This knowledge base article will explain how to configure inclusion and exclusion rules for your Microsoft 365 (formerly Office 365) / Azure Active integration. Please ensure you have followed this configuration article before trying to synchronise your recipients.
Please note, only one Active Integration should be added to an account. If you require multiple Active Integrations, please contact your Customer Success Manager or firstname.lastname@example.org about enabling the Partner Portal.
By default, Active Integration will synchronise all available domains from your connected Office 365 account.
It's more efficient to only include the domains you want to import (e.g., phishingtackle.com) than it is to exclude the domains you don't want to use (e.g. phishingtackle.onmicrosoft.com etc...). If you have multiple domains, you will need to list each on a separate line.
You may have a requirement to either include or exclude specific groups. If you wish to import specific Groups, you can also specify these in the Groups to Include and the Groups to Exclude sections. Ensure you specify one group per line. The tool synchronises with Office 365 Groups, Security Groups and Mail-Enabled Security Groups, it will not synchronise with Nested Groups (groups within groups), Dynamic Groups or Distribution Groups (mailboxes without a centralised location for mail).
As with Domains and Groups, you can include or exclude individual recipients. Simply enter their email address in the respecting Recipients to Include or Recipients to Exclude areas. Ensure you specify one recipient email address per line.
Exclude follows include
Be mindful that all exclusions are processed after all inclusions.
For example, if you have recipients in multiple groups within Office 365, be aware that if one of their groups is excluded the recipient will not be imported.
Manually imported recipients will be updated, not duplicated
If you have previously added your recipients to the platform using a manual process (for example, importing via CSV or entering individually), those recipients will simply be updated with any new information that office 365 holds, including groups.
Groups become tags
Any Office 365 "Groups" a recipient belongs to will be added to the recipient as "Tags". If the tag doesn't exist within the Phishing Tackle platform it will be created at the point of import.
All contact information will be synchronised as-is.
Shared mailboxes are imported as recipients
If you have any shared mailboxes in Microsoft 365 (formerly Office 365) they will be imported as recipients.
To avoid importing shared mailboxes, check the "Include only Licensed Mailboxes" box.
As shared mailboxes do not require an Office 365 license, this is an effective method to filter out any non-user mailboxes.
Please note, Microsoft can take an hour or more to publish account and licensing information. Phishing Tackle will make the changes to your recipients when Microsoft publishes this information.
Use Microsoft 365 (formerly Office 365) to manage recipients and Phishing Tackle for tags
Once Active Integration is synchronised, we recommend managing your recipients through Microsoft 365 (formerly Office 365), not the Phishing Tackle platform. Any information removed from a recipient within the platform will just be added back in on the next synchronisation, so it's best to use Office 365 to make any changes.
If, however, you need to add additional tags to a recipient, this can still be done from within the Phishing Tackle platform.