Integrating with Microsoft 365

  • Release version: Zurich
  • Updated July 31, 2025
  • 7 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Integrating with Microsoft 365

    Integrating ServiceNow's Software Asset Management (SAM) application with Microsoft 365 allows customers to track software subscriptions and usage to ensure license compliance and identify optimization opportunities. This integration helps manage licenses effectively, reduce costs by reclaiming unused licenses, and maintain compliance with Microsoft's licensing policies.

    Show full answer Show less

    Key Features

    • Minimal User Permissions: The integration requires specific Microsoft 365 user roles and delegated scopes with read-only access for downloading subscription and usage data, and write permissions for reclaiming and assigning licenses. These permissions are scoped to minimize security risks by limiting access to necessary information only.
    • Prerequisites and Plugin Installation: Customers must install several plugins, including Software Asset Management Professional for Microsoft, ITAM Health Check, SaaS License Management, and Microsoft Entra ID Spoke to enable complete integration capabilities.
    • Data Synchronization and Content Updates: Integration profiles pull subscription and usage data from Microsoft 365 Admin Center on a scheduled basis. The SAM Content Service provides automated content updates such as software normalization, lifecycle, downgrade rights, and suite definitions to support accurate license management.
    • Power BI Usage Configuration: Enables read-only access to Power BI usage data to support optimization recommendations, especially for Microsoft 365 E5 to E3 license downgrades and similar scenarios.
    • Handling Anonymized User Data: Customers need to disable anonymization of subscriber data in Microsoft 365 Admin Center to allow accurate tracking of license usage.
    • Integration Profile Setup: Create integration profiles within SAM for each Microsoft 365 tenant to import data, track compliance, and enable license optimization. Profiles support government cloud environments and manual attachment of reports for Microsoft 365 Copilot, Visio Online, and Project Online usage.
    • License Reclamation and Assignment: Automated reclamation rules are provided to remove licenses from inactive users, and permissions allow the assignment of licenses through the Microsoft 365 portal.
    • User Resolution Rules: Map Microsoft 365 users to ServiceNow users to ensure accurate license compliance and optimization recommendations. Non-human accounts can be excluded from this process.
    • Software Models and Entitlements: SAM automatically creates software models from subscription data, including suite components, downgrades, and lifecycle details. Customers must add entitlements and manage license types such as Add-ons, From Software Assurance, Step-up licenses, and reserved licenses.
    • License Reservations: Support for creating reserve entitlements to extend existing Microsoft 365 subscriptions.

    Key Outcomes

    • Accurate License Tracking: Regular synchronization ensures all Microsoft 365 subscription and usage data is pulled into SAM, enabling precise license compliance management.
    • Improved License Optimization: Usage data analysis and reclamation rules help identify low usage licenses for potential downgrades or removals, reducing unnecessary license costs.
    • Compliance Verification: Health checks and reconciliation processes verify that Microsoft 365 licenses are consumed according to configured SAM policies.
    • Actionable Insights: Optimization recommendations and license position reports support proactive management of Microsoft 365 licenses and addressing unlicensed subscriptions.
    • Scalable Management: Support for multiple tenants, government cloud environments, and manual usage report handling enables customers to manage complex Microsoft 365 license environments effectively.

    Integrating the Software Asset Management application with the Microsoft 365 service enables you to track your software subscriptions and software usage to determine license compliance and act on optimization opportunities.

