Azure Active Directory Sync

Azure Active Directory Sync Guide:

Situation: You want to integrate Azure Active Directory with Spambrella to sync your user base.

Solution: Following the steps outlined below will allow you to configure and integrate Azure Active Directory with Spambrella:

  • Creating the custom Application in Azure.
  • Configuring Azure within Spambrella interface.
Azure Active Directory Sync

Please note:

  • These steps have been updated based for the current version of Azure
  • The account creating the credentials must be a Global Administrator.

Customers hosted on Office 365 may prefer to use Azure Active Directory to sync users and groups to Spambrella. This will allow you to import:

  • Active users (including both primary email address and user aliases)
  • Distribution Groups
  • Security groups

Step 1: Creating The Custom Application In Azure

  1. Login to your Microsoft Azure portal as an admin user through https://aad.portal.azure.com
  2. Navigate to Azure Active Directory > App Registrations > + New Application Registration.
  3. Enter a name for the application (i.e. Spambrella).
  4. Enter the appropriate Spambrella interface URL into the Sign-on url field (i.e. https://spambrella.cloud-protect.net).
  5. Click Register.

    You will now be able to view this app from the App Registrations view.

  6. Copy your Application ID for future use. This will be the CLIENT ID in Spambrella.

Permissions

  1. Navigate to (on the left hand side) API Permissions > + Add Permission > Supported legacy API’s – Azure Active Directory Graph.
  2. Ensure the following permissions are checked:
    • App Permissions:
      • Read Directory Data
    • Delegated Permissions:
      • Read all users’ basic profiles
      • Read all groups
      • Read directory data
  3. Select Grant consent.
  4. Navigate to Certificates and Secrets > + New Client Secret.
  5. Enter a Key Description.
  6. From the Expires dropdown, choose a duration, such as 1 year.
  7. Click Save.

    The Key value will be displayed when you save the changes. Copy down the key value, as you will NOT be able to retrieve it after leaving the page.

Step 2: Configuring Azure Within Spambrella Interface

After logging into your Spambrella interface (such as https://spambrella.cloud-protect.net):

  1. Navigate to Company Settings > Import Users > Azure Active Directory.
  2. Set the Default New User Role to either End User or Silent User. 
    1. End Users: Can login to the Spambrella Admin Console and receive Quarantine Digests.
    2. Silent Users: Do not have access to the Spambrella Admin console, nor do they receive Quarantine Digests by default, but can enabled.
  3. Enter the below information:
    1. Primary Domain: The Primary Domain associated with your Office 365 organization custom Azure web application.
    2. Client ID: The unique identifier which is generated with the creation of the web application.
    3. Key: The unique value which is generated with the creation of the web application.
  4. Choose What to Sync by checking/unchecking the following fields:
    • Active Users
    • Distribution Groups
    • Security Groups
  5. Choose How to Sync by checking/unchecking the following fields:
    1. Add Users: Creates new user accounts for newly synced active users.
    2. Update Users: Updates existing user accounts for previously synced mailboxes.
    3. Add Groups: Creates new groups/functional accounts for newly synced groups.
    4. Update Groups: Updates existing groups for previously synced groups.
    5. Remove Deleted Users: Removes user accounts for mailboxes that no longer exist.
    6. Remove Deleted Groups: Removes groups/functional accounts for groups that no longer exist.
  6. Choose When to Sync by selecting from the options under the Sync Frequency dropdown menu.
    • 1 hour
    • 3 hours
    • 6 hours
    • 12 hours
    • 24 hours
  7. Click Save at the bottom of the page. The page will refresh and a prompt will confirm that the settings have been saved.

Manual Sync

Once you complete the above steps, Spambrella will connect and sync data from your Office 365 environment based on the frequency you chose. You may want to execute a manual sync to validate the data being returned.

To perform an ad-hoc/manual Azure Active Directory sync:

  1. Navigate to Company Settings > Import Users > Azure Active Directory.
  2. Choose What to Sync (same as above).
  3. Choose How to Sync (same as above).
  4. Click Search Now.

    The results of the sync will be organized into categories. You should review the results and uncheck any changes you do not want to take effect.

    The automatic sync does not allow manual intervention to take place. Make sure the preferences defined on the Azure Active Directory page are accurate.

  5. Click Execute.

If you try to manually sync and encounter an error, check out our article Azure AD Permissions Error.