Azure AD: Getting Started - Knowledge Base

Overview

Syncro’s Azure AD integration feature enables Managed Service Providers (MSPs) to streamline their operations and provide better service to their clients by syncing data from Azure Active Directory (AD) Users to Syncro Contacts.

• Benefits
• Before You Start
• How It Works
• Installation and Configuration
• Microsoft License Type and Billing
• Security Audits
• Required API Key Permissions
• Q & A

Benefits

• Streamlined Contact Information: Keep all client contact information perfectly synced ensuring accurate and up-to-date records.
• Automated Client Billing: Automate client billing based on their Microsoft License type using the Customer Contact.
• Saving Clients Money: Lower your clients’ Microsoft bills by finding unused Microsoft licenses.
• Audit Client Security: Quickly find clients who have low Microsoft Secure Scores or don’t have MFA turned on.

Before You Start

Before getting started, it’s very important to make sure that your Azure AD database is up to date. Syncro treats Azure AD as the source of truth, so the integration will overwrite data stored in Syncro with the data stored in Azure AD. If the field in Azure AD has no value, no overwrite will take place.

How it Works

1. Connect Azure AD to Syncro: Easily link a Syncro Customer to their Azure AD instance, allowing seamless data transfer between the two platforms.
2. Map Contacts to Azure AD Users: Effortlessly map Azure AD Users to corresponding Syncro Contacts, ensuring accurate data alignment. The feature maps Azure AD Users to corresponding Syncro Contacts based on unique email addresses, considering fields such as email address, name, phone number, and job title for automatic mapping.
3. Sync Data from Azure AD to Syncro: Maintain Azure AD as the source of truth for Contact Information. Any changes made to fields like email addresses or names in Azure AD will automatically update in Syncro. Sync custom fields between Azure AD User and Syncro Contact for streamlined data synchronization.

Installation and Configuration

Detailed steps for installation of the integration are:

1. Go to the Azure AD App Card.
2. Click “Add a Syncro API Key for your Azure Integration”.
3. Enter your subdomain and API Key. If you haven’t created an API Key yet, go to Admin > API Tokens, click “New Token” and create an API Token with the following permissions: Contacts All, Customers All, Documentation All.
4. For each Customer, you’ll need access to their Azure portal. Log into it and navigate to Microsoft Azure and copy the Tenant ID to clipboard.
5. In the table in the App Card, click “Connect Azure AD” for the Customer you want to connect to Azure AD.
6. Paste the Tenant ID and authenticate with Azure AD.
7. Repeat steps 4-6 for each Customer you want to connect to Azure AD.

The following Custom Fields are automatically created when setting up the integration:

• Customer Custom Fields:
  • microsoft_secure_score (text)
  • azure_licensed_user_count (text)
  • azure_active_user_count (text)
• Contact Custom Fields:
  • azure_license (dropdown) with answers:
    • Microsoft 365 Business Basic
    • Microsoft 365 Apps for Business
    • Microsoft 365 Business Standard
    • Microsoft 365 Business Premium
  • azure_mfa_status
    • Denotes whether MFA is enabled or disabled
  • azure_mfa_methods
    • Indicates what type of MFA is enabled
  • azure_last_activity
    • Displays the last time this Azure User used their account (logged in, used Excel, etc)

You can manually trigger a sync by clicking “Modify Connection” for that Customer and clicking “Run Jobs”. Otherwise, it will automatically sync Daily at 1:00 AM Pacific.

The system maps Azure AD Users to Syncro Contacts by unique email address. If you change the email address in one place or the other, it will break the mapping for that Contact. If a Contact does not exist in Syncro for an Azure AD User, one will be automatically created.

The following fields are synced from Azure AD to Syncro Contacts:

• Name
• Address1
• Address2
• City
• State
• Zip
• Business Phone
• Mobile Phone
• Job Title

If they exist in an Azure AD User they will overwrite what is in a Syncro Contact and be kept up to date going forward. If they are blank in the Azure AD User, but exist in a Syncro Contact, it will not overwrite what’s in Syncro.

Microsoft License Type and Billing

The integration creates a dropdown Custom Field on the Contact called “azure_license” which pulls the license type from the Azure AD User. It can have one of the four values that follow:

1. Microsoft 365 Business Basic
2. Microsoft 365 Apps for Business
3. Microsoft 365 Business Standard
4. Microsoft 365 Business Premium

If the Azure AD User has more than one of these licenses, the one with the higher number will be displayed.

By having this field, MSPs can automatically bill based on how many licenses a client has using the Contact Custom Field dynamic line item counter in Syncro’s Recurring Invoice module.

Additionally, the integration syncs over Customer Custom Fields for azure_licensed_user_count and azure_active_user_count. By viewing any discrepancy between these two fields, MSPs can save money for their clients by removing unused Azure licenses.

Security Audits

The integration fetches Microsoft Secure Score from Azure AD, giving MSPs an idea of how secure their client’s Azure instance is and indicating whether they need to implement new security policies.

Required API Key Permissions for Azure AD Token

• Customers - All
• Contacts - All
• Documentation - All

Q & A

• The ‘azure_last_activity’ field isn’t populating. What causes this?
  • In order to have the azure_last_activity field populate, you have to change a setting in the Azure Instance for the client, per these instructions: Microsoft 365 reports show anonymous instead of actual user names - Microsoft 365 | Microsoft Learn