Our recommendation is to use a minimum of Business Basic or E1 license and a suggested but not required Microsoft Entra ID P1 licensing. Microsoft Entra ID Premium (P1 or higher) provides more detail for alerts. Microsoft Entra ID Premium P1 can be added to any subscription as a standalone add-on. If you want Microsoft Entra ID P1 included in the subscription you must sell Business Premium or E3. Be aware that while one Microsoft Entra ID Premium P1 per tenant works, Microsoft's policy is that every user must have a Microsoft Entra ID Premium P1.
When connecting a Customer to Microsoft, it's important to note three things:
Microsoft licensing requirements.
Microsoft requires 2 API connections and two popups to be accepted, the first is for the Entra API and the second is for the MS Graph API
Ensure that each organization connection is created with a
unique local-global admin (that will not be deleted) and not with a master CSP account or a user admin which could later be deleted should that user be terminated.
Accepting 2 API Connections
In order to successfully connect with Microsoft, two popups must be accepted (Entra API and MS Graph API connections). Unfortunately, browsers will often block the second popup, it goes unnoticed and we have an incomplete Microsoft connection.
After accepting the first popup, look to the browser's URL bar on the right for the "popup blocked" message
Click on the link as shown in the image to launch the popup and accept
To prevent this issue in the future, select "Always Allow" and "Done"