The following steps should be taken if one would like to setup ProofPoint Essentials with Azure AD and synchronize the user accounts according to license, active users, or disabled account. It also provides the option for Office 365 central authentication.
Configure a Custom Application on Azure:
Follow these steps to create an Azure application which will be used as part of the synchronization.
1- Login to your Microsoft Azure portal as an administrator user through https://aad.portal.azure.com.
2- Click on Azure Active Directory on the left side panel and click on App Registrations and then click on New Registration.
4- In the fields displayed, enter a name in the Name field (i.e. ProofPoint).
5- Select the option Accounts in this organizational directory only "Company inc" Only - Single Tenant.
6- Under Redirect URI, select Web in the drop down menu and enter the following Sign-On URL (https://moduscloud.cloud-protect.net).
7- Click on Register to complete the APP Registration.
8- Copy the Application ID displayed into notepad and click the Settings tab.
9- Click on API Permissions Then click on Add a Permission.
10- Select API Permissions and select Microsoft Graph.
11- Select Delegated Permissions.
12- Ensure that the following permissions have been applied under Delegated Permissions.
13- Next click on Application Permission.
14- Ensure that the following permissions have been applied under Application Permission Then click Add Permissions.
15- Click the Grant admin consent for Company button followed by clicking Yes to confirm.
16- Finally select Certificates & Secrets and click on the New client secret button under Client Secrets.
17- Enter a description name and select 2 years for the expire date and click Add.
18- Copy the displayed Value Key into notepad.
Configure ProofPoint to Deploy with Azure:
Now that the Azure process has been configured, we now need to configure ProofPoint synchronization.
2- Select the options User Management - Azure Directory Sync to display the Azure Sync.
- If you wish to provide your employee's the ability to login to ProofPoint Esstentials select End User under default role, if not then select the Silent option.
3- In the fields displayed, enter the domain address and paste in the Application ID and the Secret Value Key copied from the steps above.
4- Scroll down to the bottom and ensure Sync Frequency is set to 1 hour and click Save & Run Sync Now.
5- At this point you will be displayed with a report to which you can verify and exclude users.
6- When it has been reviewed, click the Sync Active Directory button to import users.
7- You can now proceed to STEP 3 - How to Bypass O365 Scanning
IMPORTANT: Once the domain has been Sync, you MUST wait 60 minutes before the domain is available for routing inbound and outbound.