Delegated Token
To complete the required actions during automatic onboarding, such as creating groups and assigning a Global Admin role to the Avanan application, Avanan uses a delegated token from the authorizing user who approved the permissions.
If you choose to disconnect Avanan from Microsoft 365, Avanan executes the reverse actions, including deleting groups and disassociating roles. To do that, the Avanan Azure application must periodically refresh and maintain a valid delegated token.
The system initiates the refresh action on behalf of the authorizing user, and you can observe these activities in your Microsoft 365 audit log:
-
Periodic logins by the Avanan application on behalf of the user to refresh the token.
-
Failed login attempts in case the user no longer exists or the password has changed.
Note:These failed logins do not affect security or email delivery. However, when disconnecting Avanan from Microsoft 365, manual actions are necessary to eliminate its footprint.
To resolve this issue, re-authorize the Microsoft 365 application with the same or another Microsoft administrator credentials.
Click Security Settings > SaaS Applications.
Click Configure for Office 365 Mail.
Click Re-Authorize Avanan Office 365 Email App.
Follow the onscreen instructions and authorize the Microsoft 365 application.