies' Azure account

Log on to https://portal.azure.com

Step 2: Go to App Registrations and create a new registration

Open the App Registrations service (easiest by searching at the top) or click on App registrations in the Azure services bar.

Create a new app registration via New registration and give the application a descriptive name.

Step 3: Register the application

Select one of the supported account types to access the API.

Click the register button.

Step 4: Save the Application (client) ID and Directory (tenant) ID

On the overview tab, copy the Application (client) ID and the Directory (tenant) ID and save them for later.

Step 5: Create and save a client secret and/or certificate

On the Certificates & Secrets tab, choose how you want to authenticate, using a client secret or a certificate.

Client secret

A client secret is a passphrase only known to your application and the authorization server. It is used to authenticate with Microsoft Graph. A client secret can be used for both scanning and mailing.

Click on New client secret, enter a descriptive name and choose when the client secret should expire. Click Add.

 

Copy the Client Secret from the value column and save it for later.

You must copy the client secret value before leaving this page. It cannot be retrieved afterwards.
If you wish to use the application for O365 mailing in the helpdesk or email alerts a client secret is required

Certificate

A certificate can be used if the application will be used for scanning. Make sure to generate or purchase a certificate prior to performing these steps. Add this certificate to the root certificate store of your Lansweeper scanning server that will be used to scan this target.

 

Browse to your application and click on Upload certificate

Select a certificate (public key) with one of the following file types: .cer, .pem, .crt, the same certificate that you've already installed on your scanning server. Click Add.

 

Afterwards, copy the thumbprint and save it for later.
How to use the Microsoft Cloud Services application for scanning or mailing in Lansweeper

The application you've created can be used for O365 mailing in the helpdesk and email alert module. It can also be used to scan O365 and Intune. Depending on the final usage of the application, certain permissions must be applied. Please refer to the relevant articles below to complete the process.

Related Articles

Get Started Right Away

Try Lansweeper for Free