MS GDAP REQUIRED CHANGES FOR JUNE 30, 2024 - FOR DIRECT CONFIGURATIONS

As you are aware - Microsoft has transitioning from DAP relationships to GDAP Roles in July of 2023.  With this change they have also updated the API/Graph Explorer endpoints for obtaining User Registration Data such as MFA Status and Authentication Methods. 

In order for Lifecycle Insights to continue to retrieve user registration data and other data, we require that you add new permissions to your existing App Registrations.  
This includes both Direct Application Registrations as well as Delegated Admin Registrations. 

 

You must take action in order for Lifecycle Insights to access your Microsoft data after June 30, 2024.

ACTION 1.  In your MSP Azure tenant, add a new permission to the existing App Registration configured for Lifecycle Insights.

** This configuration requires that you have access to the Admin Center for each of your customers (Lifecycle Insights Company).  The integration is defined at a Company level within Lifecycle Insights

 

To do that, follow these steps:

  1. Log into the portal.azure.com with the admin credentials for the Company whose integration you are setting up.  
  2. Locate “Microsoft Entra ID” under Azure Services and open the module. 

3. In the left Nav pane, click on App Registrations

 

 

4.  Find the App you registered for LCI and click on it.

In the Left Nav Pane click API Permissions

Click the Add a Permission Tile. 

Select Microsoft Graph from the Microsoft API's Menu

 

Select Application permission Only.  DO NOT SELECT DELEGATED PERMISSIONS.

 

Use the Search Bar and enter "Audit" to quickly find the permission.
Find AuditLog and expand the permission to select AuditLog.Read.All

 

 

Click Add Permission at the bottom of the window.

 

 

When the permissions has been added, it will not automatically grant admin consent.  Click the Grant admin consent for <><></></>.button to grant consent for the new permission.

All permissions should now show as granted. 

Related to