Azure Active Directory Sync

Customers hosted on Office 365 may prefer to use Azure (Classic Portal only) Active Directory to sync users and groups to
Proofpoint Essentials. This will allow you to import:

• Active users (including both primary email address and user aliases)
• Distribution Groups
• Security groups

To proceed you will first need to create a custom application on your Microsoft Azure portal.

To create a custom application on Microsoft Azure:

1. Login to your Microsoft Azure portal as an admin user
2. Click on the name of your directory located in the Active Directory table
3. Click on Applications
4. Click on Add (located at the bottom of the interface)
5. Click on Add an application my organization is developing
6. Enter a name for the application (i.e., Proofpoint Essentials)
7. Ensure that Web Application and/or Web API is selected
8. Click on the Arrow
9. Enter your Proofpoint Essentials login domain into both the sign-on url field and app id uri fields (i.e.,
These fields are not required for the Azure Active Directory sync to function but are required. They can be updated later.
10. Click on the Checkmark
This will create your custom application and immediately launch the newly created application.
11. Click on Configure
Copy the Client ID value and store it in another temporary location.
12. Under the Keys section, click the Select duration drop-down list and choose 1 or 2 years
13. Click on Save (located at the bottom of the interface)The key will be required to create a connection on Proofpoint Essentials. The key will be displayed when you save
the change.
14. Copy the displayed key value
You won’t be able to retrieve it value once you leave this page.

Additional items to check when configuring:

Permissions to add:

App permissions: Read Directory Data

Delegated Permissions:
Read all users basic profiles
Read all groups
Read directory data

To configure Azure Active Directory connection settings:

1. Click on Company Settings
2. Click on Import Users
3. Click on Azure Active Directory
4. Choose the default privileges type for new users.
End User: Receive the quarantined digest and can login to the Proofpoint Essentials user interface.
Silent User: Receive the quarantine digest and are not granted access to login to the Proofpoint Essentials
user interface.
5. Enter the primary domain
This will be the primary domain associated with your Office 365 organization.
6. Enter the Client Id
This was the value generated when you created the custom web application.
7. Enter the key
This was they key generated when you created the custom web application.
8. Choose What to Sync

a. Active users
b. Distribution groups
c. Security groups

9. Choose How to Sync

a. Add users
b. Update users
c. Add groups
d. Update groups
e. Remove deleted users
f. Remove deleted groups

10. Choose When to Sync?

a. Sync frequency options:

i. Every hour
ii. Every 3 hours
iii. Every 6 hours
iv. Every 12 hours
v. Every 24 hours

11. Click on Save

Once you complete this step Proofpoint Essentials will connect and sync data from your Office 365 environment based on the frequency you chose. You may want to execute a manual sync to validate the data being returned.

To perform an ad-hoc Azure Active Directory sync:

1. Click on Users & Groups
2. Click on Azure Active Directory Sync
3. Choose What to Sync
4. Choose How to Sync
5. Click on Search
The results of the sync will be organized into categories. You should review the results and uncheck any selections returned. Be advised that the automatic sync does not allow manual intervention to take place.Make sure the preferences defined on the Azure Active Directory page are accurate.
6. Click on Execute

(3 vote(s))
This article was helpful
This article was not helpful

Comments (0)