This guide describes how to configure an Azure Active Directory Application. This is required when you're synchronizing your Office 365 or Hybrid Exchange with Windows Azure Active Directory, to automatically add and manage all of your user, group, and group membership attributes.
What You'll Need
- Access to your Windows Azure management portal for the Active Directory you would like to synchronize with us.
Creating an Azure Active Directory Application
To create a Windows Azure Active Directory application:
- Log on to the Office 365 Admin Center.
- Click on the Admin Centers | Azure Active Directory drop down menu item.
- Click on All Services | App Registrations menu item.
- Click on the + New Application Registration button at the top of the screen to start a guided wizard.
- Specify the options as follows:
Field / Option Comments Name
Specify a name for the application (e.g. Mimecast Directory Synchronization).
Select "Web app / API".
Optionally, specify a sign-on URL, ensuring you use a "http://" or "https://" prefix as per Microsoft’s requirements (e.g. "https://localhost"). Not specifying a URL doesn't affect your configuration.When enabling Azure Active Directory Synchronization for Office 365, do not specify portal.office.com as this will cause problems accessing Office 365.
- Click on the Create button at the bottom of the section.
- Select the newly created App from the list. Ensure that All Apps is selected from the drop down menu next to the search field.
- Make a note of the Application ID value. It will be required when you're creating your Directory Synchronization Connection.
- Click on the Settings link. The Settings menu displays.
- Click on the Keys tab to create an application key.See the "Get Application ID and Authentication Key" section of the Create Identity for Azure App in Portal page in the Microsoft Azure documentation for more information.
In the Passwords section:
- Enter a name in the Description field no longer than 16 characters long (e.g. "Mimecast AD Sync").
- Select Never Expires from the Expires drop down menu.
If you select an key expiration other than "Never Expire", and don't create a directory synchronization connection before it expires, another key must be created.
- Click on the Save button. This application key displays.
- Make a note of the key value before closing the section. It is required when creating your Directory Synchronization in the Connect Application.
- Click on the Required Permissions tab from the Settings menu.
- Ensure the following Application Permissions are selected under Enable Access:
- Windows Azure Active Directory API: Read directory data
- Microsoft Graph Azure API: Read all users' full profiles
- Click on the Save button at the top of the page.
- Click on
- All users in the tenant are delegated the required permissions.