How to configure Azure AD at the global level in On Prem email Security

Description

  • Login to Azure portal.
  • Click on view under Manage Azure Active Directory.
  • Image

  • Click on App registration on the left hand side.
    Image

  • Click on New registration. Fill out the form make sure you select Accounts in any organization directory ( Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype,xbox).
  • Image

  • Once it is successful you should see the App registered and info for Client ID and Tenant ID.
  • After this is displayed you will need to get permissions for the App click on API permissions on the left then click on Add Permissions.
    Image

  • Click on Microsoft Graph and click on Application Permissions Type in under Select permissions Directory. Then check the 2 boxes for Directory.Read.All and Directory.ReadWrite.All

    Image

  • Once that is selected type in User in select permissions and check the box for User.Read.All and User.ReadWrite.All (These permissions are for this application only.)
  • Click on Add permissions button at the bottom of the page.
  • After the Permissions are added. We now need to create a  secret.
  • Click on Certificates & Secrets on the left side.
  • Click on New Client Secret.
    Image

  • Name the secret it can be anything but usually, it is best to use the domain as a description. Select 1 Year.
    Image

  • Click Add. Once the secret is created it will show you the Date and the secret.
  • Copy the secret and Date put it in a notepad. Login to Hosted Email Security.
  •  Navigate to Manage |Server | Azure Active Directory. Fill out the form. The info on this form can be found in the App that was created.
  • Application Name is the name of the application you created.
  • Admin Email Address is the email address that has admin rights in the application
  • Domain is the domain you registered the application with.
  • Tenant ID this is created in the App. This can be seen in the App and copied
  • Client ID this is created in the App. This can be seen in the App and copied
  • Client Secret this is the secret that was created and copied to notepad.
  • Client Secret Expiry Date. This is the date that was copied to notepad.
  • Admin Consent Redirect URL: This is the URL to connect to the App and get the permissions.
  • Social Auth Redirect URL: This is the URL to connect and get the users from Azure.
    Image

  • In the App that was created, it has the Client ID and Tenant ID.
    Image

  • Navigate back to the App.
  • Click on  Add a redirect URL
  • Click on Add Platform
  • Click on Web
  • Then enter the URL ( This should be the URL that is in your HES Https://yourdomain.com/microsoft/azure-directory/permissions)
  • Select Access Tokens and ID Tokens
  • Click on Configure
  • Add the other URL by clicking add URL (Https://yourdomain.com/microsoft/azure-directory/user/auth
  • Click on save.

Related Articles

  • Invalid SFP Connected warning on SonicWall firewall when using supported 10G SFP+ Module
    Read More
  • How to exclude the domain from DHA scanning?
    Read More
  • Email Security: How to download the Outlook Junk Tool?
    Read More

Categories

Email Security
Hosted Email Security
LDAP Configuration
not finding your answers?
Ask the Community