Configuration Inventory Requirements
This article lists the requirements necessary to successfully deploy and use the Configuration Inventory module in Syskit Point.
To collect Microsoft Teams-related data, you need to connect a service account in Syskit Point.
When preparing the service account, consider the following requirements:
- service account should have the Teams Administrator Azure AD role assigned
Please note! Use the Enter credentials option when connecting the service account to collect Configuration Inventory data. The Configuration Inventory module currently does not support a service account with multi-factor authentication enabled.
Configuration Inventory Settings & Reports are available to Syskit Point Administrators only.
Please note! Permissions described below are automatically granted to Syskit Point by giving consent during the tenant connection process. Permissions are granted only if the Configuration Inventory module is deployed with Syskit Point deployment.
Syskit Point and the Configuration Inventory module use two types of permissions to access several Microsoft APIs:
- Application permissions - define what Syskit Point and the Configuration Inventory module can do without a signed-in user.
- Delegated permissions - define what Syskit Point and the Configuration Inventory module can do in the name of the signed-in user.
The following permissions are required for the Syskit Point Configuration Inventory app registration:
Azure Active Directory Graph
Skype and Teams Tenant Admin API
Azure Service Management
Office 365 Exchange Online
Please note! The Syskit Point service principal will also be added to the Exchange Administrators role to support the data collection. The Microsoft documentation (found here) states that it's possible with other roles, but from our experience, only the Exchange Administrators role worked for collecting all of the data.