1. Home
  2. Microsoft Authenticator
  3. Deploying Microsoft Authenticator via GDAP for CSP M365 Tenants

Deploying Microsoft Authenticator via GDAP for CSP M365 Tenants

Introduction

Microsoft's Authenticator app is a great tool to use when verifying someone's identity through the MSP Process platform - it's more secure than just sending an SMS message, it can leverage additional biometric security mechanisms like Apple's FaceID, and it's convenient - your end-users likely already have the Microsoft Authenticator app on their phone.

In order for the MSP Process platform to send a push notification to your end-users, there are configuration steps that must be taken within that end-user's M365 tenant. This KB article will guide you through using GDAP Relationships in your CSP-model M365 tenant to complete those steps.

 

Prerequisites

  • Your end-user's M365 tenants must have an Entra P1 license (or higher) assigned to it
  • You must have a set of credentials for your CSP-model M365 tenant that have Cloud Application Administrator permissions
  • You must have access to your Microsoft Partner Center account

Obtaining the Redirect URI

You'll be creating an App Registration in your CSP-model M365 tenant; as part of configuring that App Registration, you'll need a Redirect URI - let's grab that from MSP Process:

  1. Login to the MSP Process UI (https://app.mspprocess.com)
  2. Navigate to Integrations -> Security Integrations
  3. Click the Add New Integration button
  4. Click on Microsoft Authenticator

  5. Click the CSP-model M365 Tenant button 
  6. In the pop-up window that appears, click on the copy icon for the Link for Redirect URI parameter:
  7. Leave the MSP Process window open; we'll be coming back to it in just a few minutes. 

Configuring the Enterprise Application your CSP-model M365 Tenant

NOTE: The GDAP Relationships you've established with your client's M365 tenants must have the Application administrator and User administrator roles assigned.

    1. Login to your Microsoft Azure portal (https://portal.azure.com)
    2. Navigate to App Registrations
    3. Add a new App Registration, and configure it as follows (note that the URL will change, depending on the ID of your M365 integration):
      • Name: MSP Process: MS Authenticator Deployment App
      • Supported Account Types: Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant)
      • Redirect URI: Web; URI: This is the URI you copied from the previous step, in MSP Process
    4. Within the App Registration, go to Manage -> API Permissions, and assign the app the following permissions:
    5. Within the App Registration, navigate to Manage -> Certificates & Secrets, and add a new Client Secret. Copy that Client Secret, as you'll need it in just a moment
    6. Back in MSP Process, fill in the rest of the fields in that Connect to Microsoft 365 (GDAP) pop-up window:
      • The Domain Name of your M365 CSP tenant (this is the Primary Domain that you'd see on the Home page, in Microsoft Entra)
      • The Application ID of the app you just registered; this can be found on the Overview page of the App Registration
      • The Client Secret from step #5
    7. Click Submit
    8. In the Microsoft window that appears, sign-in to your CSP-model M365 tenant
    9. Follow the prompts to provide MSP Process with the required permissions:
    10. You'll be brought back to the MSP Process UI
    11. If you then click into the Microsoft Authenticator card, you'll see the child tenants we've been able to successfully setup:

At this point, you've setup MSP Process to use Microsoft Authenticator to verify the end-users in that M365 tenant with their Microsoft Authenticator app. You'll now see Microsoft Authenticator available as an option within your PSA:

ConnectWise/Halo PSA:

Autotask: