Skip to content

Microsoft Office 365

SaaS Management integrates directly with Microsoft Office 365, so you can view all user activity within the application. The integration gives you the usage data you need to make informed decisions on inactive licenses and any renewal or purchasing options. User engagement data, such as the numbers of emails a user reads or sends in Outlook, can help you determine if their license is active or needed.

Integrating with Office 365

Before you can integrate with Office 365, you’ll first need to create a new service account in Office 365 and assign it the appropriate permissions. You’ll then use this service account to complete the integration.

Creating service accounts in Office 365

  1. Create a new service account user. You can name the account saas-mgmt-service-account to help differentiate it from other accounts.

    Note

    Ensure the service account’s credentials are appropriately secured.

  2. Assign the account the Reports Reader role. This role permits SaaS Management to read and collect the data required for syncs. For more information on assigning admin roles, refer to Microsoft’s product documentation.

  3. Assign the account the Application Admin role or provide the account with temporary elevated permissions.

    Important

    Avoid changing the service account’s permissions while the Office 365 integration is active in SaaS Management. Permission changes may cause the integration to fail, resulting in interruptions in your data.

Connecting Office 365 to SaaS Management

Important

Before you integrate the applications, make sure you sign out of your Office 365 individual account and service account.

  1. From the SaaS Management navigation menu, select Integrations.
  2. Select the Office 365 tile.
  3. Select Add Integration.
  4. Select the service account you created.
  5. Enter your password and select Sign in.
  6. Review the requested permissions and select the Consent on behalf of your organization checkbox.
  7. Select Accept to accept the requested permissions and complete the integration.

Your Office 365 usage data will start syncing immediately and should finish within 24 hours.

Requested Scopes

SaaS Management requests the following scopes:

Type Scope Description Admin Approval Required
User Permissions User.Read.All Read all users' full profiles Yes
User Permissions User.Read Read the profiles of signed-in users No
Group Permissions Group.Read.All Read all groups Yes
Directory Permissions Directory.Read.All Read directory data Yes
Reports Permissions Reports.Read.All Read all usage reports Yes
Audit Log Permissions AuditLog.Read.All Read audit log data Yes
OpenID Connect (OIDC) Permissions offline_access Access user's data any time (Generate refresh token) No

For more information about these scopes, refer to Microsoft's product documentation.

User Metadata

SaaS Management pulls the following user metadata from Office 365. You can filter your usage data by these fields:

Field Description
Department The department the user works in.
Is Resource Account Indicates whether the account is a resource account.
License Names The list of normalized licenses associated with the user.
License Values The list of licenses associated with the user.
User Type Classifies user types in your directory.