Documentation Center

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Support Portal
  • Home
  • Administration
  • Integrations

Integrate Microsoft

Contact Us

If you have questions or want help, please Submit a Request.

Updated at May 09, 2025
By Kali Patrick

Table of Contents

Prerequisites Important Information for CSPs Enable the Integration About the Microsoft Tenant Management Page Remove the Integration

Related Docs

  • Map Syncro Tenants
  • Set Up Microsoft Entra ID User Sync
  • Attach or Detach Baselines

Syncro XMM features are currently in EA (Early Access). Click here to participate.

Syncro’s Microsoft integration helps you streamline your operations while providing better service to the organizations you support. 

The benefits include:

  • Linking devices associated with Microsoft Entra accounts directly to Syncro assets, to ensure there's always an assigned End User.
  • Quickly finding clients with low Microsoft Secure Scores or those who don’t have MFA turned on, to improve security.
  • Lowering your client's bills by finding unused Microsoft licenses, and automating client billing based on Microsoft license types.
  • A foundation for future actions initiated in Syncro to be applied to Microsoft via Microsoft Graph APIs.

This document describes how to integrate Syncro with Microsoft. In case it should be necessary, it also describes how remove the integration.

Prerequisites

  • The Syncro-Microsoft integration requires you to be on Syncro's Team Plan and be an Administrator in the Syncro account.
  • Syncro's integration is optimized for tenants with Microsoft 365 Business Premium licenses, but it can work with Business Basic or Business Standard. 
    • Depending on your Microsoft license, you may receive an error that a required service principal is missing. 
    • To resolve the issue, look up the missing application ID, then use it to add the missing service principle using PowerShell:
      >Install-Module -Name AzureAD
      >Connect-AzureAD
      >New-AzureAdServicePrincipal -AppId “Missing AppId Here”
      For example, if you discover WindowsDefenderATP is missing, use the command: 
      New-AzureAdServicePrincipal -AppId “fc780465-2017-40d4-a0c5-307022471b92”
  • You can integrate with a single Microsoft Tenant or all Microsoft Tenants from your Cloud Solution Provider (CSP).

Important Information for CSPs

You can either integrate:

  • Your Microsoft Tenants in bulk through your CSP Microsoft 365 Tenant credentials and Microsoft Partner Center GDAP relationships, or 
  • Each Microsoft Tenant as a Single Tenant using a unique Global Administrator account for each individual Microsoft 365 Tenant. 

WARNING: Attempting to connect a CSP Microsoft 365 Tenant using the Single Tenant option will cause the integration to fail. If you have a CSP Microsoft 365 Tenant, we strongly recommend that you choose the Cloud Solution Provider option. Using both methods to connect Microsoft Tenants will generate connectivity errors.

Connecting to Microsoft 365 Tenants through a CSP Microsoft 365 Tenant requires specific Microsoft Partner Center configurations and the authenticating user must meet certain requirements.

Tip: If you use Microsoft SSO to log into Syncro, be certain that your Syncro user login has all the required permissions for integration. The authenticating user must:

  • Be a CSP Microsoft 365 Tenant Global Admin, 
  • Have Admin Agent privileges,
  • Be a member of the Security Group(s) associated with the appropriately privileged GDAP relationships with the Microsoft 365 Tenant (see below), and
  • Be prompted by Entra ID MFA when authenticating. (Microsoft does not allow access to Microsoft 365 Tenants via GDAP using third-party MFA applications.) 

In Microsoft Partner Center, each Microsoft 365 Tenant must have:

  • A GDAP relationship with either a Global Administrator privilege or ALL of the following specific privileges:
    • Application Administrator
    • Authentication Policy Administrator
    • Cloud App Security Administrator
    • Cloud Device Administrator
    • Exchange Administrator
    • Intune Administrator
    • Privileged Authentication Administrator
    • Privileged Role Administrator
    • Security Administrator
    • SharePoint Administrator
    • Teams Administrator
    • User Administrator
  • The GDAP relationship assigned to a CSP Microsoft 365 Tenant Security Group and the appropriate roles selected (see list above).

For example, if your CSP account can access 100 Tenants and you want to only integrate with 75, you'll need to add these roles to the 75 GDAPs that represent your desired, 75 Tenants. You'll need to go into each Tenant GDAP individually. 

Tip: You only need to enable the above GDAP relationship for the Microsoft 365 Tenants you want to integrate. For example, if your CSP Microsoft 365 Tenant can access 100 Microsoft 365 Tenants and you only want to integrate 75, you'll need to create the GDAP relationship described above with the desired 75 Microsoft 365 Tenants in the Microsoft Partner Center.

For more information about configuring GDAP relationships in Microsoft Partner Center, refer to the following Microsoft Learn articles:

  • Obtain granular admin permissions to manage a customer's service
  • Customer approval of partner GDAP request
  • Grant granular permissions to security groups

Enable the Integration

To integrate Syncro with Microsoft, follow these steps:

  1. Navigate to Admin > RMM Settings - Microsoft Tenant Management. Syncro displays the Microsoft Tenant Management Page.
  2. Click the Integrate with Microsoft button, then select either “Single Tenant” or “Cloud Solution Provider.” 
  3. If you choose “Cloud Solution Provider,” be sure you've met the Prerequisites, then click Integrate Cloud Solution Provider. 
    • Log into your CSP Microsoft 365 Tenant using an appropriately privileged Global Admin account. 
      Notes: 
      • If you want a Single Tenant integration, you'll need to create Global Admin accounts on the individual Microsoft 365 Tenants you want to integrate. (These must be different from your CSP Microsoft 365 Tenant credentials.) 
      • If you use Microsoft SSO to log into Syncro, ensure your login has the appropriate privileges (see Prerequisites).
    • Click Accept for the required permissions. 
  4. If you choose “Single Tenant” log into the desired Microsoft 365 account as a Global Admin, then click Accept for the required permissions. 

