Microsoft 365 Synchronization
Menu Path: Settings > Inbound Provisioning > Microsoft365
Table of Contents
- Overview
- Synchronization Target Settings
- Setting Path Display Reference Group
- Automatic Synchronization
- Manual Synchronization
- Microsoft account linking process
- Cautions
Overview
Synchronize users and groups registered in Microsoft 365 (Azure Active Directory) with the Security365 management center. You can choose to synchronize either the entire directory or only specified AD groups.
**Reference:**You can only enable one inbound provisioning method. When Microsoft 365 synchronization is enabled, other methods (SCI Server, local Active Directory, CSV directory synchronization) will be disabled.
**Preconditions:**You must have a Microsoft 365 account with administrator privileges to set up the integration.
Synchronization Target Settings
Select the range to synchronize.
Full Synchronization
Synchronize all AD groups and associated users of Microsoft 365.
- You can manually select the path display reference group (when the checkbox is activated).
**Caution:**When selecting full synchronization, all groups and users registered in Microsoft 365 will be reflected in the admin center. Please check in advance to ensure that unnecessary users are not included.
Synchronization of designated AD groups
Synchronize only the selected specific AD group and the users belonging to that group.
AD 그룹 관리of[그룹 선택]Select the group to synchronize by clicking the button.[구성원 보기]You can check the subgroups and member information of the group selected by the button.- It will be synchronized along with the subgroups.
[확인]Click the button to check the information of the selected group.- bottom
[저장]Click the button to apply the settings.
**Caution:**If you switch to the specified AD group synchronization method, data from groups that were previously synchronized but are not selected may be deleted. Be sure to check the impact scope before the switch.
Reference:Types of groups supported in Microsoft 365 areSecurity GroupandMail GroupIt is. Other group types (such as Microsoft 365 groups) are excluded from the synchronization target.
Reference:
사용자,그룹User and group information manually entered in the menu will not be deleted due to synchronization.
Setting Path Display Reference Group
Specifies the group that serves as the reference when displaying the affiliation path of synchronized users in logs and on the screen.
| Synchronization Method | How to Set Up Path Display Reference Group |
|---|---|
| Full Synchronization | Activate checkbox and manually select from dropdown (1 top-level root group) |
| Synchronization of designated AD groups | Groups selected as synchronization targets are automatically set as the top-level root group. |
**Caution:**If the reference group is set incorrectly, the group path of some users may not be displayed in the logs.
Automatic Synchronization
| item | Description |
|---|---|
| Automatic Synchronization of Microsoft Account | Use / Do not use selection |
| Synchronization Period | Set the time (hour/minute) to run daily when using automatic synchronization. |
- If automatic synchronization is not used,**[Manual Synchronization]**You can press the button to synchronize immediately.
- When using automatic synchronization, synchronization will automatically occur at the set time every day.
- Even during automatic synchronization**[Manual Synchronization]**You can execute it immediately by pressing the button.
Manual Synchronization
After saving the settings, in the inbound provisioning list screen on the Microsoft365 card**[Manual Synchronization]**Clicking the button will immediately execute the synchronization.
- After synchronization is complete, the success/failure status and completion time will be displayed.
**Caution:**Duplicate execution is not possible while synchronization is in progress.
Microsoft account linking process
After bringing users in with Microsoft 365 synchronization, Microsoft account login must be enabled in the authentication settings for the user to log in with a Microsoft account.
If you signed up manually without using Microsoft:
| Synchronization Method | Integration Method |
|---|---|
| Full Synchronization | [수동 동기화]Link your Microsoft account with a button. |
| Synchronization of designated AD groups | [AD 그룹 관리]Link your Microsoft account with a button. |
After logging in with a Microsoft account that has administrator privileges and receiving delegation, a successful linkage notification will be displayed.
**Caution:**After successful account linking,
설정 > 사용자 인증inSecurity365 인증 사용andCSP 인증 사용 > Microsoft 계정 인증You need to activate it for existing administrators to log in with a manual account.
Cautions
- You must have an account with Microsoft 365 admin privileges to set up the integration.
- Delegated permissions required in Azure AD must be completed.
- Even if you directly modify synchronized user information in the management center, it will be overwritten with the original information from Microsoft 365 during the next synchronization. If permanent changes are needed, please make the modifications in Microsoft 365 first.
- Changing the group selection in the specified AD group synchronization method may affect the previously synchronized user/group data.
- If synchronization fails, check the network connection status and Microsoft 365 integration settings.
- If there are missing users, check if the user is included in the selected group.
- Only one inbound provisioning method can be activated, and if another method is already activated, it must be used after switching.