About Microsoft Office 365
Microsoft Office 365 (Office 365) is a cloud-based solution from Microsoft which offers email, messaging, security, archiving and other capabilities delivered from Microsoft’s worldwide network of cloud data centers. For more information please see: https://products.office.com/en-us/business/office.
About Azure Active Directory
Azure Active Directory (Azure AD) is Microsoft’s cloud-based directory and identity management service. For more information please see: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-whatis
About Proofpoint Essentials Azure Sync Tool
Proofpoint Essentials Azure Sync Tool allows organizations hosted on Office 365 to import and/or synchronize users and groups from Office 365 directly to their account.
Please Note:
You must ensure all associated domains within your Office 365 are added to the Proofpoint console.
If not, you will see an error upon sync similar to the following:
“The following domain(s) ‘Domainproofpoint.com’ has been found that is not currently associated with your customer account. All domains associated with your Azure AD directory must be added in order to perform a sync.
Setup Azure Active Directory
CONFIGURE AZURE ACTIVE DIRECTORY
- Sign-In to the O365 365 Admin portal.
- Click on Admin centers > Azure Active Directory.
This will launch Azure Active Directory Admin Center
- Click on Azure Active Directory (either from Favorites or All Services / Identity)
- Click on New application registration
- Enter a value for Name (e.g.“Proofpoint Essentials”).
- Select Web app / API from the Application type drop-down.
- Enter your organizations login URL for Sign-on URL (e.g., “https://us2.proofpointessentials.com“)
- Click on Create.
| This will create your new Azure application. |
|---|
- Click on Settings.
- Click on Keys.
- Enter a value for Description (e.g.“Essentials Key”).
- Select appropriate option from Expires drop-down (recommended selection is “Never expires”).
- Click on Save.
- Copy key value that is displayed on the screen after saving and store in safe location you will be able to retrieve later.
- Click on Required Permissions.
- Click on Grant Permissions.
- Click on Yes.
- Click on Windows Azure Active Directory.
- Check the following check boxes:
- Under application permissions:
- Read directory data
- Read all hidden memberships
- Under delegated permissions
- Read directory data
- Read all users’ full profiles
- Read hidden memberships
- Under application permissions:
- Click on Save.
- Click on Properties.
- Copy Application ID value and store in safe location you will be able to retrieve later.
| For more information please refer to: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications |
|---|
CONFIGURE PROOFPOINT ESSENTIALS
- Sign-in to the Proofpoint Essentials user interface.
- Click on Company Settings followed by Azure Active Directory.
- Select default role from drop-down.
| A silent user will receive a quarantine digest report but will be unable to login to the user interface.
An end user will receive a quarantine digest report and will receive a welcome email from Proofpoint to login to the user interface. |
|---|
- Users can authenticate with Proofpoint Essentials with their Office 365 credentials. To disable this option check disable login with O365 credentials.
- Enter the primary domain associated with your Office 365 account.
- Paste the Application ID you copied from Azure configuration steps (step 14).
- Paste the Key you copied from Azure configuration steps (step 12).
- Choose what types of accounts you wish to sync.
- Choose how you want to sync accounts.
- Choose the frequency which to sync accounts.
- Click on Save.
- Click on Search Now.
- Verify the user and group objects that were identified in your Azure AD account.
- Click on Sync Active Directory.
Azure Active Directory Sync Summary
The Azure Active Directory Sync summary page allows you to view all changes related to your current Essentials account and your Office 365 account. You can use this summary page to:
- Verify user and group sync connection
- Verify user and group sync counts
- Identify accounts for sync exemption
| Section | Description |
|---|---|
| Adding | This table will display all user objects that will be added to your Essentials account. |
| Updating | This table will display all user objects that will be updated on your Essentials account. |
| Disabling | This table will display all user objects that will be disabled on your Essentials account. |
| Deleting | This table will display all user objects that will be deleted from your Essentials account. |
| Exempt from sync | This table will display all user objects that have been identified as exempt from changes due to a sync. |
Sync Exemption
You may need to identify a user or functional account to be exempt from sync.
For example: You may wish to convert a user account to a functional account in Essentials. Yet, when you perform the sync, Azure AD will force the it back to a user account. You can choose to exempt these accounts from the sync process and therefore preserve the Essentials setting.
ADDING A USER ACCOUNT FOR EXEMPTION
- While on the Azure Active Directory Sync Summary page, expand the Adding or Updating table.
- Check the checkbox next to the object(s) you wish to exempt.
- Click on Exempt Selected.
| The object will be removed from the selected table and be moved to Exempt from sync table. It will no longer be subject to Azure AD changes. |
|---|
REMOVING A USER ACCOUNT FROM EXEMPTION
- While on the Azure Active Directory Sync Summary page, expand the Exempt from sync table.
- Identify the object you wish to remove from exemption,.
- Click on Add to Sync.
| The object will be removed from the exemption table and no longer be exempt from Azure AD changes. |
|---|