This article covers the requirements to grant consent for partial imports as well as activation for the Azure AD reports feature.
Overview
Because CoreView serves as a reporting and administrative proxy for Office 365, there may be times when a Tenant Administrator or Operator may be prompted to grant access to the resources, such as the one below.
When this happens, there are two possible areas that need to be addressed:
- Attempt a re-consent using the URL provided below.
- Delete “CoreView's Application Permission Azure AD” and then force a re-consent.
Method 1: force the consent prompt
A Tenant Admin can force a re-consent by opening an InPrivate browser session and then using an Office 365 account that has Global Admin permissions, pasting the following URL into the browser's address bar, and pressing enter:
https://login.microsoftonline.com/common/adminconsent?client_id=b330c178-afa7-4bd6-b7fb-93f6fa2ac2d6&state=graph&redirect_uri=https://app.coreview.com/consent
Once you do this, you should be presented with the original consent dialogue. Scroll to the bottom and grant these permissions. Once this has been done, no other user logging into CoreView should receive the Admin Approval notice shown above.
Method 2: CoreView application permissions in Azure
During enrollment, application permissions are created for CoreView in Azure AD. When customers are experiencing ongoing prompts for Admin Approval, then the original permissions need to be deleted and recreated. Below are the instructions on how to perform this action.
This must be performed by a user with an Office 365 account with Global Admin rights.
- Log into the Office 365 Admin Portal (https://portal.office.com)
- Under Admin Centers section available on the left-hand side of the screen, click on the “Show All” button and then on “Azure Active Directory” > “Enterprise Applications“ > “All applications”.
- Set your filters to show all applications, with any Status and any Visibility.
- Search for “CoreView” or “4ward365 Microsoft API”.
- Delete the permission.
- Execute the step described in Method 1: “Force the consent prompt”.
This can take up to 24 hours to be activated on the Microsoft side. After that, CoreView can retrieve the audit data during the full import executed once per day.
Note: If the CoreView application was mistakenly added to Azure AD by someone without the Global Admin role, CoreView operators will not be able to log in unless the application is first removed from Azure AD and re-added under the Global Admin credentials.