Syncro’s Microsoft Entra ID integration feature helps you streamline your operations and provide better service to your customers by syncing data from Microsoft Entra ID to Syncro Contacts.

Benefits of this integration include:

• Streamlined Contact Information: Keep all customer contact information perfectly synced, ensuring accurate and up-to-date records.
• Automated Client Billing: Automate customer billing based on their Microsoft License type using the Customer Contact.
• Saving Clients Money: Lower your customers’ Microsoft bills by finding unused Microsoft licenses.
• Audit Client Security: Quickly find customers who have low Microsoft Secure Scores or don’t have MFA turned on.
• Link Contacts to Devices: You can now link the devices associated with Entra accounts directly to Syncro devices, providing your Syncro assets with an assigned contact.

Prerequisites

Before getting started, make sure that your Microsoft Entra ID accounts are up to date and complete. 

IMPORTANT: Syncro treats Microsoft Entra ID as the source of truth, so the integration will overwrite data stored in Syncro with the data stored in Microsoft Entra ID.

Installation and Configuration

To install this integration, follow these steps:

1. Navigate to Admin > Integrations - App Center, and click the Entra ID App Card:
   
2. Click Add a Syncro API Key for your Entra ID Integration.
3. Enter your subdomain and API Key, then click Save and Continue:
    
   Note: If you haven’t created an API Key yet, navigate to Admin > API - API Tokens, click +New Token and create an API Token with the following permissions: 

• Customers - All
• Contacts - All
• Documentation - All
• Assets - All

4. For each Customer, you’ll need access to their Azure portal. Log into it, navigate toMicrosoft Azureand copy the Tenant ID to the clipboard.
5. In the table in the App Card, click “Connect Entra ID” for the Customer you want to connect to Entra ID.
6. Paste the Tenant ID, make any optional selections (see below), and click Connect Your Data to authenticate with Entra ID:
   

• Select any Departments to Ignore (Leave this blank to not ignore any Departments) 
• Select any Departments to Include (Leave this blank to include all Departments) 
• Include guest users (We recommend leaving this off unless you have a specific use case for including guests)
• Remove empty licenses (We recommend this be enabled if you plan on using the integration for billing)

7. Repeat steps 4-6 for each Customer you want to connect to Entra ID.

Automatically Created Custom Fields

The following Custom Fields are automatically created when you set up the integration:

• Customer Custom Fields:
  • microsoft_secure_score (text)
  • azure_licensed_user_count (text)
  • azure_active_user_count (text)
• Contact Custom Fields:
  • azure_license (dropdown) with answers:
    • Microsoft 365 Business Basic
    • Microsoft 365 Apps for Business
    • Microsoft 365 Business Standard
    • Microsoft 365 Business Premium
  • azure_mfa_status
    • Denotes whether MFA is enabled or disabled
  • azure_mfa_methods
    • Indicates what type of MFA is enabled
  • azure_last_activity
    • Displays the last time this Azure User used their account (logged in, used Excel, etc)

Note: Click “Modify Connection” and then “Run Jobs” for the Customer to manually trigger a sync. Otherwise, it will automatically sync daily between midnight and 2 a.m. Pacific Time.

IMPORTANT: The system maps Entra ID Users to Syncro Contacts by unique email address. If you change the email address in one place or the other, it will break the mapping for that Contact. If a Contact does not exist in Syncro for an Entra ID User, one will be automatically created.

The following fields are synced from Entra ID to Syncro Contacts:

• Name
• Address1
• Address2
• City
• State
• Zip
• Business Phone
• Mobile Phone
• Job Title

The following fields are synced from Entra ID to Syncro Assets:

• Assigned Contact

If a Syncro Contact exists as an Entra ID User, the integration will overwrite the Syncro Contact and be kept up to date going forward. If a Syncro Contact does not exist as an Entra ID User, it will not overwrite what’s in Syncro.

Microsoft License Type and Billing

This integration creates a dropdown Custom Field on the Contact called “azure_license,” which pulls the license type from the Entra ID User. It can have one of the four values that follow:

1. Microsoft 365 Business Basic
2. Microsoft 365 Apps for Business
3. Microsoft 365 Business Standard
4. Microsoft 365 Business Premium
5. Microsoft 365 Apps for Business
6. Microsoft 365 Business Basic
7. Microsoft 365 GCC G5
8. Microsoft 365 G3 GCC
9. Office 365 G3 GCC
10. Office 365 G5 GCC
11. Microsoft 365 A1
12. Microsoft 365 A3
13. Microsoft 365 A5
14. Microsoft 365 Apps for Enterprise
15. Microsoft 365 Apps for Students
16. Microsoft 365 Apps for Faculty
17. Microsoft 365 E3
18. Microsoft 365 E5

If the Entra ID User has more than one of these licenses, the one with the higher number will be displayed.

With this custom field, you can automatically bill based on how many licenses a customer has, using the Contact Custom Field dynamic line item counter in Syncro’s Recurring Invoice module.

Additionally, the integration syncs over Customer Custom Fields for azure_licensed_user_count and azure_active_user_count. Noticing any discrepancy between these two fields can help you save money for your customers: you can remove any unused Microsoft licenses.

Security Audits

This integration fetches a Microsoft Secure Score from Entra ID and adds it to your Syncro customer information. This can help you understand how secure your customer's Azure instance is, and indicate whether your customer should implement new security policies.

Troubleshooting the Entra ID Sync

If the azure_mfa_status, azure_mfa_methods, and azure_last_activity fields aren’t populating, follow these steps:

1. Enable access to these fields by changing a setting in the Azure Instance for the customer, per these instructions.
2. Make sure the contact’s endpoint has a license for either Entra P1 or Entra P2. Without this license, access to the fields cannot work. This license appears in the azure_license field on the contact page. For more information about which Microsoft licenses include Entra P1 or P2, please consult Microsoft’s documentation.
3. Make sure your Enterprise application has granted permissions to Syncro for AuditLog.Read.All. If you do not see this permission applied, click ‘Grant Admin Consent’ on the permissions page of the Enterprise Application.