Microsoft 365 | Error 403

Microsoft 365 Error 403, M365 Error 403

Updated over a week ago


For a successful GDAP setup, you'll need a Microsoft Standard security posture, established GDAP relationships, and a valid Microsoft Token code upon login:

  1. Security Posture: To manage your customers in Microsoft Partner Center, Microsoft MFA enforcement is a must. If you're using third-party MFAs such as OKTA, Duo, or OneLogin, Microsoft MFA enforcement is required for the account registering the Liongard app. Ensure MFA enforcement by navigating to Conditional Access Policy under Security in Azure AD. If absent, check if Security defaults are enabled under Azure AD properties. If neither is present, consult your security officer on how to proceed. It's impossible to use Partner Center to manage your customers, either through the Partner Center or via API, without adhering to Microsoft's Security requirements.

  2. GDAP Relationships: After setting up security per Microsoft guidelines, establish GDAP relationships with your partners. Follow our guide or assistance.

  3. Token Authentication: To avoid issues with cached credentials, log into Liongard using an incognito window or a clean browser. When logging into Microsoft from the parent inspector config, admin -> Inspectors -> Microsoft Suites inspector -> Edit -> Open Microsoft Sign-In, ensure you receive an MFA token prompt from Microsoft. If your policy allows bypassing it within certain IPs, connect via a hotspot or similar to compel Microsoft's authentication. This step is crucial to incorporate MFA in the token we require for communicating with Microsoft's Partner Center. Once complete, initiate the Parent Inspector, followed by the Child Inspector(s).

Addressing 403 Errors from Inspectors:

If your inspectors are failing to a 403 error, please verify the account used to authenticate your parent inspector is a member of the "AdminAgents" group in your Parent Azure AD tenant.

Additionally, verify the AdminAgents group has the 5 required roles assigned:

  • Teams Administrator

  • Cloud Application Administrator

  • Directory Writers

  • Global Reader

  • Security Reader

  • Reports Reader

  • Privileged Role Administrator

For more information regarding Microsoft Cloud inspectors and GDAP, check the following:

Did this answer your question?