    Important:
    Minimize security risks and protect information by granting access only to the necessary user or API permissions.
    Table 1. Minimal user permissions
    Process Required? Required user role in the Microsoft 365 application Authentication scopes Purpose Least privilege?
    Download subscriptions Mandatory Application developer
    • User.Read.All
    • LicenseAssignment.Read.All
    		 Permits the ServiceNow instance to read tenant, user, and license information to synchronize Microsoft 365 subscription data. The user role and scope are read-only and limited to metadata access. It doesn't allow modifying users, groups, or licenses.
    Pull user activity Optional
    • Application developer
    • Power platform administrator
    • Reports.Read.All
    • Tenant.Read.All
    Important:
    Use Tenant.Read.All only for Power BI delegated permissions.
    • Pulls usage of Microsoft 365 apps for Enterprise (Microsoft Word, Excel, PowerPoint), and other products such as Exchange Online, Teams, OneDrive, Power BI, SharePoint Online, Viva Engage (previously Yammer). Required for the Software Asset Management Professional application to generate optimization recommendations for low usage. For example, low usage for Microsoft 365 E1, Microsoft 365 E3-> E1.
    • Pulls Power BI usage and activity metrics for license optimization. Required for the Software Asset Management Professional application to generate optimization recommendation for low usage. For example, Microsoft 365 E5-> E3.
    • The role and scope are read-only and limited to metadata access. It doesn't allow modifying users, groups, or licenses.
    • For getting Power BI usage, this is the least privilege role. You should consider limiting membership to specific security groups and enabling read-only Power BI admin settings for the service principal.
    Reclaim subscriptions Optional Application developer
    • GroupMember.ReadWrite.All
    • LicenseAssignment.ReadWrite.All
    		 Permits the Software Asset Management Professional application to reclaim inactive licenses by removing Microsoft 365 subscriptions assigned to inactive users. These permissions only enable modifying license assignments and don't provide tenant-wide admin capabilities.
    Assign licenses Optional Application developer
    • GroupMember.ReadWrite.All
    • LicenseAssignment.Read.All
    • LicenseAssignment.ReadWrite.All
    • User.Read.All
    		 Allows license assignment to users in the Microsoft 365 portal. These permissions only enable Microsoft 365 license assignment.

    Setting up Microsoft 365 integration

    Manage Microsoft 365 license compliance and optimization by performing the following steps:
    • Prerequisites

      Before you begin with Microsoft 365 integration, confirm that all prerequisites are met.

      1. Install Software Asset Management Professional for Microsoft

        Install the Software Asset Management Professional for Microsoft (com.snc.samp.microsoft) plugin to access the Microsoft Publisher pack features in the Software Asset Management application.

      2. Install ITAM Health Check application

        Install the ITAM Health Check application to get an overview of your Software Asset Management configurations and receive recommendations for correcting errors.

      3. Install Software Asset Management - SaaS License Management plugin

        Install the Software Asset Management - SaaS License Management plugin (com.sn_sam_saas_int) to create and manage integrations with your SaaS and Single Sign-On (SSO) applications. These integrations enable you to track license usage and reclaim unused licenses effectively.

      4. Install Microsoft Entra ID Spoke

        Install the Microsoft Entra ID spoke (formerly Azure AD spoke) to enable automated integration with the Microsoft 365 Admin Center for license removal and other scenarios. An Integration Hub subscription is required for this spoke. For more information about Integration Hub, see Integration Hub.

      5. Receive latest updates from Software Asset Management Content Service

        Update your instance with new content twice every week on a scheduled basis through Software Asset Management Content Service. The Software Asset Management application provides automated content to simplify the normalization of software installations and subscriptions, offering enriched data such as lifecycle information, downgrade rights, and suite definitions. This data is essential for maintaining accurate license compliance and optimization.

      6. Create a success goal

        Create a success goal to track the success of Microsoft 365 configuration setup on the Software Asset Management application.

    • Software Asset Management configurations

      Configure your Software Asset Management (SAM) application, which includes setting up user accounts, managing licenses, and confirming compliance with Microsoft's software usage policies.

      1. Register application on Microsoft Entra ID

        Register an application on Microsoft Entra ID (formerly Azure Active Directory) that enables the retrieval of all subscriptions provisioned in the Microsoft 365 admin center.

      2. Configure Power BI usage to get usage information

        Enable service principal authentication for Power BI read-only APIs to enable your application access to Power BI service content and APIs. This access helps optimize your Microsoft 365 subscriptions, such as downgrading subscriptions from Office 365 E5 to Office 365 E3 or removing Power BI low-usage subscriptions​.

      3. Prevent anonymous user information

        By default, Microsoft hides the user names of subscribers in the Microsoft 365 Admin Center, preventing ServiceNow from accurately tracking Microsoft 365 license usage. To resolve this issue, disable this anonymization feature in the Microsoft 365 Admin Center.

      4. Set up a Microsoft 365 integration profile

        Create a Microsoft 365 integration profile in the Software Asset Management application to import user subscription data, determine license compliance, and identify optimization opportunities. If you manage multiple tenants, create a separate integration profile for each.

