1. Navigate to portal.azure.com and log in with your Microsoft Azure account credentials
2.  On the left-side menu, under Manage, select App registrations
3. Click New Registration and name your registration
   • Any name will work but it's recommended to use a name that identifies what app you're registering (e.g., in this case, VIPRE Email Cloud)
4. Click Single tenant
5. Skip the redirect URI and click Register

6. On the left-side menu, under Manage, select API Permissions
7. Select Add a permission
8. Select Microsoft Graph 
   • This is the API that the Email Cloud portal uses to communicate with Azure
9. Select API Permission type Application
10. Select the following Application Permissions
    • Directory > Directory.Read.All
    • Group > Group.Read.All
    • GroupMember > GroupMember.Read.All
    • User > User.Read.All
11. Click Add Permissions
12. Look for the row that shows User.Read, click the ellipses (...) on the right, and select Remove Permission
13. Click Grant admin consent for <your.tenant.name.here>

14. In the breadcrumb trail, select the API name

15. On the left-side menu, select Certificates & secrets
16. Under Client secrets, click New client secret and fill in the following information:
    • Description - This can be whatever you want
    • Expires - No matter which timeframe you choose, it's important to set a reminder for yourself to both create a new client secret, and save the new client secret into the Azure Connect tab (step 5 below), before expiry. Failure to do so could break the sync between Email Cloud and Entra ID.
17. Click Add

18. Open a new text file on your computer and copy/paste the following information from the Microsoft Entra ID portal into the blank text file:
    1. Under Client secrets, copy the Value and paste it into your blank text file
    2. In the breadcrumb trail, select the API, copy the Application (client) ID and paste it into your text file
    3. From the same page, copy the Directory (tenant) ID and paste it into your text file

19. In a separate browser tab, navigate to your Email Cloud admin portal and log in
20. On the left-side menu, click Service Settings, then select Directory Services
21. On the main page, select Entra ID
22. Place checkmark next to Enable Azure Sync
23. Copy the Directory (tenant) ID) from your text file and paste it into the Tenant Domain field
24. Copy the Application (client) ID from your text file and paste it into the Client ID field
25. Copy the Client secret from your text file and paste it into the Client Secret field
26. Select a Sync Frequency from the dropdown menu
    • The default sync frequency is 6 hours
27. Select an amount of time to Delete Users After from the dropdown menu; see the User Conflicts section below for more details
    • The default is 7 days
28. Click the checkbox if you want to include disabled/deactivated user accounts in your sync
    • This is unchecked by default
29. If you want to include Custom Filters, enter those in the text field here
    • Custom Filters are only applied to syncs of users. Groups are not included.
    • For full details, including supported custom filters and examples of queries, visit Custom Filters for use with Entra ID Sync to open a new browser tab
30. Click Save in the bottom right
31. Click Test in the bottom left to verify the connection
    • If successful, a green message will appear in the top-right "Azure Connection test was passed" 
    • If unsuccessful, a red message will appear in the top-right "Azure Connection test failed"
      • Verify the Tenant Domain, Client ID, and Client Secret were copied correctly from the Azure portal
32. Click Sync Now
    • A green message will appear in the top-right "Azure sync has successfully started"

Once the sync has completed, you will be able to see all of your users by clicking Users in the left-side menu. Looking in the Source column, you will be able to tell which users were added via Azure.

The Exceptions tab is where you can select any name from the User List that you want to exclude from the Entra ID sync with VIPRE Email Cloud. This means any exceptions will also be excluded from any custom filters you set up on the Connect tab.

1. In the User List column, which shows a complete view of your directory server, locate the row with the name of the user, group, or alias you want to exclude
2. Click the blue arrow in the same row as the name to add that name to the Exception List
3. Click Save

The Additions tab allows you to manually add users to include in the Entra ID sync. For example, this would be useful for adding any new employees that may need to be added in between syncs.

The User Conflicts tab will show users that previously synced in the portal but are no longer in the directory server.

Possible actions within this tab are: Delete, Ignore, Export, Deactivate

Example Use-Case

You notice there two users showing in User Conflicts. Let's say that when you were first setting up Entra ID sync, under the Connect tab, you set Delete Users After to 7 days. You're fine with one of the users being deleted because the employee no longer works for your company. The other user, however, is on maternity leave and will be coming back in 12 weeks.

 

1. Click the checkbox next to the user and select your desired action.

In the example above, you could use Ignore so that the user will not be deleted after 7 days.