Microsoft 365¶
Category: Identity | Version: 2.0.0 | Supports: Direct API & Proxy
What is this module for?¶
The Microsoft 365 module connects to your M365 tenant via the Microsoft Graph API. It synchronizes your users, groups, and licenses. You can also create, update, and delete user accounts and groups, manage group memberships, reset passwords, and assign or remove licenses — all directly from Tevyra.
Direct or Proxy
This module supports direct API access (for cloud-hosted instances) or through a Tevyra Proxy (for on-premises deployments behind a firewall). See the proxy installation guide if needed.
Before you start¶
To configure this module, you will need:
- An Azure AD / Entra ID tenant
- An Azure AD App Registration with the appropriate permissions (see guide below)
- The Client Secret generated for this application
Configuration¶
Parametres requis¶
| Parametre | Type | Description |
|---|---|---|
tenant_id | string | Tenant ID |
client_id | string | Client ID |
client_secret | secret | Client Secret |
Example configuration¶
{
"tenant_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"client_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"client_secret": "your-client-secret"
}
Configure the Azure AD App Registration¶
- Go to Azure Portal > Azure Active Directory > App registrations
- Click New registration
- Name the application:
Tevyra Integration - Account type: Single tenant
- Click Register
- Note the Application (client) ID and Directory (tenant) ID
- Go to Certificates & secrets > New client secret
- Go to API permissions > Add a permission > Microsoft Graph > Application permissions
- Add the following permissions:
| Permission | Usage |
|---|---|
User.Read.All | Synchronize users |
Group.Read.All | Synchronize groups |
Directory.Read.All | Read directory information |
User.ReadWrite.All | Create, update, delete, enable/disable users, reset passwords |
Group.ReadWrite.All | Create, update, delete groups, manage memberships |
User.ManageIdentities.All | Manage user identities (password resets) |
- Click Grant admin consent
Minimum permissions
For synchronization only (without actions), *.Read.All permissions are sufficient. Add *.ReadWrite.All permissions only if you want to manage users, groups, and licenses from Tevyra.
Collected data¶
Once activated, the module automatically synchronizes the following data:
| Type d'asset | Description |
|---|---|
m365_user | Utilisateurs Azure AD / Microsoft 365 |
m365_group | Groupes Azure AD |
m365_license | Licences Microsoft 365 |
Default sync interval: 5 minutes
Available actions¶
From the Tevyra interface, you can perform the following actions:
| Action | Description |
|---|---|
microsoft-365.create_user | Crée un nouvel utilisateur Azure AD |
microsoft-365.update_user | Modifie les propriétés d'un utilisateur |
microsoft-365.delete_user | Supprime un utilisateur (corbeille 30j) |
microsoft-365.disable_user | Désactive un compte utilisateur |
microsoft-365.enable_user | Réactive un compte utilisateur |
microsoft-365.reset_password | Réinitialise le mot de passe d'un utilisateur |
microsoft-365.assign_license | Assigne une licence à un utilisateur |
microsoft-365.remove_license | Retire une licence d'un utilisateur |
microsoft-365.create_group | Crée un nouveau groupe (sécurité ou M365) |
microsoft-365.update_group | Modifie les propriétés d'un groupe |
microsoft-365.delete_group | Supprime un groupe (corbeille 30j) |
microsoft-365.add_group_member | Ajoute un utilisateur à un groupe |
microsoft-365.remove_group_member | Retire un utilisateur d'un groupe |
Indicators¶
The dashboard displays the following indicators:
| Indicator | Description |
|---|---|
users_total | Total number of users |
users_enabled | Active users |
users_licensed | Users with a license |
groups_total | Total number of groups |
licenses_total | Total available licenses |
licenses_consumed | Licenses in use |