Knowledge Base

Introduction

Microsoft's Authenticator app is a great tool to use when verifying someone's identity through the MSP Process platform - it's more secure than just sending an SMS message, it can leverage additional biometric security mechanisms like Apple's FaceID, and it's convenient - your end-users likely already have the Microsoft Authenticator app on their phone.

In order for the MSP Process platform to send a push notification to your end-users, there are configuration steps that must be taken within that end-user's M365 tenant. This KB article will guide you through using GDAP Relationships in your CSP-model M365 tenant to complete those steps.

 

Prerequisites

  • Your end-user's M365 tenants must have an Entra P1 license (or higher) assigned to it
  • You must have a set of credentials for your CSP-model M365 tenant that have Cloud Application Administrator permissions
  • You must have access to your Microsoft Partner Center account

Obtaining the Redirect URI

You'll be creating an App Registration in your CSP-model M365 tenant; as part of configuring that App Registration, you'll need a Redirect URI - let's grab that from MSP Process:

  1. Login to the MSP Process UI (https://app.mspprocess.com)
  2. Navigate to Integrations -> Security Integrations
  3. Click the Add New Integration button
  4. Click on Microsoft Authenticator

  5. Click the CSP-model M365 Tenant button 
  6. In the pop-up window that appears, click on the copy icon for the Link for Redirect URI parameter:
  7. Leave the MSP Process window open; we'll be coming back to it in just a few minutes. 

Configuring the Enterprise Application your CSP-model M365 Tenant

NOTE: The GDAP Relationships you've established with your client's M365 tenants must have the Application administrator and User administrator roles assigned.

    1. Login to your Microsoft Azure portal (https://portal.azure.com)
    2. Navigate to App Registrations
    3. Add a new App Registration, and configure it as follows (note that the URL will change, depending on the ID of your M365 integration):
      • Name: MSP Process: MS Authenticator Deployment App
      • Supported Account Types: Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant)
      • Redirect URI: Web; URI: This is the URI you copied from the previous step, in MSP Process
    4. Within the App Registration, go to Manage -> API Permissions, and assign the app the following permissions:
    5. Within the App Registration, navigate to Manage -> Certificates & Secrets, and add a new Client Secret. Copy that Client Secret, as you'll need it in just a moment
    6. Back in MSP Process, fill in the rest of the fields in that Connect to Microsoft 365 (GDAP) pop-up window:
      • The Domain Name of your M365 CSP tenant (this is the Primary Domain that you'd see on the Home page, in Microsoft Entra)
      • The Application ID of the app you just registered; this can be found on the Overview page of the App Registration
      • The Client Secret from step #5
    7. Click Submit
    8. In the Microsoft window that appears, sign-in to your CSP-model M365 tenant
    9. Follow the prompts to provide MSP Process with the required permissions:
    10. You'll be brought back to the MSP Process UI
    11. If you then click into the Microsoft Authenticator card, you'll see the child tenants we've been able to successfully setup:

At this point, you've setup MSP Process to use Microsoft Authenticator to verify the end-users in that M365 tenant with their Microsoft Authenticator app. You'll now see Microsoft Authenticator available as an option within your PSA:

ConnectWise/Halo PSA:

Autotask:

Introduction:

When you send a verification request to someone's Microsoft Authenticator app, you may see an error message in MSP Process saying that the user has a different "Preferred Auth Method" specified. In this situation, the user will not receive your verification request.

The goal of this KB article is to show you where in M365 you can go to modify a user's preferred authentication method.

Example of the Error:

 

Steps to resolving the Error:

  1. Login to the Microsoft Entra admin center (https://entra.microsoft.com/?l=en.en-us) as a user who has the rights need to modify someone's identity in Entra
  2. Navigate to Protection -> Authentication methods

  3. Under the Monitoring section, click on User Registration Details

  4. Click on the user who's preferred authentication method you want to modify
  5. In the MFA Status card, click on Manage MFA Authentication methods

  6. Click on the pencil icon that allows you do edit the Default sign-in method
  7. Choose Microsoft Authenticator from the drop-down menu
  8. Click the Save button, and you're done!

 

Introduction

Microsoft's Authenticator app is a great tool to use when verifying someone's identity through the MSP Process platform - it's more secure than just sending an SMS message, it can leverage additional biometric security mechanisms like Apple's FaceID, and it's convenient - your end-users likely already have the Microsoft Authenticator app on their phone.

In order for the MSP Process platform to send a push notification to your end-users, there are configuration steps that must be taken within that end-user's M365 tenant. This KB article will guide you through those steps.

 

Prerequisites

  • Your end-user's M365 tenant must have an Entra P1 license (or higher) assigned to it
  • You must have a set of credentials for your customer's M365 tenant that have Cloud Application Administrator permissions.

Configuring an M365 Tenant

The following steps must be done for each M365 tenant.

  1. Login to the MSP Process UI (https://app.mspprocess.com)
  2. Navigate to Integrations -> Security Integrations
  3. Click the Add New Integration button
  4. Click on Microsoft Authenticator

  5. In the Microsoft window that appears, sign-in to your customer's M365 tenant
  6. Follow the prompts to provide MSP Process with the required permissions
  7. ; when that's completed, you'll be brought to the following page:
  8. Click the Tap to finish onboarding button
  9. You'll be brought back to the MSP Process UI

At this point, you've setup MSP Process to use Microsoft Authenticator to verify the end-users in that M365 tenant with their Microsoft Authenticator app. You'll now see Microsoft Authenticator available as an option within your PSA:

ConnectWise/Halo PSA:

Autotask: