Automatically sync your Azure AD security and Office 365, with Microsoft Flow.

Managing the applications and data that your employees have access to, is essential for protecting your business against data breaches and other security exploits. 

If you’re an Office 365 user, then you’ll already have access to all the advanced security features and settings you need to keep your business secure. However, Microsoft also makes it easier to achieve best-in-class, enterprise-grade security, by providing all the apps you need to automate key security tasks. 

In this article, I’ll show you how to setup an automatic sync between your Azure Active Directory (AD) security groups and your Office 365 groups. 

By the end of this article, you’ll have implemented a Microsoft Flow workflow that syncs all of your Azure security settings to your Office 365 groups, so you can be confident that everyone is using your company’s very latest security settings.

Azure AD and Office 365 groups: What’s the difference? 

Although this workflow synchronizes an Azure AD and an Office 365 group, there are some key differences between the two:

1. Azure Active Directory 

You can use Azure AD security groups to manage access to your cloud-based and on-premise apps, alongside a host of other resources. 

When you add employees to an Azure AD security group, you can adjust the permissions for that entire group simultaneously, rather than having to modify each employee’s access individually. 

By adjusting security settings en-masse, you can save your staff a tonne of time. For example, a resource owner can assign a resource to an entire group, and all members of that group will instantly have access to the resource in question - far more efficient than assigning that resource to every single employee manually! 

In addition, every time you add a new member to a security group, they’ll automatically inherit all the security settings for that particular group, potentially saving you even more time. 

Azure AD security groups also help you avoid many of the inconsistencies and errors that can make your business susceptible to data breaches, and other security vulnerabilities. When you need to revoke each employee’s permissions individually, it becomes easy to overlook one or more employees, which can result in your workforce having access to data and applications without your knowledge, or permission. 

Even if your employees are completely trustworthy, they’re still one of the biggest security threats facing your business. There’s countless ways that an employee can accidentally leak your confidential corporate data, for example they might store that data on an insecure personal smartphone or tablet, which is then lost or stolen - or your trustworthy employee might become a disgruntled ex-employee! 

To help keep your business safe, you need to know exactly what applications and data each employee has access to. Employees with unknown access to confidential data and applications, pose a huge security threat to your business. 

2. Office 365

Office 365 groups help your staff collaborate more effectively, by providing access to a shared inbox, calendar, SharePoint document library, a OneNote notebook, a Yammer group, and more. When you create a group, all of these resources are created for you automatically, so your group can start collaborating straight away. And, whenever you add a new member to a group, they’ll automatically inherit all the permissions required to access this group’s shared tools and resources! 

Before we begin: Retrieving your ObjectIDs

In order to setup this automatic sync, you’ll need the ObjectID for your Azure AD security group and Office 365 group. 

Before we start working on our Microsoft Flow workflow, let’s make sure we have access to these two crucial pieces of information. 

1. SourceGroupID

This is the ObjectID for the Azure AD security group that you want to sync with Office 365. 

Your Office 365 admin can retrieve the ObjectID from Azure AD: 

● Log into Azure AD

● In the left-hand menu, select “Groups.” 

● The subsequent screen should display information about all of your groups. Find the Azure AD security group that you want to use as the source of your sync, and give it a click.

The Object Id value should now be visible onscreen. Make a note of this information, as you’ll be using it to create your Flow workflow.

2. TargetGroupID

This is the ObjectID of the Office 365 group that should be on the receiving end of the Azure AD
security group sync. Once again, your admin can retrieve this information from Azure AD:

● Log into Azure AD.

● Select “Groups” from the left-hand menu.

● Find the Office 365 group that you want to use in your sync, and give it a click.

This screen contains the ObjectID for this particular group; make a note of this information.

Time to create your workflow

You’re now ready to create a Flow that automatically syncs your Azure AD group with your Office 365 group. 

The easiest way to setup this sync, is to use one of Microsoft’s ready-made Flow templates: 

● Head over to the Microsoft Flow application. 

● Click the “Sign in” button in the upper-right corner and enter your Microsoft username and password. 

● In Microsoft Flow’s left-hand menu, select “Templates.” 

● In the search bar, start typing “Synchronize an Azure AD Group with an Office 365 Group on a recurring basis” and then select this template when it appears.

● If prompted, enter your Office 365 Groups, Notifications, Approvals and Azure AD login details, and then click “Continue.” You should now be able to edit this template’s workflow.

● The first box we need to edit, is “Recurrence” as this allows us to specify how often this workflow should run. For example, if you wanted the workflow to run once every hour, then you’d need to enter “1” into the “Interval” field and “Hour” into the “Frequency” field. Alternatively, you can click “Show Advanced Options” and specify an exact start time and time zone, for example you might want this workflow to run at 8.50am every morning.

● In the “SourceGroupID” box you’ll need to enter the ObjectId for your Azure AD security group. Copy/paste the ObjectID into this box’s “Value” field.

● In the “TargetGroupID” box, find the “Value” field and enter the ObjectID for your Office 365 group.
● Next, move onto the “ApproverOwnerUPN” box, and enter the UPN of the person who’ll need to approve members being removed from the group. The easiest way to locate a user’s UPN value, is to log into the Microsoft 365 admin center, and in the left-hand menu select “Users > Active users.” Each user’s UPN is displayed in the “Username” column. Copy/paste this information into the workflow’s “ApproveOwnerUPN > Value” field.

There’s plenty of scope to further customize this Flow, but this is all that’s needed to get the workflow up and running! If you’re happy with the information you’ve entered, then click “Save” and all of the settings from your Azure AD security group will now be synced with Office 365 on the schedule set by you. 

Want more free Microsoft Flow tutorials? 

Microsoft Flow is a powerful and versatile application that you can use to automate a wide range of repetitive and time-consuming tasks. 

Interested in saving even more time, with automatic workflows? You can check out some of our other Microsoft Flow tutorials: 

Send a Working From Home email to your manager, with the tap of a button

Automate your employee onboarding, with Microsoft Flow

Build a custom vacation request and approval platform

Automatically track your business expenses with Excel Online and OneDrive

We offer unlimited access to Microsoft Flow automation as part of our Office 365 packages. 


Claim Your One Month FREE Trial of Microsoft 365 E5 Today.

Speak to a member of our team today 0114 292 2911 or email sales@systemsassurance.com if you need any assistance.

Share this article on social media

If you found this article useful, please share it on social media. 

Subscribe to our blog...

We will only use your email to send you new blog posts.