As you are aware - Microsoft has indicated that they will be transitioning from DAP relationships to GDAP Roles starting May 22, 2023. Shortly thereafter... it is expecting that they will start requiring that DAP be disabled completely.
In order for the LCI MS 365 Direct Configuration to work once DAP relationships are removed, action is required on your part. There are two general actions you must take.
ACTION 1. In your MSP Azure tenant, add a Redirect URI to the existing App Registered for LCI.
To do that, follow these steps:
1. Log into your MSP Azure tenant that has the GDAP relationships defined for all of your Microsoft Customers -- https://portal.azure.com/
2. Go to Manage Azure Active Directory
3. In the left Nav pane, click on App Registrations
4. Find the App you registered for LCI and click on it.
5. Click on Add a Redirect URI
6. In the Web section, click Add URI. NOTE: If the Web section is missing, you can click Add a Platform and select Web
7. Add the following URI:
https://app.lifecycleinsights.io/microsoft365ConsentResponse
8. Click Save at the bottom of the page
ACTION 2 For each of your Microsoft tenants (Customers), you must explicitly grant access to the LCI Azure App registered in your MSP Azure tenant. Here are the instructions to do that:
- In Lifecycle Insights, click on Administration Integrations Microsoft 365
- Click on the DELEGATED COMPANY MATCH tab
For each MS Tenant you have mapped to an LCI Company, you will now see a GRANT CONSENT button. You must click on that button for each customer once and follow the prompts.
Here are the steps you must follow for each customer:
1. Click on the GRANT CONSENT button.
2. Next, you will be prompted to sign into Azure to grant consent. This will redirect you to your customer's Azure portal. You must log in with Admin credentials. Alternatively, you can copy the consent link and send it a someone who has Admin credentials.
Click the AZURE SIGN-IN FOR CONSENT button.
3. Log into your customer's Azure portal with Admin Credentials
4. You will be prompted with Consent page. Click Accept.
5. You will be presented with confirmation that the consent was granted. You can close the window.
NOTE: If you receive a Sign In error that indicates 'No reply address is registered for the Application' after clicking Accept, this simply means that you have not registered a Redirect URI for the LCI Azure App Registration in your MSP tenant (see above). If you get this specific error, the consent WAS STILL GRANTED.
6. For your current working session, we will indicate if you have attempted to grant consent with an icon to the far right of the GRANT CONSENT button.
7. Repeat for all of your MS Customers mapped to LCI Company.