This article is for Cloud Admins/Tech Admins.
You can sync your users and groups from your Azure Directory with Monitor. One of the benefits of syncing your Azure Directory is Monitor users will see your users’ names instead of just your users’ system ID. Creating Monitor groups in your directory also ensures Monitor is reporting on your current users, especially as students and staff change throughout the school year.
Plan your groups to support the Alerting Profiles your Safeguarding Contact needs. You can use existing groups and create new groups in your Azure Directory. The synced groups can be used by your Safeguarding Contact to edit and create Alerting Profiles as soon as the first sync is complete.
Monitor will automatically perform recurring automated syncs after you complete the configuration. You can also complete a manual sync to update Monitor with your current Azure Directory data.
Allowing Access to Azure Directory
You must give Monitor access to your Azure Directory before syncing your data and mapping the groups in Monitor. This process has four steps:
- Add a new registration.
- Configure permissions.
- Copy the secret.
- Copy the Client ID and Tenant ID.
1. Add a New Registration
- In Azure Directory (http://www.portal.azure.com/), select the top left icon and select Azure Active Directory from the sidebar.
- Select App Registrations from the sidebar.
- Select New Registration.
- Enter a Name.
- Check the Accounts in the organisation directory only checkbox.
- Select Register.
2. Configure Permissions
- Select API Permissions from the sidebar.
- Select Add Permission.
- Select Microsoft Graph.
- Select Application Permission.
- Enter Directory in the search bar.
- Expand the Directory arrow and select Directory.Read.All.
- Select Add Permission.
- Select Grant Admin Consent.
- A confirmation window will appear. Select Yes.
- The Status will update to Granted with green ticks.
3. Copy the Secret
- Select Certificates and Secrets from the sidebar.
- Select New Client Secret.
- Enter a Description.
- Select Expires in 24 months.
Add a reminder in your calendar to update the Secret in 24 months.
- Select Add.
Do not navigate away from this page until you have copied the Value, otherwise the Value will be hidden and you will not be able to see it again. You will need to delete and generate a new Secret again.
- Copy the ID under the Value column and paste it into a notepad.
4. Copy the Client ID and Tenant ID
- Select Overview from the sidebar.
- Copy the Application (client) ID and paste it into a notepad.
- Copy the Directory (tenant) ID and paste it into a notepad.
Creating and Syncing your Directory
The initial sync can take up to 2 hours depending on the size of your directory.
- Sign in to your Monitor Portal.
Monitor - UK, Australia, New Zealand
Monitor - US
- From the top-left menu, select Admin Panel > Directories.
- Select Add Directory.
- Select Azure and select Confirm.
- Type a description you will recognise in Name.
- If you are multi-tenanted organisation, you can select All tenants or Selected Tenants.
- Paste your Client ID (Azure Application ID).
- Paste the Client Secret (Azure Client Secret value).
- Paste your Azure Tenant ID (Azure Directory ID).
- Select Save.
The sync will begin automatically. The “Last Sync Date” will display the time the sync was completed after the sync is complete.
Forcing a Manual Sync
You can manually force a sync if you have made changes within Azure Directory and want it to reflect within Monitor.
- Sign into the Monitor Portal.
- Go to Admin Panel > Directories.
- Click on the Azure Directory you want to sync.
- Select Sync Directory at the bottom-left of your window.