Automatically sync your Azure AD security and Office 365, with Microsoft Flow.Managing the applications and data that your employees have access to, is essential for protecting your business against data breaches and other security exploits. If you’re an Office 365 user, then you’ll already have access to all the advanced security features and settings you need… Read More
Automatically sync your Azure AD security and Office 365, with Microsoft Flow.
Managing the applications and data that your employees have access to, is essential for protecting your business against data breaches and other security exploits.
If you’re an Office 365 user, then you’ll already have access to all the advanced security features and settings you need to keep your business secure. However, Microsoft also makes it easier to achieve best-in-class, enterprise-grade security, by providing all the apps you need to automate key security tasks.
In this article, I’ll show you how to setup an automatic sync between your Azure Active Directory (AD) security groups and your Office 365 groups.
By the end of this article, you’ll have implemented a Microsoft Flow workflow that syncs all of your Azure security settings to your Office 365 groups, so you can be confident that everyone is using your company’s very latest security settings.
Azure AD and Office 365 groups: What’s the difference?
Although this workflow synchronizes an Azure AD and an Office 365 group, there are some key differences between the two:
1. Azure Active Directory
You can use Azure AD security groups to manage access to your cloud-based and on-premise apps, alongside a host of other resources.
When you add employees to an Azure AD security group, you can adjust the permissions for that entire group simultaneously, rather than having to modify each employee’s access individually.
By adjusting security settings en-masse, you can save your staff a tonne of time. For example, a resource owner can assign a resource to an entire group, and all members of that group will instantly have access to the resource in question - far more efficient than assigning that resource to every single employee manually!
In addition, every time you add a new member to a security group, they’ll automatically inherit all the security settings for that particular group, potentially saving you even more time.
Azure AD security groups also help you avoid many of the inconsistencies and errors that can make your business susceptible to data breaches, and other security vulnerabilities. When you need to revoke each employee’s permissions individually, it becomes easy to overlook one or more employees, which can result in your workforce having access to data and applications without your knowledge, or permission.
Even if your employees are completely trustworthy, they’re still one of the biggest security threats facing your business. There’s countless ways that an employee can accidentally leak your confidential corporate data, for example they might store that data on an insecure personal smartphone or tablet, which is then lost or stolen - or your trustworthy employee might become a disgruntled ex-employee!To help keep your business safe, you need to know exactly what applications and data each employee has access to. Employees with unknown access to confidential data and applications, pose a huge security threat to your business.
2. Office 365
Office 365 groups help your staff collaborate more effectively, by providing access to a shared inbox, calendar, SharePoint document library, a OneNote notebook, a Yammer group, and more. When you create a group, all of these resources are created for you automatically, so your group can start collaborating straight away. And, whenever you add a new member to a group, they’ll automatically inherit all the permissions required to access this group’s shared tools and resources!
Before we begin: Retrieving your ObjectIDs
In order to setup this automatic sync, you’ll need the ObjectID for your Azure AD security group and Office 365 group.
Before we start working on our Microsoft Flow workflow, let’s make sure we have access to these two crucial pieces of information.
This is the ObjectID for the Azure AD security group that you want to sync with Office 365.
Your Office 365 admin can retrieve the ObjectID from Azure AD:
● Log into Azure AD.
● In the left-hand menu, select “Groups.”
● The subsequent screen should display information about all of your groups. Find the Azure AD security group that you want to use as the source of your sync, and give it a click.
The Object Id value should now be visible onscreen. Make a note of this information, as you’ll be using it to create your Flow workflow.
This is the ObjectID of the Office 365 group that should be on the receiving end of the Azure AD
security group sync. Once again, your admin can retrieve this information from Azure AD:
● Log into Azure AD.
● Select “Groups” from the left-hand menu.
● Find the Office 365 group that you want to use in your sync, and give it a click.
This screen contains the ObjectID for this particular group; make a note of this information.
Time to create your workflow
You’re now ready to create a Flow that automatically syncs your Azure AD group with your Office 365 group.
The easiest way to setup this sync, is to use one of Microsoft’s ready-made Flow templates:
● Head over to the Microsoft Flow application.
● Click the “Sign in” button in the upper-right corner and enter your Microsoft username and password.
● In Microsoft Flow’s left-hand menu, select “Templates.”
● In the search bar, start typing “Synchronize an Azure AD Group with an Office 365 Group on a recurring basis” and then select this template when it appears.
