Views:

  1. Start the Directory Synchronization Tool application.
  2. On the Service Settings tab, configure the following:
    • Under the TMEMS Administrator Logon Account section:
      • Account Name: Your administrator account name you use to log on to TMEMS administrator console
      • Service Auth Key: Your service authentication key for the TMEMS server
         
        You can find your service authentication key on the API Access tab of the Service Integration screen (Administration > Service Integration) on the TMEMS administrator console.
         
    • Under the Proxy Settings section:
      • Do not use a proxy: If your network does not require a proxy, select this option to disable this setting.
      • Automatically detect proxy settings: Select this option to let the Directory Synchronization Tool automatically detect your network proxy settings.
      • Manually set the proxy (HTTP): Select this option to manually set the proxy server and port settings for your proxy server. If required, type the proxy user name and password.
         
        The Directory Synchronization Tool currently supports only the HTTP proxy.
         
      • Synchronize every x hours: Select this option and specify the duration in hours, if you want the Directory Synchronization Tool to automatically synchronize user groups, valid recipients and email aliases from the source directory to TMEMS on a recurrent basis.
         
        This setting requires you to synchronize data manually for the first time. Later on, the Directory Synchronization Tool automatically synchronizes data according to your setting.
         
  3. Click Apply.

  1. On the Source Directory tab, complete synchronization source settings.
    1. Next to Source Name, specify a source directory name.
    2. From the Source Type drop-down list, select Microsoft Office 365 / Azure Active Directory as the source directory type.
  2. Complete required settings:
    • Tenant Domain: The domain name of the Azure directory, which is the sub-domain of the root domain "onmicrosoft.com"
    • Application ID: A unique ID required for a custom application to make calls
    • Application Key: A unique key value required for a custom application to make calls
 
You can find the Tenant Domain (Primary domain) on the Azure Active Directory under Overview. If the Primary domain is not "onmicrosoft.com", navigate to Custom domain names under Azure Active Directory and find the Tenant Domain.
To obtain the Application ID and Application Key, refer to Creating an Azure Active Directory Application section.
 

  1. Register an application.
    1. Log on to your Azure Active Directory admin center as an admin user.
    2. Navigate to Azure Active Directory > App registrations > New registration.
    3. Type a name for your application. For example, "TMEMS Azure AD Sync."
    4. Under Redirect URI (optional), select Web as platform then type the following URL of the TMEMS administrator console:
      • North America, Latin America and Asia Pacific: https://ui.tmes.trendmicro.com
      • Europe, the Middle East and Africa: https://ui.tmes.trendmicro.eu/
      • Australia and New Zealand: https://ui.tmes-anz.trendmicro.com/
      • Japan: https://ui.tmems-jp.trendmicro.com
      • Singapore: https://ui.tmes-sg.trendmicro.com
      • India: https://ui.tmes-in.trendmicro.com
    5. Click Register. A new application appears on the screen.
    6. Copy and save the Application (client) ID.
  2. Add a client secret for your application.
    1. Access the application you created.
    2. In the left navigation, click Certificates & secrets > Client secrets > New client secret.
    3. Type a description for the client secret, select a 24 months option from the Expires drop-down list, and click Add.
      A client secret generates in the Client secrets section. This value will not be visible after you leave this screen.
       
      Directory synchronization will fail if the client secret expires. If this occurs, generate a new client secret.
       
    4. Copy and save the client secret value (Application Key).
  3. Obtain API permissions for your application.
    1. Access the application you created.
    2. In the left navigation, click API permissions and click Add a permission.
    3. Click Microsoft Graph on the Microsoft APIs tab page.
    4. Select Application permissions > Directory.Read.All permission under Directory, and click Add permissions.
    5. Click Grant admin consent for Your tenant name.
    6. Click Yes in the dialog box that appears.
Keywords: email security Directory Synchronization Tool, configure Directory Synchronization Tool