      5. Configure the integration profile to get data for government customers

        The ServiceNow AI Platform supports Microsoft 365 Government plans, offering all the features of Microsoft 365 services within a government-exclusive cloud. This setup helps organizations comply with the U.S. security and compliance standards.

      6. Configure the integration profile to get usage for Microsoft 365 Copilot, Visio Online, and Project Online

        Microsoft doesn't provide APIs to get usage directly for Microsoft 365 subscription products, such as Microsoft Visio, Microsoft Project, and Microsoft Copilot. However, you can download activity reports for these products from the Microsoft 365 admin center. Microsoft 365 administrators can download these reports and SAM Admin can attach them unmodified to the integration profile in the Software Asset Management application. The scheduled jobs within ServiceNow will then process these reports and identify reclamation candidates if the usage is low.

      7. Configure reclamation rules

        The Software Asset Management application automatically provides base system reclamation rules when you create an integration profile for Microsoft 365. For more information, see Reclamation rules for Microsoft 365 integration.

      8. Configure user resolution rules

        Resolve or match the Microsoft 365 admin center user to the ServiceNow user (sys_user) to determine the right license compliance and provide correct optimization recommendations.

        Important:
        Remember that sometimes licenses are assigned to non-human users such as email accounts. In these instances, you can skip the user resolution process as it isn’t required.
      9. Run scheduled jobs

        The Microsoft 365 integration profile you created automatically gets subscription and usage information from the Microsoft 365 admin center on a scheduled basis. You can now run these jobs on demand and verify they’re completed successfully.

      10. Set up software models and entitlements
        The Software Asset Management application integrates with the Microsoft 365 admin center to generate software models automatically based on assigned subscriptions. These models include suite components, downgrades, and lifecycle details to confirm compliance and optimize licensing. For these automatically created software models, remember to add your entitlements. If you have previously set up entitlements using Publisher Part Number, the software models from that setup are used in this integration, avoiding the creation of duplicate models.
        Note:
        Verify that no software models are created without Discovery Maps (DMAPs) and no entitlements are created without a Publisher Part Number (PPN) for a smoother implementation.
      11. Set up Add on, From SA, and Step Up entitlements

        Associate an Add-on license with a perpetual office legacy license with active Software Assurance. Microsoft 365 offers various subscription types such as Full USL, Add On USL, From SA USL, Step-up license, and reserved licenses. To learn more about these licenses, see Supported Microsoft 365 license types.

      12. Set up license reservations

        Create reserve entitlements for Microsoft online services to add licenses to your existing Microsoft 365 subscriptions.

    • Software Asset Management configurations verification

      Review and validate the Software Asset Management configurations to track and manage Microsoft 365 licenses and usage accurately.

      1. Verify the complete pull of all subscriptions

        Verify with the Microsoft 365 administrator that all subscription records have been successfully pulled.

      2. Run health check

        Run a health check on the Health check dashboard by selecting Microsoft 365, SaaS, and General to verify the Microsoft 365 configurations and review the findings for each suite.

      3. Verify the pull of all required software usage

        Verify if the Software Asset Management application has pulled the usage details for your Microsoft 365 subscribed users, which is required to identify the last activity and determine optimization opportunities.

      4. Create a success goal

        Create a success goal to manage your Microsoft 365 licenses.

      5. Add Microsoft 365 and associated products to the published product list

        Add Microsoft 365 and associated products to the published product list to improve readability and declutter the Software Asset Workspace. Scale your SAM efforts strategically by evaluating progress based on resource needs, work quality, and configuration management.

      6. Run reconciliation

        Run reconciliation on the Software asset overview page to verify that the licenses are consumed according to the Software Asset Management configurations. You must run reconciliation only for Microsoft as the publisher to verify Microsoft 365 license consumption.

      7. Check license position report

        Check your overall compliance positions for Microsoft 365 and associated products in the License Position Report.

      8. Act on unlicensed subscriptions

        Identify and address the unlicensed Microsoft 365 subscriptions.

      9. Act on optimization recommendations

        Software Asset Management supports various optimization use cases, which you can view on the Software asset analytics page.