Connect Application: Enabling Azure Active Directory Synchronization for Office 365 / Hybrid Exchange

Document created by user.oxriBaJeN4 Employee on Apr 14, 2016Last modified by user.oxriBaJeN4 Employee on Oct 8, 2018
Version 22Show Document
  • View in full screen mode

If you are using Office 365 or a Hybrid Exchange with Windows Azure Active Directory, we can automatically synchronize with Windows Azure to add and manage all of your user, group, and group membership attributes. This has the following benefits:

  • The administrative overhead of performing these tasks is removed.
  • End users can use their primary email address and Active Directory password to sign in to Mimecast applications.
    Passwords are not synchronized using this feature. To allow users to log in to Mimecast applications using their Office 365 / Windows Azure credentials, configure Office 365 domain authentication or SAML authentication using Windows Azure Active Directory as an identity provider.

What You'll Need


  • Access to your Windows Azure management portal for the Active Directory you would like to synchronize with us.
  • Administrative access to the Mimecast Connect Application and Administration Console.


Enabling Azure Active Directory Synchronization


To enable Azure Active Directory Synchronization:

  1. Azure SynchronizationLog on to the Connect Application.
  2. Click on the Platform | Synchronize Your Directory menu item.
  3. Click on the Start button next to the "Task Steps for Azure Active Directory" section. A list of steps to be performed externally from the Connect Application is displayed. These are:
    • Creating an Azure Active Directory application.
    • Generating an application access key.
    • Adding appropriate permissions to the application.
    • Determining your Azure Active Directory tenant domain.
    These steps must be completed before continuing. View the Configuring an Azure Active Directory Application page for full configuration details.
  4. Click on the Next button. The Enter Your Directory Synchronization Details dialog is displayed.
  5. Complete the dialog, using the settings noted from your previously configured Azure Active Directory application:
    Application IDEnter the value noted from step 8 of the Azure Active Directory Application guide.
    KeyEnter the value noted from step 12 of the Azure Active Directory Application guide.
    Tenant Domain

    To determine the tenant domain, hover over the user profile in the top right corner.

  6. Click the Synchronize button.


Whilst the Azure Active Directory connection is validated by Mimecast, a validation page is displayed. Once complete, a summary page is displayed listing your directory synchronization details. You can also see validated connections via the Administration Console:

  1. Log on to the Mimecast Administration Console.
  2. Click the Services | Directory Synchronization menu item. All validated connections are listed.


Directory Synchronization Timings


We'll automatically trigger a synchronization of your Active Directory at 8am, 1pm, and 11pm daily, with the timings taken from the Mimecast region where your account is held (e.g. Europe, North America, South Africa, Australia). For the Europe region, the timing is in the GMT timezone. For the North America region, the timing is in the EST timezone. If you're located in a different region or timezone than your Mimecast account, this means the synchronization timings won't be in your timezone. For example, if your Mimecast account is:

  • Located in the US region, but you're located in the Pacific Time Zone.
  • Located in the Europe region, but you're located in Germany.


Whilst a synchronization is automatically triggered at set times, there are a number of factors that control when you can see its results. These include the:

  • Size of your Active Directory
  • Number of changes
  • Server load


See Also...


1 person found this helpful