Microsoft 365 Settings
Configuring Microsoft 365 (formerly known as Office 365) settings is a must for creating Microsoft 365 accounts for users via ADManager Plus. Since the account provided here will be used for creating new accounts in Microsoft 365, ensure that you provide an account with the necessary privileges.
To add a Microsoft 365 account in ADManager Plus:
- Log in to ADManager Plus as an administrator and click on Domain/Tenant Settings in the top-right corner.
- Select Microsoft 365.
- Click the Configure using Microsoft 365 logon link located at the top right corner of the Microsoft 365 page.
- Click Proceed in the pop-up that appears.
- You will be diverted to the Microsoft 365 login portal. Enter the credentials of a Global Administrator account.
- Click Accept.
- An application and service account for ADManager Plus will be created automatically. You will now see a page that displays the list of permissions the application needs.
- Go through the list and click Accept.
- Select the domains to which the Microsoft 365 option should be provided.
- Click Save.
- You will now be redirected to the ADManager Plus console, where you can see that REST API access is enabled for the account you configured. If REST API access is not enabled, the page will provide an option to Enable Access.
Prerequisites for configuring a Microsoft 365 account in ADManager Plus
Before you set out to add a Microsoft 365 account in ADManager Plus, ensure that:
- You have Microsoft .NET version 4.8 and PowerShell version 5.1 installed.
- The MSOnline PowerShell module for Azure Active Directory is installed on the machine where ADManager Plus is installed.
- Your firewall settings allow access to these domains.
- The Microsoft 365 tenant account that is to be configured in ADManager Plus must have the global admin or user administrator privileges.
- The 64-bit version of the product must be installed.
Note: The Microsoft Graph API does not provide functionality for executing the MFA settings management action and editing properties of objects using management templates in ADManager Plus. Therefore, MSOnline PowerShell module is utilized to perform these tasks.
Installing Microsoft .NET version 4.8 and PowerShell version 5.1
Microsoft .NET Framework
- To check if Microsoft .NET Framework is installed, open Command Prompt from Run. Enter the following command:
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\full" /v version
- Check the displayed version. If the version is below 4.8, install Microsoft .NET Framework version 4.8 from here.
PowerShell
- To check if PowerShell is installed, type PowerShell from Run. If PowerShell is installed, check for its version number by running the following command in PowerShell:
$PSVersionTable
- If the version is below 5.1 or if PowerShell is not installed, install PowerShell version 5.1 from here.
Installing the MSOnline PowerShell module using the PowerShell cmdlet
- To check if this module is installed, open PowerShell and enter the following cmdlet:
Get-Module -ListAvailable -Name MSOnline.
This will list the module if it is installed.
- If the version of the module installed is other than 1. 1. 183. 81, uninstall the MSOnline module by opening PowerShell as an administrator and entering the following cmdlet:
Uninstall-Module MSOnline
- To install the module, open PowerShell as an administrator and enter the following cmdlet:
Install-Module -Name MSOnline -RequiredVersion 1.1.183.81 -Force
List of domains that must be allowed by your firewall
The following domains must be allowed through your firewall.
Table 1: Domains that must be allowed by Azure AD general cloud users
Module |
Endpoint |
REST API |
login.microsoftonline.com |
graph.windows.net |
graph.microsoft.com |
manage.office.com |
portal.office.com |
login.windows.net/common/oauth2/token |
admin.microsoft.com/fd/CommerceAPI/my-org |
Exchange Online |
outlook.office.com |
outlook.office365.com/powershell-liveid |
Table 2: Domains that must be allowed by Azure China cloud users
Module |
Endpoint |
REST API |
login.partner.microsoftonline.cn |
graph.chinacloudapi.cn |
microsoftgraph.chinacloudapi.cn |
manage.office.cn |
portal.azure.cn |
login.partner.microsoftonline.cn/common/oauth2/token |
Exchange Online |
partner.outlook.cn |
partner.outlook.cn/PowerShell |
Table 3: Domains that must be allowed by Azure United States cloud users
Module |
Endpoint |
REST API |
login.microsoftonline.us |
graph.windows.net |
graph.microsoft.us |
manage.office.us |
portal.azure.us |
login.microsoftonline.us/common/oauth2/token |
Exchange Online |
outlook.office365.us |
outlook.office365.us/powershell-liveid |
Troubleshooting
- If the error message "Unable to authenticate your credentials" is displayed while configuring an Microsoft 365 account, it could be because of any of these reasons:
- The user name or password entered is incorrect or there could be a problem with the user account.
- The user name was entered in an incorrect format.
- No internet connection.
- The user account could have the Azure Multi-Factor Authentication enabled; In this case, follow the steps mentioned here to configure ADManager Plus with your Microsoft 365 account.
- If the error message "Access denied" is displayed in Exchange online Management task or Reports, it could be because of any of these reasons:
- The user name or password entered is incorrect or there could be a problem with the user account.
- Insufficent Exchange Admin role.
Note: To automate Microsoft 365 tenant configuration, refer to
this page.