Microsoft 365 Integration troubleshooting

This topic outlines common Microsoft 365 synchronization issues in Datto RMM and guidance on how to resolve them. 

To learn about the integration with Microsoft 365 and Datto RMM, refer to Microsoft 365 Integration.

Tenant sync issues

Expand the drop-down menus to uncover explanations and solutions for the following issues:

If a Microsoft 365 client tenant has not been granted the required GDAP permissions, Datto RMM shows the Failed status for that tenant.

Steps to resolve in your Microsoft Partner Center account

  1. Navigate to the Microsoft Partner Center customer list.
  2. Click the name of the applicable customer in the list.
  3. In the left navigation menu, click Admin relationships.

  4. Check for the following configurations:
    • In the GDAP relationship, ensure that Global Reader and Application Administrator roles are included.
    • In the GDAP relationship, check which security group has the required permissions.
    • In your own Microsoft Entra tenant, ensure the account used for partner access in Sync 365 is in the relevant GDAP security group.

Within about 30 minutes of placing the account in the correct group, the status should no longer show Failed.

If a Microsoft 365 client tenant is struggling to receive consent data, Datto RMM shows the Pending status for that tenant.

Steps to resolve

  1. In the Tenants tab on the integration setup page in Datto RMM, unsync the tenant to produce the Deactivated status.
  2. Create a new relationship with the following roles: Cloud Application Administrator or Application Administrator.
  3. Attempt to re-sync the tenant in Datto RMM.

Steps to resolve in your Microsoft Partner Center account

  1. Navigate to the Microsoft Partner Center customer list.
  2. Click the name of the applicable customer in the list.
  3. In the left navigation menu, click Admin relationships.
  4. Ensure that sufficient roles (Cloud Application Administrator, or Application Administrator) and consent have been granted. Follow the steps from Microsoft to grant admin consent. For navigation instructions, refer to this section.

When conditional access policies are in place, tenants may not appear in Datto RMM.

Potential resolutions

  • Ensure the correct tenant ID is entered in Datto RMM to authenticate the integration.
  • Ensure GDAP is correctly configured for the tenant, and ensure the security group is granted one of the following roles: Cloud Application Administrator, or Application Administrator.
  • If application logs in Microsoft Entra are selected, you may see the following error details (which causes this issue):
  • Ensure Privileged Identity Management has been configured as follows:
    1. From the left navigation menu in Microsoft Entra, navigate to Identity > Identity Governance > Privileged Identity Management.
    2. In the Manage section on the Privileged Identity Management page, click Microsoft Entra roles.
    3. In the Manage section, click Roles.
    4. Click the Global Administrator role. Check that the role shows No Results.
    5. Click Add Assignments.
    6. In the lower-left corner of the page, click No member selected.
    7. Search for your integration user, select the check box, and click Next.
    8. Configure the following settings and click Assign:
      • Assignment type: Eligible
      • Permanently eligible

GDAP Not Available

The GDAP Not Available sync status indicates the required GDAP relationship is missing or expired for a tenant.

Resolution

  1. Navigate to Microsoft Partner Center.
  2. Verify the GDAP relationship exists for the affected tenant.
  3. If the GDAP relationship has expired, create a new one or enable auto-renew.
  4. Ensure the integrating service account is assigned to the security group associated with the GDAP relationship.
  5. Return to Datto RMM and re-sync the tenant.

Intune Quick Action failures

If an Intune Quick Action fails, the MDM Action Status column will display Failed along with an error description. Common causes include:

  • The integration permissions have not been reconfigured after upgrading to RMM 14.7. Navigate to Setup > Integrations > Microsoft 365 to reconfigure.
  • The device is offline or unreachable. Wait for the device to come online and retry.
  • The Datto RMM agent is not installed on the target Windows device.
  • The user’s Security Level does not have Manage permission for Devices.

Windows 365 Cloud PC deployment failures

If a deployment fails, the status will show an error code and message. Common errors include:

Error Code Resolution
executeActionFailed Deploy agent with expected error. Check Cloud PC logs; may be a permission or network issue.
executeActionTimeout Deploy agent timed out. Retry the deployment; may indicate slow network or high load.
deviceNotExist Cloud PC does not exist. Remove from Datto inventory.
deviceNotAvailable Cloud PC is in unavailable status or not ready. Wait and retry later.
checkDiskSpaceFailed Insufficient disk space on Cloud PC. User action needed to free disk space.
checkNetworkConnectionFailed Cloud PC network check failed. Troubleshoot network connectivity on the Cloud PC.
agentNotExist Agent URL not accessible. Verify the agentUrl configuration in Configure Agent Settings.
agentFormatInvalid Invalid agent file type. Must be EXE, MSI, or MSIx. Contact Datto support.
agentChecksumInvalid Agent file checksum failed. Re-upload the agent binary and verify file integrity.

In addition to the errors listed above, the following common causes can also apply: 

  • Integration permissions not refreshed after upgrading to RMM 14.9.
  • The Microsoft 365 tenant is not mapped to a Datto RMM Site.
  • No Windows 365 Cloud PC licenses are available in the mapped Microsoft 365 tenant