When the integration is complete, Syncro redisplays the Microsoft Tenant Management Page with your Microsoft Tenant(s) listed in the first column of the table, “Success” in the Sync Status column, and a Last Synced date/timestamp:


Tips: 

  • Initially this process might take a little time; you can click Refresh to refresh the page and check on it.
  • The only data Syncro pulls from the initial integration is the Microsoft 365 Tenant Name. All additional data requires the Microsoft 365 Tenant to be mapped. 

Next, you should Map Your Syncro Tenants.

About the Microsoft Tenant Management Page

The Tenant Management page/table displays when you navigate to Admin > RMM Settings - Microsoft Tenant Management. Initially the page is blank; the table only displays after you create an integration with a Microsoft Tenant:

The Integrate Microsoft button provides you with two ways to enable the integration: Single Tenant or Cloud Solution Provider. The Refresh button updates the table for any new Sync Statuses that might be available.

This table contains the following information about each of your existing Microsoft Tenants:

  • Microsoft Tenant: The name of the Microsoft Tenant.
  • CSP Auth: If you integrated with a CSP, this column shows the status the authentication process used by the Cloud Solution Provider (CSP) to access and manage Microsoft services. These may be:
    • Active (green): The CSP Admin Relationship appears to be configured correctly and isn't set to expire for at least the next 7 days. 
    • Expiring (orange/yellow): The CSP Admin Relationship appears to have at least one required role that is set to expire within the next 7 days. The GDAP relationships should be updated as soon as possible. 
    • Expired (red): The CSP Admin Relationship has at least one required role that has expired. The GDAP relationships need to be updated to resume syncing.
    • Missing Roles (red): The CSP account doesn't have all the GDAP roles for the tenant. Please review Important Information for CSPs. 
    • Consent Pending (orange): Typically means Syncro is waiting for Microsoft to process the request. If the CSP Auth remains in a Consent Pending status after 10-15 minutes, there's likely a problem.
    • Unknown (orange/yellow): There is no status information available.
  • Syncro Tenant: The name of the Organization(s) that's mapped to the Microsoft Tenant. Click this link to navigate to the Syncro Tenant's Details Page.
  • Sync Status: The status of the sync between the Microsoft Tenant and the Syncro Tenant. These may be:
    • Success (green): The sync between Microsoft and Syncro Tenants was successful.
    • Pending (orange): Syncro is waiting for Microsoft to process the request, or there's something preventing the sync from happening. The CSP Auth column can help you determine whether there's a known issue preventing syncs.
    • Auth Failed (red): May be any type of failure encountered while making requests for the tenant, including an authentication failure.
  • Last Synced: The date/timestamp of the last sync attempt between Syncro and Microsoft Tenants, which happens daily.

 The options available under the vertical ellipsis ()  change based on various conditions, as follows:

If . . . Then the options are . . .
There is no Syncro Tenant
  • Map Syncro Tenant: Creates an association between the Microsoft Tenant and an Organization, so you can then set up Entra ID User Sync. 
  • Remove Tenant: Removes the Microsoft Tenant. For example, if you're no longer supporting an Organization or you make a mistake. This option is only available if you integrated with a Single Tenant in Microsoft. If you integrated with a CSP, you'll need to remove the integration to make changes.
The Sync Status is Auth Failed
  • Reauthenticate: Allows you to provide different credentials to authenticate with the originally configured Microsoft tenant.
  • Remove Tenant: Same as above.
  • Unmap Syncro Tenant: Removes the association between the Microsoft and Syncro Tenants. For example, if you make a mistake.
The Sync Status is Sync Failed
  • Reconnect Tenant: Allows you to attempt a resync between the Microsoft and Syncro Tenants.
  • Remove Tenant: Same as above.

Remove the Integration

If you no longer want to link your Syncro and Microsoft accounts, or if you want to reset the Syncro-Microsoft connection to start fresh, you can.

IMPORTANT: When you remove the Syncro-Microsoft integration, you'll:

  • Completely disconnect your Microsoft account(s) from Syncro,
  • Remove all Microsoft Tenants and the mapping between Microsoft and Syncro Tenants,
  • Remove the Syncro application from Microsoft and associated Microsoft data from Syncro,
  • Prevent Syncro from syncing data with Microsoft moving forward. (For example, your End Users will remain in Syncro but will no longer be updated if/when updates are made in Microsoft.) 

However, removing this integration will NOT delete any data from your Microsoft accounts.

To remove the Syncro-Microsoft integration, follow these steps:

  1. Navigate to Admin > RMM Settings - Microsoft Tenant Management.
    Tip: The last line on the screen indicates how many Tenants you'll be removing from your Syncro account.
  2. Click Remove Integration. The Microsoft Tenant Management page redisplays and lets you know that no Microsoft Tenants are yet integrated. 

Whenever you want, you can re-enable the integration, but you might need to wait a few minutes for Syncro to remove the prior integration.

Was this article helpful?

Yes
No
Give feedback about this article

The integrated platform for running a profitable MSP business

Syncro All-in-one MSP Software Facebook Syncro All-in-one MSP Software Twitter Syncro All-in-one MSP Software LinkedIn Syncro All-in-one MSP Software YouTube Syncro All-in-one MSP Software Reddit
  • Compliance
  • Privacy Policy
  • Website Terms
  • Service Terms
Knowledge Base Software powered by Helpjuice

© 2017-2024 Servably, Inc. All rights reserved.

Expand