Prerequisites
- The scanning service must be able to reach the below URLs
- For retrieving data: https://graph.microsoft.com
- For generating an authentication token: https://login.microsoftonline.com
- At least TLS 1.2 needs to be enabled on the device that is hosting the Lansweeper scanning service.
Values needed to be gathered while configuring the Microsoft Cloud Services application for scanning or mailing
The values below will be necessary to configure mailing or scanning in Lansweeper using Microsoft Cloud Services. These values will be gathered by following the steps further down in the article.
- Application (client) ID
- Directory (tenant) ID
- A client secret or a certificate thumbprint
How to set up the Azure application
In this section of the article we'll be logging onto the Azure portal to create and configure the application that is needed for scanning or mailing.
Step 1: Log into your companies' Azure account
Log on to https://portal.azure.com
Step 2: Go to App Registrations and create a new registration
Open the App Registrations
service (easiest by searching at the top) or click on App registrations
in the Azure services bar.
Create a new app registration via New registration
and give the application a descriptive name.
Step 3: Register the application
Select one of the supported account types to access the API.
Click the register
button.
Step 4: Save the Application (client) ID and Directory (tenant) ID
On the overview tab, copy the Application (client) ID
and the Directory (tenant) ID
and save them for later.
Step 5: Create and save a client secret and/or certificate
On the Certificates & Secrets tab, choose how you want to authenticate, using a client secret or a certificate.
Client secret
A client secret is a passphrase only known to your application and the authorization server. It is used to authenticate with Microsoft Graph. A client secret can be used for both scanning and mailing.
Click on New client secret
, enter a descriptive name and choose when the client secret should expire. Click Add
.
Copy the Client Secret from the value column and save it for later.
Certificate
A certificate can be used if the application will be used for scanning. Make sure to generate or purchase a certificate prior to performing these steps. Add this certificate to the root certificate store of your Lansweeper scanning server that will be used to scan this target.
Browse to your application and click on Upload certificate
Select a certificate (public key) with one of the following file types: .cer, .pem, .crt, the same certificate that you've already installed on your scanning server. Click Add
.
Afterwards, copy the thumbprint and save it for later.
How to use the Microsoft Cloud Services application for scanning or mailing in Lansweeper
The application you've created can be used for O365 mailing in the helpdesk and email alert module. It can also be used to scan O365, Intune and Azure AD. Depending on the final usage of the application, certain permissions must be applied. Please refer to the relevant articles below to complete the process.