[Access Control] Implementation Procedure List (Microsoft 365)

Target

• Customers implementing Access Control
• Customers using Microsoft 365 as groupware

Purpose

• Explain how to perform federation between Microsoft 365 and Access Control to enforce access control.
  ※ If there are other cloud services you want to integrate with, perform single sign-on integration.

Notes

1. Please check the necessary items according to the services and usage purposes you are using.
2. The content of this article is based on the product content as of April 2025 and may be changed without notice thereafter.

Table of Contents

Preparation

1. Change the default domain settings of Microsoft 365 (external link)
2. Disable the "Always connect to Outlook" feature on Outlook on the Web
3. Check the status of Exchange Online modern authentication enablement
4. Collect Device Certificate device information
5. Consider Access Control operational policy
6. Set Access Control operational policy

User synchronization from Active Directory to Microsoft 365 and Access Control

1. Organize users on Active Directory
2. Set up Microsoft Entra Connect and start user synchronization
3. Install HDEPasswordFilter.dll on all domain controllers (WS 2016 and later)
4. Install HENNGE Directory Sync Tool
5. Create an API client for executing HENNGE Directory Sync Tool
6. Initial setup of HENNGE Directory Sync Tool configuration file (config.ini)
7. Execute Assign-HDEOnePasswordSyncGroup.bat
8. Set passwords for target users
9. Confirm password settings for target users
10. Execute HENNGE Directory Sync Tool

User synchronization between Access Control and Microsoft 365

1. Change object UPN to onmicrosoft.com domain
2. Bulk register/update/delete users
3. Set up user synchronization between Access Control and Microsoft Entra ID

Setting to allow unread notifications of Secure Browser in tenant

1. Set unread notifications for Secure Browser

Settings required on the end-user side to use Access Control access control

1. Install Secure Browser
2. Authenticate device with Secure Browser
3. Set to receive OTP (One-Time Password) in the application
4. Set to receive OTP (One-Time Password) by email
5. Issue Device Certificate
6. Install Device Certificate
7. Confirm installation status of Device Certificate
8. Install application to read Device Certificate

Access Control access control policy settings

1. Assign access policy group to users
2. Test operation of access policy group policy
3. Assign browser policy group to users

Settings for using HENNGE One portal site

1. Add Microsoft365 link to HENNGE One portal site

Connection between Access Control and Microsoft 365

1. Federation connection work between Microsoft 365 and Access Control
2. Confirm federation between Access Control and Microsoft 365
3. Disconnect Microsoft Entra ID modern authentication
4. Connection work with services performing Single Sign-On (SSO)

Procedure

Preparation

1. Change the default domain settings of Microsoft 365
Change the default domain settings of the Microsoft 365 tenant to .onmicrosoft.com (initial domain of Microsoft 365 tenant).
For details, please check with Microsoft or Microsoft 365 resellers.

2. Disable the "Always connect to Outlook" feature on Outlook on the Web

3. Check the status of Exchange Online modern authentication enablement

4. Device Certificate Collection of Device Information
※ If you are using Device Certificate, please perform this item.
Information on the target device is required for issuing the Device Certificate.
Please select the target device and collect information in advance.

5. Access Control Operational Policy Consideration
Consider the operational policy of Access Control (access control rules, display items on the login screen, etc.).

6. Access Control Operational Policy Settings
Reflect the considered operational policy of Access Control in the actual product settings.

• Appearance
• Password Related Settings
• Secure Browser Related Settings
• Device Certificate Settings
• Other Settings

User Sync from Active Directory to Microsoft 365 and Access Control

If you are syncing users from Active Directory to Access Control, please perform this item.

1. Organize Users on Active Directory

2. Microsoft Entra Connect Settings and Start User Sync
For details, please check with Microsoft or your Microsoft 365 reseller.

3. Install HDEPasswordFilter.dll on All Domain Controllers (WS 2016 and later)

4. Install HENNGE Directory Sync Tool

5. Create API Client for Running HENNGE Directory Sync Tool

6. Initial Setup of HENNGE Directory Sync Tool Configuration File (config.ini)

7. Run Assign-HDEOnePasswordSyncGroup.bat

8. Set Passwords for Synced Users
Change the password for all users to be synced once.

9. Confirm Password Settings for Synced Users

10. Run HENNGE Directory Sync Tool

User Sync Between Access Control and Microsoft 365

If you are syncing users between Access Control and Microsoft 365, please perform this item.

1. Change UPN of Non-User Objects on Microsoft 365 to onmicrosoft.com Domain

2. User Batch Registration / Update / Delete

• User Batch Registration
• User Batch Update
• User Batch Delete

3. User Sync Settings between Access Control and Microsoft Entra ID
First, refer to the following article to set up immediate and periodic sync for the target domain.
Access Control User Sync Settings (Access Control → Microsoft 365)

If you are using multiple domains and want to add user sync settings for another domain after already setting up user sync settings, please refer to the following article.
Adding Domains for Periodic User Sync in Access Control (Access Control → Microsoft 365)

Setting to Allow Unread Notifications for Secure Browser in Tenant

1. Unread Notification Settings for Secure Browser
※ This item is for customers using Secure Browser.

Settings Required on the End User Side to Use Access Control's Access Control

1. Installation of Secure Browser
※ This item is for customers using Secure Browser.

2. Device Authentication for Secure Browser
※ This item is for customers using Secure Browser.

3. Setting to Receive OTP (One-Time Password) in Application
※ This item is for customers using OTP.

4. Setting to Receive OTP (One-Time Password) via Email
※ This item is for customers using OTP.

5. Issuance of Device Certificate
※ This item is for customers using Device Certificate.

6. Installation of Device Certificate
※ This item is for customers using Device Certificate.

7. Checking the Installation Status of Device Certificate
※ This item is for customers using Device Certificate.

8. Installation of Application to Read Device Certificate
※ This item is for customers using Device Certificate.
Installation of Microsoft Authenticator

Access Control Access Policy Settings

1. Assigning Access Policy Groups to Users

2. Testing the Operation of Access Policy Group Policies

3. Assigning Browser Policy Groups to Users
※ This item is for customers using Secure Browser.

Settings for Using the HENNGE One Portal Site

1. Procedure to Add Microsoft365 Link to Access Control User Portal
※ This item is for customers using the HENNGE One Portal Site.

Connection between Access Control and Microsoft 365

1. Access Control and Microsoft 365 Federation Connection Work

2. Access Control and Microsoft 365 Federation Confirmation

3. Disconnecting Microsoft Entra ID Modern Authentication

4. Connection Work with Services Performing Single Sign-On (SSO)
If there are services performing SSO other than Microsoft 365, you can download the procedures with a track record of connections from this item.