The example provided is for the M365 Supplemental Services Management Pack. It demonstrates configuration of the DELEGATED permissions type which is used to simulate the actions of a user and is limited to the scope of the user's access rights.
- Login to Azure Active Directory admin center here: Azure AD Admin Center
- Locate/select the Azure Active Directory tile/blade.
- Locate/select the App registrations blade
- Locate/select your app designated for SCOM M365 monitoring, this will open the app blade.
Example from my lab.
5. Locate/select API permissions. This will open the permissions blade to reveal all existing permissions for the app.
6. Select Add a permission. The list of Microsoft APIs will appear in a flyout.
7. Select Microsoft Graph.
8. Selected the Delegated permission type.
9. Type the name of the specific permission required into the search field. Any/all matching permissions will appear in the list below.
10. Select the checkbox for the required permission(s).
11. At this time, you may repeat steps 9, 10 above to select all required permissions before saving. You do NOT have to add a single permission at a time, multi-select is allowed.
12. Select Add permissions at the bottom of the window.
Once a permission has been added, you must grant admin consent, which effectively activates the permission.
- Select Grant admin consent for <YourTenantName>.
- Select Yes in the Grant admin consent confirmation popup window.
Confirmation dialogue should appear as shown below.
Verify that admin consent has been granted to ALL listed permission.