This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Azure AD Sync, filter by group membership?

I have Azure AD Sync Setup and it works but does anyone have a working Azure App manifest that only syncs users from a specified Group in Azure AD? I thought id ask here before starting to code my own which ill need to read up on first.

I know i need to modify my Manifest file but ive not actually done it myself yet ie modify AAD manifests.

Thanks in advance,

This thread was automatically locked due to age.

Parents

0 Aditya Patel over 6 years ago

Hi John,

You may try to use by using LDAP queries, OU , DN, CN etc to target the specific groups .

Regards,

Aditya Patel
Global Escalation Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 john_kenny over 6 years ago in reply to Aditya Patel

Yeah i managed to resolve it eventually with group assignments on the azure app registration.

Seemed to do the job.

Thanks

JK
Cancel
Vote Up 0 Vote Down

Cancel
0 JasonIstre over 5 years ago in reply to john_kenny

Can you tell me exactly what you did? I've been going crazy trying to do this. I can get it to sync, but it syncs the entire directory. I created a group and tried the group assignments in the Enterprise app, I've spent like 16 hours just creating and recreating and trying everything I can. It either syncs the entire directory, or it says it doesn't have permission.

Jason
Cancel
Vote Up 0 Vote Down

Cancel
0 KsecureK over 5 years ago in reply to john_kenny

Following this as I am also interested how to filter this through Azure API
Cancel
Vote Up 0 Vote Down

Cancel
0 JasonIstre over 5 years ago in reply to KsecureK

I had a support ticket. Ran through all the documentation to make sure it was setup right. It was. Got escalated to level 3. Level 3 told me it is not possible to limit the sync of the azure directory. ...so I'm not sure the point of even having the option to sync with azure in the product. You will potentially sync hundreds of SharePoint/Teams/OneDrive guests users from other companies as well as all your service accounts, admin accounts, ect...

Maybe they are working on this. I don't prefer it, but I'm going to use on premise AD sync instead. Just FYI, only the top tier support developers can remove the azure sync once its setup if you decide you don't want it, or want to use AD Sync instead.

You can vote for the functionality here: https://ideas.sophos.com/forums/428821-sophos-central/suggestions/39847963-azure-sync-should-filter-for-group-membership
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 JasonIstre over 5 years ago in reply to KsecureK

I had a support ticket. Ran through all the documentation to make sure it was setup right. It was. Got escalated to level 3. Level 3 told me it is not possible to limit the sync of the azure directory. ...so I'm not sure the point of even having the option to sync with azure in the product. You will potentially sync hundreds of SharePoint/Teams/OneDrive guests users from other companies as well as all your service accounts, admin accounts, ect...

Maybe they are working on this. I don't prefer it, but I'm going to use on premise AD sync instead. Just FYI, only the top tier support developers can remove the azure sync once its setup if you decide you don't want it, or want to use AD Sync instead.

You can vote for the functionality here: https://ideas.sophos.com/forums/428821-sophos-central/suggestions/39847963-azure-sync-should-filter-for-group-membership
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 KsecureK over 5 years ago in reply to JasonIstre

Thanks for the information. I stumbled into the challenge of removing Azure AD sync configurations more than year ago, too bad that this has not been addressed yet. Voted for the feature request.

Br

K
Cancel
Vote Up 0 Vote Down

Cancel