Guest User!

You are not Sophos Staff.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Azure AD Sync

Hello everybody,

we have enabled Azure AD Sync in Central for two weeks.
Before that we only had the normal AD Sync. Now I've noticed that while the status of Azure AD Sync is all great,
new users are not being synced. I have redone the app registration in Azure without success.
it looks to me as if nothing had synchronized from azure AD sync, only the old entries from ad sync are available.
does anyone have an idea why?

best regards
Tolik


This thread was automatically locked due to age.
Parents Reply Children
  • Hi,

    I have already read this article and also carried out the app registration in Azure again, but didn't help.

  • Hi  

    I will check this with my team and shall get back to you, meanwhile could you please DM me the case number which you have already registered Support? 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • Hi  

    I am assuming that you had on-prem AD sync in place before two weeks and you just turned on the Azure AD sync. 

    While it is not possible to convert from one to the other, it is possible to switch if you first delete all of the existing AD objects (users, groups, folders) prior to switching AD Sync tools.

    • Disable the AD Sync tool/client to prevent importing users and mailboxes
    • Remove all existing users and mailboxes before syncing with Azure
    • Uninstall all of their Sophos endpoint software before the switch and then reinstall after the switch
    • Raise a Technical Support case with details/confirmation the above steps have been completed, and that you would like to request Engineering to Reset AD tasks.

    Other important notes about the difference when using Azure AD:

    • Sophos Azure Active Directory synchronization supports Sophos Endpoint Protection and Sophos Email Gateway. It has not been tested with other Sophos products.
    • You must use an account that has been domain joined to Azure AD while installing the endpoint client.
    • Azure AD Sync does not import any device data.
    • Azure AD Sync does not support Mac endpoints.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hi there,


    thanks for the steps. We already had a support case for 2 weeks ago and the Technical Support did an AD Task reset ... but we didn't get any information, to deleted all user/groups before.

    And reinstalling the endpoints is too much work ... we have over 5000 clients ...

    Then we have to do AD sync again. With AD Sync we always had to import the shared mailbox manually via csv because they didn't sync. is there a better solution?

  • Hi  

    Please speak to Sophos Support for this. There are no other alternatives to this. They should be able to identify any issues. You can not move from Azure AD sync to AD sync without assistance from the Support team as there are some backend changes to be done.

    Regards

    Jaydeep

  • Hello everybody,

    thanks for the information, I am now waiting for the message from technical support.

     

    As a test, we have now set up a new subunit in central. And it doesn't work there either ...

    Azure Sync says that everything was successful, but no users and mailboxes there ...

     

    best regards

    Tolik

  • Hi Tolik,

    As the issue could be replicated on a new account in Central, I suspect the application credentials may be limited on the Azure side.  Does the application credentials have permissions Directory.Read.All?