UnitySync Office 365 login requirements

Created: 2016-04-21 08:46:39
Modified: 2023-08-15 17:03:36
Tags: Office 365 System Requirements UnitySync

System Requirements

Ensure your UnitySync server meets the Special Requirements for o365 connections.

Required Login information

ID: The login of the default administrative account or other custom account created for UnitySync. This is required information when using Office 365 (O365).

ID name format: Use the same login format you would use when logging into O365 on line:

i.e. AdminAccountName@YourDomain.onmicrosoft.com

Password: The password that corresponds to the login ID specified

Permissions to read/write an O365 tenant

We highly recommend use of an O365 Admin account. Microsoft does not make it easy to create a non Admin account with the necessary access for UnitySync to perform the required powershell commands when writing to O365.

NOTE: Two factor authentication (2FA) must be disabled for the o365 user account specified in your connection.

Discovery of O365

We highly recommend use of an O365 Admin account. Alternatively, you may assign minimum read access to your UnitySync O356 login ID to be used for O365 Discovery.

  • For example, create an unlicensed Office 365 user account without O365 admin rights.

  • For view only access to O365, add user to the “View-Only Organization Management” admin role in the Exchange Admin Center. This role should provide UnitySync the rights needed to run the powershell commandlets utilized by UnitySync Discovery.

Discovery, commandlets required:

Get-User
Get-Mailbox
Get-EXOMailbox
Get-MailUser
Get-Contact
Get-MailContact
Get-DistributionGroup
Get-DistributionGroupMember
Get-UnifiedGroup
Get-UnifiedGroupLinks

Syncing to O365:

We highly recommend use of an O365 Admin account. Microsoft does not make it easy to create a non Admin account with the necessary access for UnitySync to perform the required powershell commands when writing to O365.

That said, it is possible for a Non Admin account to sync to O365.

The following commands are utilized by a UnitySync Sync process:

Set-Group
Set-DistributionGroup
Update-DistributionGroupMember
Set-Contact
Set-MailContact
New-DistributionGroup
New-MailContact
Remove-DistributionGroup
Remove-MailContact

Additionally, here is an Sample O365 RBAC script to reduce permissions.

IMPORTANT NOTE: This script was provided by a client as a sample script which allowed them to create a non Admin account for UnitySync to sync to o365. Your script may be different depending on your preference and environment. Using the script as an example, you can try to create a custom account with minimal access.

For more detailed information about setting read/write permissions on O365 User accounts, refer to Microsoft tech articles and/or reach out to Microsoft technical support:

Refer to: TechNet Overview of Built-in role groups

Refer to: TechNet View-only Organization Management

Refer to: Permissions in Exchange Online

Refer to: Create an unscoped role

For more information about O365 syncs, please refer to the O365 KB articles and the UnitySync Administrator’s Guide.

Share this article:
Knowledgebase

Directory
  1. Directify - Self Service

  2. Mimic - Replication

  3. UnitySync - Sync
Password
  1. emPass - Sync
Obsolete
  1. Profiler
  2. SimpleSync