Go up icon

Office 365 Integration

Overview

Integration of Microsoft Office 365 with the Binadox (SaaS and IaaS usage monitoring and cost optimization platform) allows you to get Office 365 spend and utilization insights and usage analysis of Office 365 features on a per-user basis, as well as to receive cost optimization recommendations.

Additionally, if you have a single sign-on (SSO) method enabled, Binadox will discover applications used by employees in your enterprise that are authenticated via SSO. The system will notify you of discovered applications available for integration with Binadox to receive their usage and spend data.

Note:
For Application Discovery with Office 365, you require Azure Active Directory Premium P1 or P2 licenses.

This guide provides step-by-step instructions on how to integrate Microsoft Office 365 with Binadox. To successfully connect Binadox with your Office 365 account, the following parameters are required: a Tenant domain, an Application ID and a Client Secret of an application registered with Azure Active Directory, and login credentials. For safety reasons, create a new user and assign him a restricted role with limited access to your Microsoft tenant.

There is an option to generate the required parameters – on the Microsoft Azure portal and register the Binadox application. In the Microsoft 365 admin center, create a new user to represent Binadox and assign him a restricted role with limited access to your Microsoft tenant.

Note:
Cost optimization and usage monitoring are available only for paid Office 365 subscriptions.

1. Register Binadox with Azure AD

To register Binadox with Azure Active Directory, you need a subscription to Office 365 and a subscription to Azure associated with the Office 365 subscription.

1. Sign in to the Microsoft Azure portal as a global administrator using the credentials of your Microsoft tenant that has the subscription to Office 365 you wish to use for Binadox spend and usage optimization.

2. In the navigation pane on the left, click All services > Identity. Use the search bar, if necessary.

Advice:

For your convenience, click on the star icon near the Azure Active Directory service name to add it to the Favorites category in the navigation pane.

Azure Active Directory

3. Go to the Applications > App registrations section and click the New registration button.

New registration

4. Fill in the following fields in the registration form:

  • Enter an application name in the Name field (e.g. Binadox).
  • Check the Accounts in this organizational directory only checkbox in the Supported account types field.
  • In the Redirect URI (optional) section, select Web in the drop-down list. Enter the following URL: https://app.binadox.com/api/1/applications/authorize/try
  • Click the Register button to complete the registration.

Register new application

5. On the App registrations page, click on the name of a newly registered application.

Display Name Office365

6. In the navigation pane, choose API permissions. Under API/Permissions name, click Microsoft Graph. On the Request API permissions page that opens, scroll down the permissions list and choose AuditLog. Select the AuditLog.Read.All checkbox. Then scroll down, choose Directory and select the Directory.Read.All checkbox. Choose User and select User.Read. Click Update permissions.

Permissions Office365

7. Under the API/Permissions name, check you configured all the required API permissions:

  • AuditLog.Read.All
  • Directory.Read.All
  • User.Read
  • Reports.Read.All

Permissions Granted Office365

2. Add a New Office 365 User with Security Reader Permissions

For safety reasons, you may create a new user in the Microsoft 365 admin center and assign him a restricted role with limited access to your Microsoft tenant.

1. Sign in to the Microsoft 365 admin center as a global administrator.

2. In the navigation pane on the left, navigate to Users > Active users. Click on the Add a user button.

Active Users Office365

3. Fill in all the required fields in the Add user form.

  • Enter a display name and a username.
  • Choose the required Password settings.
  • Leave Require this user to change their password when they first sign in unchecked (so you do not have to log in to the Azure portal as a new user and create a new password to activate the account).

Click Next.

Basics Add User Office365

4. In the Product licenses view, select the location. Select the Create user without product license option. Click Next.

Product Licenses Add User Office365

5. In the Optional settings view, click Roles. Select Admin center access. Click Show all by category.

Admin Center Access Office365

6. Scroll down to the Other category. Select the Billing admin checkbox. Click Next.

Billing Admin Role Office365

7. Review data and click Finish adding to add a new user.

Finish Adding Office365

8. Copy a username and a password. Click Close.

User Details Office365

9. To specify the permission levels of the new user, click …Show all in the navigation pane on the left to open up the Admin centers section. Go to Security.

Security Compliance Office365

10. You will be redirected to the Microsoft Defender dashboard. In the navigation pane on the left, click Permissions. Select the Security Reader check-box in the list of role group names. In the Security Reader view that opens on the right, go to Members and click Edit.

Permissions Office365

11. In the Editing Choose members view, click Edit to choose members.

Choose members

12. In the Choose members view, click the + Add button to add the new user to the Security Reader role group.

Add User Office365

13. Select the new user from the Members list. Use the search box, if necessary. Click Add.

Сhoose Members Office365

14. Click Done to add the user to the Security Reader role group.

Security Reader User Office365

15. Click Save to finish.

Save User Permissions Office365

3. Disable Multi-Factor Authentication

Multi-Factor Authentication enabled for the user may disrupt the connection with Binadox. To disable it, do the following:

1. Log into the Microsoft Azure portal as a global administrator. In the navigation pane on the left, go to Azure Active Directory > Users.

AD Users Office365

2. Click All users in the navigation pane. In the All Users view, click Per-user Multi-Factor Authentication on the toolbar.

MFA AD Office365

3. You will be redirected to the Multi-Factor Authentication view. Put the tick mark next to the name of the required user. In the appeared menu to the right, click the Disable option in the Quick Steps section. Click Yes in the appeared window to confirm the action.

Disable MFA AD Office365

4. Locate Integration Data on the Azure Portal

1. To find the Tenant domain, Application ID and Client Secret, sign in to the Microsoft Azure portal as a global administrator. Navigate to Azure Active Directory.

2. To locate the Tenant domain, click Custom domain names. Copy your tenant domain from the Name field (e.g. organization.onmicrosoft.com). You may also hover the mouse pointer over the profile information at the top right corner of the menu bar to see the tenant domain.

Tenant Domain Office365

3. To locate an Application (client) ID, click Azure Active Directory > App registrations in the navigation pane on the left. Click on the name of the Binadox application. To quickly locate it, type in its name in the search bar.

App ID Office365

4. To copy an Application (client) ID, hover the mouse pointer over the value. Click on the appeared icon to copy it to the clipboard.

App ID Location Office365

5. To generate a new Client Secret, go to the Certificates and secrets section and click the New client secret button.

App Secret Office365

6. Make a Description for your client secret, select its duration in the Expires section and click the Add button.

Add New Secret Office365

7. Hover the mouse pointer over the value and click on the appeared icon to copy it to the clipboard.

Copy App Secret Office365

5. Create New Connection for Office 365 in Binadox

1. Log into your Binadox account.

2. In the navigation pane on the left, click SaaS Connections. Click on the Office 365 icon. To quickly locate the Office 365 software in the list of supported applications, type in its name in the search bar.

SaaS Connections

3. In the Office 365 view, type in the name of an instance in the Connection Instance Name field. Click Continue.

Connection name

4. Fill in the required fields with parameters manually on the Microsoft Azure portal and in the Microsoft 365 Admin Center (see Clause 1 for step-by-step instructions). Click Connect.

Connection properties

5. You will be redirected to the Microsoft login page.

IMPORTANT:
Admin permissions are required to grant Binadox access to read usage and cost data in the account. For this purpose, log in with administrator credentials.

Sign In Office365

6. In the appeared Permissions requested window, click Accept to give Binadox permissions to analyze data for spend and usage optimization.

Permissions Office365

Office 365 connection with Binadox is established.

Was this article helpful?

Thanks for the feedback!