Enabling Azure Active Directory Synchronization for Office 365

Document created by user.oxriBaJeN4 Employee on Sep 3, 2015Last modified by user.Yo2IBgvWqr on Mar 23, 2018
Version 37Show Document
  • View in full screen mode

Azure_Replication_Workflow.pngIf you are using Office 365, or already synchronizing your On Premises Active Directory with Windows Azure Active Directory, we can automatically synchronize with Windows Azure to add and manage all your user, group, group membership, and user attributes. Once the service is activated, synchronization between Mimecast and Azure Active Directory occurs automatically at 8am, 1pm, and 11pm daily. This removes the administrative overhead of performing these tasks manually.

 

The Mimecast platform uses the Office 365 / Azure tenant name and a predefined Azure Active Directory application, to query the Windows Azure Graph API. The workflow is:

  1. User, user attribute, group, and group membership data is requested from the Windows Azure Active Directory.
  2. Windows Azure Active Directory returns the requested data, which is processed and committed to the Mimecast platform.

 

Considerations

 

 

What You'll Need

 

You'll need access to:

  • Your Windows Azure Management Portal for the Active Directory you want to synchronize with us.
  • The Mimecast Administration Console with edit permissions to the Services | Directory Synchronization functionality.

Creating an Azure Active Directory Application

 

To create an Azure Active Directory application, follow the Configuring an Azure Active Directory Application guide.

 

Adding a Directory Synchronization Connection

 

To add a directory synchronization connection:

  1. Log on to the Mimecast Administration Console.
  2. Click on the Administration toolbar button. A menu drop down is displayed.
  3. Click on the Services | Directory Synchronization menu item.
  4. Select the New Directory Connector button.
  5. Configure the dialog as follows:
    Field / OptionDescription
    DescriptionType a description to identify the connector.
    TypeSelect Office 365. This will reveal Windows Azure Active Directory specific settings.
    Client IDThis value needs to be the Client ID from the Windows Azure configuration. Enter the value collected in step 8 of the previous section.
    KeyThis value needs to be the Key from Windows Azure configuration. Enter the value collected in step 11 of the previous section.
    Tenant DomainAdd your Tenant Domain.
    • In the new Admin Center has a different URL that doesn't display the domain. To find this information navigate to the Setup | Domains menu item. The primary domain has (default) in parenthesis after the domain name.
    • In the old Admin Center, this information is found in the URL in the address bar of the Windows Azure Management Portal and is the domain name printed after this part of the URL - https://manage.windowsazure.com/.
    Acknowledge Disabled Accounts in Active DirectoryOptionally specify whether user accounts disabled Azure Active Active Directory should be disabled in the Mimecast platform.
    Optional Email Domains FilterOptionally list the domains the Directory Connector will synchronize with. These can be specified where:
    • There are multiple Directory Connectors, and where each Connector is dedicated to certain domains.
    • The account is part of an Advanced Account Administration setup.
    Entries must be comma separated. No spaces should be used.
  6. Select Save and Exit to create the connector.

 

Finalizing the Integration

 

To complete the directory integration, activate the automatic synchronization, and enable users to log on using Active Directory passwords:

  1. Click on the Administration toolbar menu item.
  2. Click on the Services | Applications menu item.
  3. Click on the Authentication Profiles button.
  4. Click on the Default Authentication Profile to enable you to change it.
  5. Select the Office 365 option in the Domain Authentication Mechanisms drop down.
  6. Click on the Save and Exit button.

 

Validating Your Directory Synchronizations

 

Once these steps are complete, we will synchronize with your Active Directory automatically three times per day, at 8am, 1pm, and 11pm. The synchronization timing is taken from the region your account is in (e.g. Europe, North America, South Africa, Australia). For the Europe region, timing is in GMT. For the North America region, timing is in EST.

 

To validate that your scheduled synchronizations are completing successfully, you can view the status of a directory connection:

  1. Log on to the Administration Console.
  2. Click on the Administration toolbar button. A menu drop down is displayed.
  3. Click on the Services | Directory Synchronization menu item.
  4. Click on the Sync Directory Data button to test the connection immediately.

 

See Also...

 

6 people found this helpful

Attachments

    Outcomes