Office 365 Configuration | Binadox - SaaS management

Office 365 Configuration

This guide describes how to integrate Microsoft Office 365 with the Binadox multi-cloud SaaS and IaaS usage monitoring and cost optimization platform. A Tenant domain, Application ID and Client Secret of an application registered with Azure Active Directory are required.

Contents
1. Register Binadox with Azure AD
2. Add a New Office 365 User with Security Reader Permissions
3. Disable Multi-Factor Authentication
4. Locate Integration Data on the Azure Portal
5. Create New Connection for Office 365 in Binadox


1. Register Binadox with Azure AD

To register Binadox with Azure Active Directory, you need a subscription to Office 365 and a subscription to Azure associated with the Office 365 subscription.

1. Sign in to the Microsoft Azure portal as a global administrator using credentials of your Microsoft tenant that has the subscription to Office 365 you wish to use for Binadox spend and usage optimization.

2. In the navigation pane on the left, click All services > Identity > Azure Active Directory. Use the search bar, if necessary.

Advice: For your convenience, click on the star icon near the Azure Active Directory service name to add it to the Favorites category in the navigation pane.

fig.1-AD-Office365

3. Go to the App registrations section and click the New registration button.

fig.2-App-Registrations-Office365

4. Fill in the following fields in the registration form:
• Enter an application name in the Name field (e.g. Binadox).
• Check the Accounts in the organizational directory only checkbox in the Supported account types field.
• In the Redirect URI (optional) section, select Web in the drop-down list. Enter the following URL:

https://app.binadox.com/api/1/applications/authorize/try

Click the Register button to complete the registration.

fig.3-Binadox-Registration-Office365


2. Add a New Office 365 User with Security Reader Permissions

For safety reasons, you may create a new user in the Microsoft 365 admin center and assign him a restricted role with limited access to your Microsoft tenant.

1. Sign in to the Microsoft 365 admin center as a global administrator.

2. In the navigation pane on the left, navigate to Users > Active users. Click on the Add a user button.

fig.1-Active-Users-Office365

3. Fill in the Add user form. Set up the Basics and click Next.

fig.2-Basics-Add-User-Office365

4. In the Product licenses view, select the location. Select the Create user without product license option. Click Next.

fig.3-Product-Licenses-Add-User-Office365

5. In the Optional settings view, click on the Roles tab. Clear the User (no administrator access) check-box. Assign the Billing administrator role to the new user. Click Next.

fig.4-Billing-Admin-Role-Office365

6. Review data and click Finish adding to add a new user.

fig.5-Finish-Adding-Office365

7. Copy a username and a password. Click Close.

fig.6-User-Details-Office365

8. To specify the permission levels of the new user, click …Show all in the navigation pane on the left to open up the Admin centers section. Go to Security & Compliance.

fig.7-Security-Compliance-Office365

9. You will be redirected to the Office 365 Security & Compliance dashboard. In the navigation pane on the left, click Permissions. Select the Security Reader check-box in the list of role group names. In the Security Reader view that opens on the right, go to Members and click Edit.

fig.8-Permissions-Office365

10. In the Editing Choose members view, click Choose members.

fig.9-Choose-Members-Office365

11. In the Choose members view, click the + Add button to add the new user to the Security Reader role group.

fig.10-Add-User-Office365

12. Select the new user from the Members list. Use the search box, if necessary. Click Add.

fig.11-Choose-Members-Office365

13. Click Done to add the user to the Security Reader role group.

fig.12-Security-Reader-User-Office365

14. Click Save to finish.

fig.13-Save-User-Permissions-Office36

IMPORTANT:
Log in to the Azure portal as a new user and create a new password to activate the account.

fig.14-New-Password-Office365



3. Disable Multi-Factor Authentication

Multi-Factor Authentication enabled for the user may disrupt the connection with Binadox. To disable it, do the following:

1. Log into the Microsoft Azure portal as a global administrator. In the navigation pane on the left, go to Azure Active Directory > Users.

fig.1-AD-Users-Office365

2. Click All users in the navigation pane. In the All Users view, click Multi-Factor Authentication on the toolbar.

fig.2-MFA-AD-Office365

3. You will be redirected to the Multi-Factor Authentication view. Put the tick mark next to the name of the required user. In the appeared menu to the right, click the Disable option in the Quick Steps section. Click Yes in the appeared window to confirm the action.

fig.3-Disable-MFA-AD-Office365



4. Locate Integration Data on the Azure Portal

1. To find the Tenant domain, Application ID and Client Secret, sign in to the Microsoft Azure portal as a global administrator. Navigate to Azure Active Directory.

2. To locate the Tenant domain, click Custom domain names. Copy your tenant domain from the Name field (e.g. organization.onmicrosoft.com). You may also hover the mouse pointer over the profile information at the top right corner of the menu bar to see the tenant domain.

fig.1-Tenant-Domain-Office365

3. To locate an Application (client) ID, click Azure Active Directory > App registrations in the navigation pane on the left. Click on the name of the Binadox application. To quickly locate it, type in its name in the search bar.

fig.2-App-ID-Office365

4. To copy an Application (client) ID, hover the mouse pointer over the value. Click on the appeared icon to copy it to the clipboard.

fig.3-App-ID-Location-Office365

5. To generate a new Client Secret, go to the Certificates and secrets section and click the New client secret button.

fig.4-App-Secret-Office365

6. Make a Description for your client secret, select its duration in the Expires section and click the Add button.

fig.5-Add-New-Secret-Office365

7. Hover the mouse pointer over the value and click on the appeared icon to copy it to the clipboard.

fig.6-Copy-App-Secret-Office365



5. Create New Connection for Office 365 in Binadox

1. Log into your Binadox account.

2. In the navigation pane on the left, click Integrations. Proceed to the SaaS tab. Click on the Office 365 icon. To quickly locate Office 365 in the list of available applications, type in its name in the search bar or use an alphabetical filter by clicking on the first letter of an application name, i.e. O.

fig.1-Integrations-Office365

3. In the Office 365 view, type in the name of an instance in the Connection Instance Name field. Click Continue.

fig.2-Connection-Instance-Name-Office365

4. Fill in the connection properties. Paste the Tenant domain, Application ID and Client Secret into the corresponding fields (see Clause 4 on how to locate the Tenant domain, Application ID and Client Secret). Enter a login and a password of a new user into the corresponding Login and Password fields (see Clause 2 on how to add a new Office 365 user with Security Reader permissions). Click Connect.

fig.3-Connection-Properties-Office365

5. You will be redirected to the Microsoft login page. Enter a login and a password of a new user (see Clause 2 on how to add a new Office 365 user with Security Reader permissions) to sign into the Microsoft tenant and finish the configuration.

fig.4-Sign-In-Office365

6. In the appeared Permissions requested window, click Accept to give Binadox permissions to analyze data for spend and usage optimization.

fig.5-Permissions-Office365

7. Office 365 connection with Binadox is established.

fig.6-Status-Connected-Office365



Try for free for 30 days

You will be redirected to the registration form