This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 36%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi !
We use SCOM2019UR4
The M365 MP for SCOM (10.2.0.0) has been installed.
All prerequisites were done as it was described in the Manual.
The Azure Application with all permissions has been created as well as a bunch of users.
One of them was dedicated only for Office365 instance Health Check . The totally new user with 2 assigned roles - Global reader and Reports Reader
All synthetic transaction work fine.
But there are 2 issues there I can't either explain.
M365 Connection State Monitor is always in Critical state. I checked twice all the settings , no errors in them. Also I still haven't obtained data from MS Admin Center to SCOM. I am able to read a data from MSAC in a browser session using the same credentials I applied to MP . Here is an error -
MessageError: Exception (1): The remote server returned an error: (403) Forbidden. Stack Trace (1): at System.Net.HttpWebRequest.GetResponse() at Microsoft.SystemCenter.M365.ManagedModules.Helpers.SimpleRestClient.MakeCallWithResponseInternal(String url, Dictionary2 headers, String postData, String httpVerb, String contentType) at Microsoft.SystemCenter.M365.ManagedModules.Helpers.SimpleRestClient.MakeCallWithResponse(String url, Dictionary2 headers, String postData, String httpVerb, String contentType) at Microsoft.SystemCenter.M365.ManagedModules.Helpers.RestManagedModule1.InvokeRestMethod(String uri, String verb, String strPostData, String contentType, Dictionary2 customHeaders) at Microsoft.SystemCenter.M365.ManagedModules.ConnectionState.DoWork(Dictionary`2 dictionary) ApplicationClientId=66af0d22-4a9d-476a-8533-d1dcbeee7b3c
EndPointMessage Account doesn't have administrator permissions
The same with M365 Mailbox Count M365 Monitor - it turns in critical state and returns an error
This monitor is unable to determine the number of mailboxes
that exist under M365 and/or the associated organization's location.Unable
to determine Microsoft 365 mailbox count. Reason: ERROR - Unable to get mailbox
report data. State: Critical. Exception: System.Net.WebException: The remote
server returned an error: (403) Forbidden.at
System.Net.HttpWebRequest.GetResponse()at
Microsoft.SystemCenter.M365.ManagedModules.Helpers.SimpleRestClient.MakeCallWithResponseInternal(String
url, Dictionary2 headers, String postData, String httpVerb, String contentType)at Microsoft.SystemCenter.M365.ManagedModules.Helpers.SimpleRestClient.MakeCallWithResponse(String url, Dictionary2 headers, String postData, String httpVerb, String
contentType)at
Microsoft.SystemCenter.M365.ManagedModules.Helpers.RestManagedModule1.InvokeRestMethod(String uri, String verb, String strPostData, String contentType, Dictionary2
customHeaders)at
Microsoft.SystemCenter.M365.ManagedModules.MailboxCountM365.GetMailboxReport().
What may be wrong with it ? What roles or rights should I apply to this user to get the info from MSAC ?
Thanks in advance .
Andrii.
Hello,
Based on what I saw in the MP guide, at least for the Mailbox count monitor, the minimum Graph API permissions required are Organization.Read.All and Reports.Read.All.
Here is a link with a list of the permissions: https://learn.microsoft.com/en-us/graph/permissions-reference
Double check that you have the below permissions setup correctly:
Good luck!