Scenario:


The following steps should be taken if one would like to setup modusCloud with Azure AD and synchronize the user accounts according to license, active users, or disabled account. It also provides the option for Office 365 central authentication.



Configure a Custom Application on Azure:


Follow these steps to create an Azure application which will be used as part of the synchronization.



1- Login to your Microsoft Azure portal as an administrator user through https://aad.portal.azure.com.


2- Click on Azure Active Directory on the left side panel and click on App Registrations and then click on New Registration.



4- In the fields displayed, enter a name in the Name field (i.e. ProofPoint).

 

5- Select the option Accounts in this organizational directory only "Company inc" Only - Single Tenant.

 

6- Under Redirect URI, select Web in the drop down menu and enter the following Sign-On URL (https://moduscloud.cloud-protect.net).

 

7- Click on Register to complete the APP Registration.



8- Copy the Application ID displayed into notepad and click the Settings tab.

 

  

9- Click on API Permissions Then click on Add a Permission.

 

  

10- Select API Permissions and select Microsoft Graph.

 

 

11- Select Delegated Permissions.



12- Ensure that the following permissions have been applied under Delegated Permissions.


 

13- Next click on Application Permission.


 

14- Ensure that the following permissions have been applied under Application Permission Then click Add Permissions.


 


15- Click the Grant admin consent for Company button followed by clicking Yes to confirm.



16- Finally select Certificates & Secrets and click on the New client secret button under Client Secrets.

 

  

17- Enter a description name and select Never for the expire date and click Add.

 

 

18- Copy the displayed Secret Key into notepad.


 

Configure ProofPoint to Deploy with Azure:


Now that the Azure process has been configured, we now need to configure ProofPoint synchronization. 



1- login to our ProofPoint portal via our US or EU site, pending on where the domain is registered.

 

2- Select the options User Management - Azure Directory Sync to display the Azure Sync.

 


3- In the fields displayed, enter the domain address and paste in the Application ID and the Secret Key copied from the steps above.

 

 

4- Scroll down to the bottom and ensure Sync Frequency is set to Never and click Save and then click Search Now.

 


5- At this point you will be displayed with a report to which you can verify and exclude users.


6- When it has been reviewed, click the Sync Active Directory button to import users.


7- You can now proceed to STEP 3 - How to Bypass O365 Scanning  


 

8- Once you've tested flow, don't forget to change the sync frequency to something you can live with.  Usually synchronization with Azure AD every 3 hours should suffice although it really depends on how often you make changes with your users.


IMPORTANT: Once the domain has been Sync, you MUST wait 60 minutes before the domain is available for routing inbound and outbound.