Saviynt Forums

manigkannan · ‎09/28/2022

Hi All,

We are planning to integrate Exchange Online (Microsoft365 platform) with Saviynt EIC. As per the documentation on Microsoft Exchange Connector Guide (https://saviynt.freshdesk.com/support/solutions/articles/43000480321-microsoft-exchange-connector-gu...), it seems Azure AD integration is a pre-requisite to provision/de-provision exchange mailboxes for a user. Please confirm if it is correct?

We have already integrated On-Prem AD with Saviynt EIC and so is it possible to integrate Exchange Online using the users from AD users?

Quick response would be highly appreciated due to the Project timelines. Advance Thanks.

Regards,

Mani

NikhilGuptaSav · ‎09/29/2022

How does the exchange online provisioning happen currently? Are the exchange online accounts create one the exchange on-prem accounts are created? Is exchange on-prem accounts a pre-requisite?

manigkannan · ‎09/29/2022

Hi Nikhil,

Thank you for the quick response.

Q. How does the exchange online provisioning happen currently?

A: Currently, exchange mailbox provisioning is through AAD where license is assigned based on the AAD group in which the user account is provisioned.

Q. Are the exchange online accounts create one the exchange on-prem accounts are created?

Yes, that's correct. First user accounts are provisioned on to On-prem AD and they are synced to AAD (unidirectional)

Q. Is exchange on-prem accounts a pre-requisite?

A: Yes. The plan is to migrate existing on-prem exchange mailboxes to exchange online at later stage (no timeline as yet) but all new users will be provisioned with exchange online mailbox.

Please feel free to revert for further information.

Regards,

Mani

NikhilGuptaSav · ‎09/29/2022

so from an automation perspective, are you looking to automate provisioning for on-prem mailbox? That's how all the Microsoft hybrid set up are working currently. Also, can the exchange on-line account be created directly ? (Which I don't think so)

manigkannan · ‎09/29/2022

Hi Nikhil,

Thank you for the response. I'm not sure if I understood properly but see my response to your question based on my understanding of your question.

Q. so from an automation perspective, are you looking to automate provisioning for on-prem mailbox?

A: Our understanding is that the automating the on-prem mailbox provisioning/de-provisioning can be implemented using Win-PS connector. We are more interested in automating the provisioning/de-provisioning a mailbox on exchange online using Saviynt.

Q. That's how all the Microsoft hybrid set up are working currently.

A: We are not interested in exchange online mailbox provisioning from on-prem exchange.

Q. Also, can the exchange on-line account be created directly ? (Which I don't think so)

A: As in directly from Azure AD to exchange online? No, the accounts will be created on on-prem AD, they will be synced with AAD (AADsync), and then AAD synced accounts will be assigned to AAD groups (grouping is based on the license)

Regards,

Mani

NikhilGuptaSav · ‎09/29/2022

Mani,

If you are saying the exchange on-line account can't be created online as per your last comments, what are you really looking to do? How will you create an exchange online account without creating an on-prem AD and on prem mailbox

manigkannan · ‎09/29/2022

Hi Nikhil,

I have mentioned that user account will be created on-Prem AD first and then it will be synced to AAD (using AADSync) which is then available to provision/de-provision exchange online license.

Now, may I know why we need on-prem mailbox to provision exchange online mailbox?

NikhilGuptaSav · ‎09/30/2022

So here is how a typical flow happens in a hybrid MS set up on-prem AD account creation -> on-prem mailbox/exchange creation -> Enable Remote mailbox attribute -> AAD Sync -> Once the sync completed -> Azure AD account is created automatically via sync -> exchange online mailbox is created

You can't create exchange online account without creating on-prem mailbox. You can validate this flow with the customer. Depending on how the flow is, you should look at automating manual processes e.g., automate the remoteenable mailbox script which typically is a manual process

manigkannan · ‎10/02/2022

Hi Nikhil,

Thank you for the response. However, the MS Exchange connector documentation (https://saviynt.freshdesk.com/support/solutions/articles/43000480321-microsoft-exchange-connector-gu...) do not mention that as a pre-requisite. So, please update the doc accordingly.

Assuming if we do not need Hybrid exchange setup and want to provision/de-provision mailbox on exchange online, I believe, integration will be through AAD (with users synced to AAD from AD). Please confirm.

Regards,

Mani

NikhilGuptaSav · ‎10/02/2022

Mani,

I think that's where the domain knowledge as an SI comes into picture.

For your 2nd question, I don't know a scenario where we have not had a Hybrid set up but users are still being synced to AAD from AD. I would suggest to first understand from the customer Azure team, how the flow is and then try to address the problem it via automate

fouriefb · ‎11/29/2022

Hi Mani,

Reaching out to see if you ever managed to get this working, we have exactly the same situation with a customer and documentation is still lacking.

Would like to hear from you as we have been struggling to get any info on this.

Regards,

Frikkie

Saviynt Forums

Is Azure AD integration with Saviynt a pre-requisite to ExchangeOnline (Microsoft365) integration ?