Setting up Microsoft 365 synchronisation

Import your users and groups to usecure automatically with Microsoft 365 synchronisation.

Micke Ahola avatar
Written by Micke Ahola
Updated this week

Setting up Microsoft 365 synchronisation allows you to easily import your users and groups to usecure directly from your Microsoft 365 directory, and to keep your users and groups automatically up to date on the usecure app. 

To set up M365 synchronisation, you will need to:

How to authenticate your M365 account in usecure

To start setting up your Microsoft 365 synchronisation, head to the Microsoft 365 Settings page inside your usecure app.

If you haven't run through the Microsoft 365 usecure setup process before, you will be prompted to start the setup on the Microsoft 365 settings page.

You will need to have the right privileges within M365 to authorise synchronisation.

Click the Sign in with Microsoft button to start the setup process.

You will be prompted to select between Application Permissions or Delegated Permissions authentication.

Application Permissions allows the sync to run as a background service without the need for a delegated user. Delegated Permissions relies on a delegated user i.e. the MS account used to authorise the sync. We recommend Applications Permissions as it is more reliable and is Microsoft's intended solution for integrations like this.

You will then be prompted to sign in to your Microsoft account and allow usecure to access user and group data using the authentication type you selected.

Click Accept.

How to set up automatic AD synchronisation

Step One - Starting The Setup Wizard

The usecure Microsoft 365 synchronisation setup wizard will now start. You will see an introduction page to let you know which options you will be able to configure.

Click Start on the bottom right to proceed.

Step Two - Automatic sync options

On the second page of the setup wizard, you will be able to choose whether you want the Microsoft 365 sync to run automatically. If you choose the sync to not run automatically, you will need to perform manual synchronisations to import users and groups from Microsoft 365 into usecure.

Once you have chosen whether you want syncs to run automatically, click Next on the bottom right to proceed.

Step Three - Choose your User Email Method

In the third step you will be able to choose how the Microsoft 365 sync establishes a user's email address from their AD data.

"User Principal Name Only" is the default method and should work well for most M365 tenants. We would recommend using this approach on your initial setup.

Step Four - Choose whether to include groups

On the fourth page you will be able to choose whether you want to include groups in your Microsoft 365 syncs. If you choose not to include groups, only users will be imported without any group data.

Step Five - Choose whether to select groups manually

You will now be able to choose whether to only import users from certain groups in your Microsoft 365 directory. If you select No, users from all groups will be synced.

Step Six - Choose whether to map groups

You may already have a group structure in the usecure app that doesn't mirror your group structure in Microsoft 365. If so, you can use this step to begin group mapping, which will allow you to map groups from M365 into your existing group configuration on the usecure app.

Step Seven - Choose which types of groups to import

Microsoft 365 supports two types of groups: Microsoft 365 and Security. In this step, you can choose whether to import one or both types of groups from your directory.

Step Eight - Configure your groups

In this step you will be able to choose which groups to include in syncs. If you chose to enable group mapping, you will also see an option to map groups from Microsoft 365 into existing groups in your usecure app.

Step Nine - Exclude Unlicensed Users

You can exclude unlicensed users from the sync during this step. This can be useful for excluding shared mailbox users if they lack any product licenses.

Step Ten - Choose whether to import managers

You can choose whether you want to import assigned managers for each user into usecure. These will show on the Users page as Direct Managers.

Step Eleven - Configure your user email deny list

You may have users in your Microsoft 365 directory who you wish not to import to the usecure app. You can add their email addresses to this email deny list to ensure that they won't be included in any future syncs.

Step Twelve - Test your synchronisation

The setup wizard will now prompt you to test your Microsoft 365 synchronisation. This test sync will show you what data a synchronisation will find and synchronise without importing any data to the usecure app yet. The Test Sync emails the results of the sync to the address you've signed in with.

Step Thirteen - Complete your Microsoft 365 setup

Your Microsoft 365 synchronisation setup is now complete. If you enabled automatic synchronisation your chosen users and groups will automatically be imported to the usecure app within the next 24 hours. If you chose to not enable automatic synchronisation, you will need to run a Manual Sync to import your users and groups.


Next steps

Did this answer your question?