About Proofpoint Essentials Azure Sync Tool


The Proofpoint Essentials Azure Sync Tool allows organizations hosted on Office 365 to import and/or synchronize users and groups from Office 365 directly to their account. 


Setup Azure Active Directory


Follow these steps to create an Azure application which will be used as part of the synchronization.


1. Login to your Microsoft Azure portal as an administrator user through https://aad.portal.azure.com.


2. Click on Azure Active Directory on the left side panel and click on App Registrations and then click on New Registration.



4. In the fields displayed, enter a name in the Name field (i.e. Proofpoint).


5. Select the option Accounts in this organizational directory only "Company inc" Only - Single Tenant.


6. Under Redirect URL, select Web in the drop down menu and enter the following Sign-On URL 


7. Click on Register to complete the APP Registration.


8. Copy the Application ID displayed into notepad and click the Settings tab.



9. Click on API Permissions then click on Add a Permission.



10. Scroll down to the bottom of the Request API Permissions and select Azure Active Directory Graph.


11. Select Delegated Permissions.

12. Ensure that the following permissions have been applied under Delegated Permissions.


Delegated Permissions:


  • Directory
    • Directory.Read.All
  • Group
    • Group.Read.All
  • User
    • User.ReadBasic.All


13. Next click on Application Permission.



14. Ensure that the following permissions have been applied under Application Permission then click Add Permissions.


Application Permissions:


  • Directory
    • Directory.Read.All


The API permissions will now look like this;




15.  Click the Grant admin consent for Company button followed by clicking Yes to confirm.


16. Finally select Certificates & Secrets and click on the New client secret button under Client Secrets.


17. Enter a description name and select Never for the expire date and click Add.



18. Copy the displayed Secret Key into notepad.



Configure Proofpoint to Deploy with Azure:


1. Login to your Proofpoint account via the US or EU site, depending on where the domain is registered.


2. Go to Company Settings > Import Users > Azure Active Directory.


3. In the fields displayed, enter the Primary Domain name in Office 365 and paste in the Application ID and the Secret Key copied from the steps above.



Scroll down to the bottom and set Sync Frequency to 1-Hour and click Save and then click Search Now.


5. At this point you will be displayed with a report to which you can verify and exclude users.


6. When it has been reviewed, click the Sync Active Directory button to import users.


IMPORTANT: Once the domain has been Sync'ed, you MUST wait 60 minutes before the domain is available for routing inbound and outbound email. 


Stage 3 -Updating SPF Records