Overview π₯
When using a Microsoft 365 Inspector (Multi-Tenant Configuration), Liongard should automatically discover all delegated child tenants associated with your Partner Center account.
If one or more client tenants are not appearing under Discovered Systems, this indicates a configuration, permission, or API issue preventing Liongard from retrieving the tenant list.
This guide provides a complete troubleshooting workflow to identify root causes and resolve discovery problems efficiently.
Why Does This Happen? π€
Tenants may not be auto-discovered due to:
Missing or broken Partner Center Delegated Admin relationship
Missing entries in the Contracts array from Microsoft Graph
Cached/stale discovery data
Permission/consent issues with the parent launchpoint
Microsoft Graph API errors, throttling, or outages
Inspector failing before discovery is attempted
Recent tenant onboarding requiring propagation time
Payload processing errors when generating launchpoints
Steps to Resolve π¨βπ»
1οΈβ£ β Verify the Tenant Isnβt Already Discovered
Go to Admin β Inspectors β Microsoft 365 β Discovered Systems
Search for the client tenant
If already present β the issue is not discovery; review Active System instead
If not present β continue troubleshooting
2οΈβ£ β Check the βDiscoveredβ Array in the Parent Dataprint
Open the Parent Microsoft 365 Launchpoint
On System Details page select Data Print Explorer
Search for:
Discovered
If the client tenant appears in the array:
Check Parent inspector Payload Processing Logs for any errors during launchpoint creation.
If the tenant does not appear, move on to Contract checks
3οΈβ£ β Validate the βContractsβ Array (Microsoft Graph)
The Contracts array is what Microsoft uses to list delegated admin customers.
In the parent dataprint, search for:
Contracts
If the client tenant is missing from the Contracts array:
β Liongard cannot discover the tenant.
β This must be fixed in Partner Center, not Liongard.
Reference: Microsoft Graph Contract Resource
4οΈβ£ β Confirm Partner Relationship in Partner Center
Have the partner sign in to β‘ Partner Centre
Check:
Is the client tenant listed under Customers?
Does the relationship show Delegated Admin permissions?
Has the customer recently removed any permissions?
Without a valid delegated admin relationship, Liongard cannot discover the tenant.
5οΈβ£ β Validate Permissions & Admin Consent
Ensure the Parent Launchpoint has:
Proper API permissions.
Valid admin consent.
No expired or revoked OAuth tokens.
If permissions were updated in Microsoft 365:
Edit the parent inspector
Complete the re-authentication process by selecting "Open Microsoft Sign-In"
Trigger a run in Clear Cache + Debug Mode
6οΈβ£ β Check Inspector Run Status
If the parent Inspector is failing due to:
Authentication issues.
API rate limits.
Network restrictions.
Expired refresh tokens.
Or any other issues.
Discovery may not execute. Resolve any Inspector errors and re-run inspector and check discovery.
7οΈβ£ β Check Microsoft Graph API Status
Visit:
Look for:
Graph API throttling.
Tenant retrieval failures.
Partner Center API issues.
If Microsoft is impacted β discovery will fail until Microsoft resolves the service.
8οΈβ£ β Recently Added Tenant? Allow Time
Microsoft sometimes takes up to 2β24 hours to propagate new:
Delegated admin assignments.
Customer tenant visibility.
Contracts resource updates.
Our Advise is:
Wait for propagation.
Re-run the parent launchpoint.
9οΈβ£ β Attempt Manual Discovery
If auto-discovery fails:
Add the client tenant manually as a new inspector.
Attempt authentication
If this fails β relationship or permissions are broken.
If this succeeds β auto-discovery is the only failing component.
Troubleshooting Summary π€©
Step | What to Check | Expected Result | What It Means if It Fails |
1οΈβ£ Discovered Systems | Tenant appears | Already discovered | No discovery issue |
2οΈβ£ Discovered Array | Tenant listed | Payload logs should show success | Launchpoint creation error |
3οΈβ£ Contracts Array | Tenant listed | Valid delegated admin | Missing β Not discoverable |
4οΈβ£ Partner Center | Customer visible | Relationship exists | No relationship β no discovery |
5οΈβ£ Permissions | Admin consent valid | Inspector can access Graph API | Reauth required |
6οΈβ£ Inspector Runs | Successful | Discovery functions normally | Fix Inspector failure |
7οΈβ£ Service Health | No advisories | Graph API healthy | Microsoft outage/throttling |
8οΈβ£ Propagation | 0β24 hrs | Tenant eventually appears | Still missing β permissions issue |
9οΈβ£ Manual Discovery | Manual launchpoint succeeds | Auto-discovery issue | Manual fails β relationship broken |
Discovery Flowchart π
START
β
βΌ
Is the tenant listed in Discovered Systems?
β βββ YES β Done
βΌ
Check Dataprint β Discovered array
β
Is the tenant listed?
β βββ YES β Check payload processing logs
βΌ
Check Contracts array
β
Is the client tenant listed?
β βββ NO β Fix Partner Center relationship
βΌ
Validate permissions & consent
β
Inspector running successfully?
β βββ NO β Fix Inspector errors
βΌ
Check Microsoft service health
β
Still not discovered?
βΌ
Try manual discovery
β
Manual discovery fails?
β βββ YES β Partner Center relationship broken
βΌ
Contact Liongard Support
External Resource Disclaimer βΌοΈ
This article references external Microsoft resources and tools. Liongard does not control availability, functionality, or accuracy of third-party sites. Use them as optional reference resources.
When to Contact Liongard Support π¦
Contact Support after completing all troubleshooting steps.
Provide the following details for fastest resolution:
Parent Microsoft 365 Launchpoint name.
Tenant ID(s) not being discovered.
Screenshot of the Discovered array and Contracts array.
Latest Inspector run logs.
Confirmation of partner relationship from Partner Center(Screenshots).
Any recent changes to tenant onboarding or delegated access.
Whether manual discovery succeeds or fails.
Logs from a Clear Cache + Debug Mode run.
Providing these upfront significantly accelerates investigation.