Configuring an Azure Active Directory Application

Document created by user.Yo2IBgvWqr Employee on Mar 8, 2018Last modified by user.Yo2IBgvWqr Employee on Apr 2, 2019
Version 13Show Document
  • View in full screen mode

This guide describes how to configure an Azure Active Directory Application. This is required when you're synchronizing your Office 365 or Hybrid Exchange with Windows Azure Active Directory, to automatically add and manage all of your user, group, and group membership attributes.


What You'll Need


  • Access to your Windows Azure management portal for the Active Directory you would like to synchronize with us.
For detailed, but non-Mimecast specific, instructions on creating a Windows Azure Active Directory application, read the "How to Configure Your App Service Application to use Azure Active Directory Login" page on the Windows Azure website.

Creating an Azure Active Directory Application


To create a Windows Azure Active Directory application:

  1. Log on to the Office 365 Admin Center.
  2. Click on the Admin Centers | Azure Active Directory drop down menu item.
  3. Click on All Services | App Registrations menu item.
  4. Click on the + New Application Registration button at the top of the screen to start a guided wizard.
  5. Specify the options as follows:
    Field / OptionComments

    Specify a name for the application (e.g. Mimecast Directory Synchronization).

    Application Type

    Select "Web app / API".

    Sign-on URL

    Specify an arbitrary URL, ensuring you use a "http://" or "https://" prefix as per Microsoft’s requirements (e.g. ""). You must enter a URL in this field to continue configuration.

    When enabling Azure Active Directory Synchronization for Office 365, do not specify as this will cause problems accessing Office 365.
  6. Click on the Create button at the bottom of the section.
  7. Select the newly created App from the list. Ensure that All Apps is selected from the drop down menu next to the search field.
  8. Mimecast Directory SynchronizationMake a note of the Application ID value. It will be required when you're creating your Directory Synchronization Connection.
  9. Click on the Settings link. The Settings menu displays.
  10. Click on the Keys tab to create an application key.
    See the "Get Application ID and Authentication Key" section of the Create Identity for Azure App in Portal page in the Microsoft Azure documentation for more information.
  11. In the Passwords section:

    1. Enter a name in the Description field no longer than 16 characters long (e.g. "Mimecast AD Sync").
    2. Select Never Expires from the Expires drop down menu.

      If you select an key expiration other than "Never Expire", and don't create a directory synchronization connection before it expires, another key must be created.

    3. Click on the Save button. This application key displays.
  12. Make a note of the key value before closing the section. It is required when creating your Directory Synchronization in the Connect Application.
    The symmetric key that is generated by the Azure app is only valid for one year. To continue working with your Mimecast LDAP and Microsoft Azure integration after this time, you must re-issue a new key for the app. View the Renew the symmetric key in Azure guide on the Microsoft site for more information.
    Azure AD Application Key
  13. Click on the Required Permissions tab from the Settings menu.
  14. Ensure the following Application Permissions are selected under Enable Access:
    • Windows Azure Active Directory API: Read directory data
    • Microsoft Graph Azure API: Read all users' full profiles
  15. Click on the Save button at the top of the page.
  16. Click on Grant Permissions button.
  17. Click on Yes. All users in the tenant are delegated the required permissions.

Azure AD Required Permissions


See Also...


1 person found this helpful