Syncro’s Microsoft integration helps you streamline your operations while providing better service to the organizations you support. 

Once a Syncro Tenant exists for a Microsoft Tenant, you can use Entra ID User Sync to add and update Syncro Contacts/End Users based on their User Type, Department, Office Location, Domain, and/or Group assigned to the users within the Microsoft Tenant. This helps ensure accurate and up-to-date records.

Other benefits of this integration and mapping include:

• Linking devices associated with Microsoft Entra accounts directly to Syncro assets, to ensure there's always an assigned Contact/End User.
• Quickly finding clients with low Microsoft Secure Scores or those who don’t have MFA turned on, to improve security.
• Lowering your client's bills by finding unused Microsoft licenses, and automating client billing based on MS License types.
• A foundation for future actions initiated in Syncro to be applied to Microsoft via Microsoft Graph APIs.

This document describes how to integrate Syncro with Microsoft and map your Syncro Tenants. In case it should be necessary, it also describes how remove Syncro Tenants and/or the entire Microsoft integration.

Prerequisites

The Syncro-Microsoft integration requires you to be on Syncro's Team Plan, and be an Administrator in the Syncro account.

You can integrate with a single Microsoft Tenant or all Microsoft Tenants from your Cloud Solution Provider (CSP).

If you plan on integrating with a CSP, the Microsoft account you use needs to:

• Allow you to log in as a Global Admin
• Be under the AdminAgents group
• Be under any and all M365 GDP groups you have with the following roles:
  • Application Administrator
  • Authentication Policy Administrator
  • Cloud App security Administrator
  • Cloud Device Administrator
  • Exchange Administrator
  • Intune Administrator
  • Privileged Authentication Administrator
  • Privileged Role Administrator
  • Security Administrator
  • SharePoint Administrator
  • Teams Administrator
  • User Administrator
• Use MFA through Microsoft (This will not work with third-party MFA applications.)

Validating this set up will help limit future issues and interruptions. 

Enable the Integration

To integrate Syncro with Microsoft, follow these steps:

1. Navigate to Admin > RMM Settings - Microsoft Tenant Management. Syncro displays the Microsoft Tenant Management Page.
2. Click the Integrate with Microsoft button, then select either “Single Tenant” or “Cloud Solution Provider.” 
3. If you choose “Cloud Solution Provider,” be sure you've met the Prerequisites, then click Integrate Cloud Solution Provider. 
   • Log into Microsoft using your Syncro Service Account. 
   • Click Accept for the required permissions. 
4. If you choose “Single Tenant” log into your Microsoft account, then click Accept for the required permissions. 

When the integration is complete, Syncro redisplays the Microsoft Tenant Management Page with your Microsoft Tenant listed in the first column of the table, “Success” in the Sync Status column, and a Last Synced date/timestamp:

Tip: Initially this process might take a little time; you can click Refresh to refresh the page and check on it.

Next, you'll Map Your Syncro Tenants.

About the Microsoft Tenant Management Page

The Tenant Management page/table displays when you navigate to Admin > RMM Settings - Microsoft Tenant Management. Initially the page is blank; the table only displays after you create an integration with a Microsoft Tenant:

The Integrate Microsoft button provides you with two ways to enable the integration: Single Tenant or Cloud Solution Provider. The Refresh button updates the table for any new Sync Statuses that might be available.

This table contains the following information about each of your existing Microsoft Tenants:

• Microsoft Tenant: The name of the Microsoft Tenant.
• CSP Auth: If you integrated with a CSP, this column shows the status the authentication process used by the Cloud Solution Provider (CSP) to access and manage Microsoft services. May be Active (green), Expiring (orange/yellow), Expired (red), Invalid (red), or Unknown (orange/yellow).
• Syncro Tenant: The name of the (Customer) Organization(s) that's mapped to the Microsoft Tenant. Click this link to navigate to the Syncro Tenant's Details Page.
• Sync Status: The status of the sync between the Microsoft Tenant and the Syncro Tenant. May be Success (green) or Auth Failed (red). This could be any type of failure encountered while making requests for the tenant, including an authentication failure.
• Last Synced: The date/timestamp of the last sync attempt between Syncro and Microsoft Tenants, which happens daily.

 The options available under the vertical ellipsis ()  change based on various conditions, as follows:

Map Your Syncro Tenants

Microsoft Tenants are mapped to Syncro Tenants. (Customer) Organizations are then assigned to those Syncro Tenants. In many cases, there's a 1:1 relationship between an Organization and a Syncro Tenant. This 1:1 relationship is the default:

However, you might have situations where you would assign multiple Organizations to a single Syncro Tenant. 

For example, let's say you support a client with three office locations that are on the same Microsoft Tenant. However, each of those locations is billed and pays for IT services separately, so there is one (Customer) Organization for each location in Syncro. You would want to assign all three Organizations to the one Syncro Tenant, then map that Syncro tenant to the single Microsoft Tenant. See Move Existing (Customer) Organizations to a Single Syncro Tenant for more information.

