QuickHelp’s Graph authentication model changed from Delegated to Application the weekend of May 17, 2019. For Microsoft Graph Sync (both User Sync and Graph Reports) to continue past this point, you must re-authenticate your Microsoft Graph as soon as possible.
What does that mean?
With Delegated permissions*, QuickHelp makes calls to Microsoft Graph on behalf of the admin. With Application permissions**, QuickHelp gets the required privileges to make calls to Microsoft Graph without being tied to the admin account. However, a global admin must still authorize QuickHelp to access their organization’s Microsoft Graph.
Why is this changing?
Improved security – once Application permissions have been granted to QuickHelp, the admin account is no longer required to be maintained.
What does re-authenticating look like?
- Go to Admin Portal > Settings > Office Graph
- Click Authenticate
- Authenticate in your Office 365 (must be a O365 Global Admin)
What happens if I don’t reauthenticate?
User Sync and Graph Reports updates will fail. You will not be able to license or un-license users as changes are made to your O365. Also, Graph Reports data will not be imported, and cannot be retrieved.
I see new buttons – what do they mean?
The Groups and People checkboxes are not tied to any current functionality but are there in preparation for future features. They can be disregarded at this time.
*Delegated permissions are used by apps that have a signed-in user present. For these apps either the user or an administrator consents to the permissions that the app requests and the app is delegated permission to act as the signed-in user when making calls to Microsoft Graph. Some delegated permissions can be consented to by non-administrative users, but some higher-privileged permissions require administrator consent.
**Application permissions are used by apps that run without a signed-in user present; for example, apps that run as background services or daemons. Application permissions can only be consented by an administrator.