● If prompted, enter your Office 365 Groups, Notifications, Approvals and Azure AD login details, and then click “Continue.” You should now be able to edit this template’s workflow.
● The first box we need to edit, is “Recurrence” as this allows us to specify how often this workflow should run. For example, if you wanted the workflow to run once every hour, then you’d need to enter “1” into the “Interval” field and “Hour” into the “Frequency” field. Alternatively, you can click “Show Advanced Options” and specify an exact start time and time zone, for example you might want this workflow to run at 8.50am every morning.
● In the “SourceGroupID” box you’ll need to enter the ObjectId for your Azure AD security group. Copy/paste the ObjectID into this box’s “Value” field.
● Next, move onto the “ApproverOwnerUPN” box, and enter the UPN of the person who’ll need to approve members being removed from the group. The easiest way to locate a user’s UPN value, is to log into the Microsoft 365 admin center, and in the left-hand menu select “Users > Active users.” Each user’s UPN is displayed in the “Username” column. Copy/paste this information into the workflow’s “ApproveOwnerUPN > Value” field.
There’s plenty of scope to further customize this Flow, but this is all that’s needed to get the workflow up and running! If you’re happy with the information you’ve entered, then click “Save” and all of the settings from your Azure AD security group will now be synced with Office 365 on the schedule set by you.
Want more free Microsoft Flow tutorials?
Microsoft Flow is a powerful and versatile application that you can use to automate a wide range of repetitive and time-consuming tasks.
Interested in saving even more time, with automatic workflows? You can check out some of our other Microsoft Flow tutorials:
We offer unlimited access to Microsoft Flow automation as part of our Office 365 packages.
Claim Your One Month FREE Trial of Microsoft 365 E5 Today.
Speak to a member of our team today 0114 292 2911 or email firstname.lastname@example.org if you need any assistance.
Share this article on social media
If you found this article useful, please share it on social media.
Subscribe to our blog...
We will only use your email to send you new blog posts.
Automate Your Employee Onboarding With Microsoft FlowOnboarding new employees can be an expensive and time-consuming process. According to Urbanbound, the loss of productivity due to the new hire learning curve can cost 2.5% of your total business revenue. To reduce this revenue loss and start getting the most out of your new employee, it’s essential that… Read More
Do ex-employees still have access to your data?When an employee leaves, would you let them take their company-issued devices with them? These devices may be company property, but they also often contain a tonne of company data. You don’t want to risk a data breach by allowing ex-employees to walk out of the door with confidential… Read More
Misplaced Mobile Devices Could be Putting Your Business at RiskToday many employees store confidential corporate data and applications on their smartphones, tablets, laptops, or all of the above, regardless of whether these mobile devices are personal or company-issued. Whether it’s a company laptop that occasionally moves between the office and the employee’s home, or a personal… Read More
Cloud deployment models define where your data is stored and how you access it. How do you get at it and from where do your applications run. It also depends on how much of your own infrastructure you want or need to manage. There are 3 types, lets talk about them… Public Cloud This is… Read More
In this article, we’re going to look at how Dynamics 365 works in further detail and review what it brings to the sales and customer service worlds – (the two leading modules are Sales and Customer Service).Customer relationship management (CRM) is a core part of modern business for two major reasons. Firstly, churn (losing customers)… Read More
Today, new companies are likely to take advantage of cloud resources from the outset to lower cost and provide flexibility as they grow — but what about businesses with legacy on-premise systems?In this article, we’re first going to recap the major benefits of moving to the cloud, considering the technical merits and the broader implications… Read More
First released in 2013, Slack soon proved a game-changer for colleague communication. Never before had there been such a slick tool for standardising vital office exchanges and making them accessible from anywhere. But then came the 2017 release of Microsoft Teams, an alternative rooted in the Microsoft ecosystem, and companies suddenly had options.As a platform… Read More
Even the holdouts need to adapt eventually, and the time has come for companies to move on. After all, official Microsoft support for Windows 7 will end at the beginning of 2020, and upgrading to Windows 10 is relatively simple with the free upgrade path provided through Microsoft 365.The Windows 10 Upgrade: Essential for SecurityReleased… Read More
Top 5 Cloud Computing Myths Debunked – What the Cloud Isn’tCloud computing adoption levels are soaring, with Gartner predicting that more than $1 trillion in IT spending will be affected by the shift to the cloud by 2020. Despite its popularity, there’s still plenty of misconceptions surrounding the cloud, which can make businesses reluctant to migrate… Read More