Notes: 

• Whenever you create a new Customer (Organization) or edit an existing one, you'll have the option to select a mapped Syncro Tenant to act as its parent in the ORGANIZATION SETTINGS section. If you create a new Organization without having done the Microsoft integration and mapping, Syncro automatically creates a Syncro Tenant with the same name as the Organization to provide an infrastructure for future scalability.
• Customers are in the process of being renamed to (Customer) Organizations, and Contacts to End Users. You may see both in Syncro for the time being.

You can follow these steps to map your Syncro Tenants:

1. Navigate to Admin > RMM Settings - Microsoft Tenant Management. Syncro displays the Microsoft Tenant Management Page.
2. Click the vertical ellipsis ()  in the appropriate row, then select “Map Syncro Tenant.” Syncro displays the Start Tenant Mapping pop-up window.
3. Select an existing (Customer) Organization from the Syncro Tenant dropdown menu.
4. Click Start Tenant Mapping. Syncro redisplays the Microsoft Tenant Management Page with the Syncro Tenant column filled in.
   Note: If your Syncro Tenant should have child (Customer) Organizations, you may want to set that up. Edit each child Organization and select your Syncro Tenant from the dropdown menu in the ORGANIZATION SETTINGS section:
   
5. Click a hyperlinked Syncro Tenant name to view its Details Page, where you can set up Microsoft Entra ID User Sync to take full advantage of this integration.

About the Syncro Tenant Details Page

The Syncro Tenant Details page contains a left side panel and a Customer Organizations table in the main page area:

1. The name in the upper left corner is the name of your Syncro Tenant. You can click on the name to edit it.
2. In the Microsoft Details section header, there's a “Manage” link, which navigates you to the Microsoft Tenant Management page/table.  
3. In the Microsoft Details section itself, you'll see the following information:
   • Last Tenant Sync: The last time this Microsoft and Syncro Tenant were synced (e.g., 34m ago). Click Sync Now to attempt a resync.
   • Microsoft Tenant: The name of the Microsoft Tenant this Syncro Tenant is mapped to.
   • Microsoft Secure Score: A percentage measurement of an organization's security posture, with a higher number indicating more recommended actions taken. (See Microsoft Secure Score for more information.)
   • Microsoft Active Users: The number of active user accounts in the Microsoft Tenant.
   • Microsoft Licensed Users: The number of licensed user accounts in the Microsoft Tenant. See Microsoft's documentation for more information.
4. In the Customer Organizations table, you'll see:
   • The hyperlinked names of any child Organizations that have this Syncro Tenant selected as its parent. If there are no child Organizations, the only Customer Organization that appears has the same name as the Syncro Tenant:
     
   • Any Email addresses and Phone numbers associated with the listed Organizations. (See also: Best Practices.) 
   • The status of and/or ability to set up MS Entra ID User Sync.

Move Existing (Customer) Organizations to a Single Syncro Tenant

Let's say you support a client called “Grateful Dentists,” which has three locations that you bill separately. Therefore, you have three (Customer) Organizations in Syncro: 

1. Grateful Dentists - Boston
2. Grateful Dentists - Waltham
3. Grateful Dentists - Burlington

You likely have one Microsoft Tenant for all of the Grateful Dentists locations, and it makes sense to put these multiple (Customer) Organizations under a single Syncro Tenant. 

However with this new feature, Syncro will automatically create three Syncro Tenants, one for each (Customer) Organization.

To change this to a single Syncro Tenant named “Grateful Dentists,” follow these steps:

1. Rename one of the automatically-created Syncro Tenants. E.g., rename “Grateful Dentists - Boston” to “Grateful Dentists.”
2. Re-assign the Grateful Dentists - Waltham and Grateful Dentists - Burlington Organizations to the "Grateful Dentists" Syncro Tenant from step 1.
3. Map the Microsoft Tenant for Grateful Dentists to the Syncro Tenant for Grateful Dentists.

When you're finished, you'll have multiple Customer Organizations in your table.

The following Syncro Tenant—"Foggy IT"—is mapped to a Microsoft Tenant with the same name, which you see on the left: 

On the right, you can see that the “Foggy IT” Syncro Tenant is associated with two Customer Organizations: Foggy IT itself, and Dunder Mifflin.

Remove the Integration

If you no longer want to link your Syncro and Microsoft accounts, or if you want to reset the Syncro-Microsoft connection to start fresh, you can.

IMPORTANT: When you remove the Syncro-Microsoft integration, you'll:

• Completely disconnect your Microsoft account(s) from Syncro,
• Remove all Microsoft Tenants and the mapping between Microsoft and Syncro Tenants,
• Remove the Syncro application from Microsoft and associated Microsoft data from Syncro,
• Prevent Syncro from syncing data with Microsoft moving forward. (For example, your Contacts/End Users will remain in Syncro but will no longer be updated if/when updates are made in Microsoft.) 

However, removing this integration will NOT delete any data from your Microsoft accounts.

To remove the Syncro-Microsoft integration, follow these steps:

1. Navigate to Admin > RMM Settings - Microsoft Tenant Management.
   Tip: The last line on the screen indicates how many Tenants you'll be removing from your Syncro account.
2. Click Remove Integration. The Microsoft Tenant Management page redisplays and lets you know that no Microsoft Tenants are yet integrated. 

Whenever you want, you can re-enable the integration, but you might need to wait a few minutes for Syncro to remove the prior integration.