Skip to main content
日本語 简体中文 繁體中文

[Access Control] List of Setup Procedures (Microsoft 365)

Include

  • Customers implementing Access Control
  • Customers using Microsoft 365 as groupware

Purpose

  • This article explains how to federate Microsoft 365 with Access Control and configure access control.
    * If you wish to integrate with other cloud services, please set up Single Sign-On integration.

Notes

  1. Please check the required items according to your services and use cases.
  2. The content of this article is based on the product as of January 2026 and is subject to change without notice.

Table of Contents

Preparation

  1. Change the default domain setting in Microsoft 365 (external link)
  2. Disable "Always connect to Outlook" feature in Outlook on the web
  3. Check the status of modern authentication for Exchange Online
  4. Collect Device Info for Device Certificates
  5. Consider Access Control operation policy
  6. Configure Access Control operation policy

User Sync from Active Directory to Microsoft 365 / Access Control

  1. Organize users in Active Directory
  2. Configure Microsoft Entra Connect and start user sync
  3. Install HDEPasswordFilter.dll on all domain controllers (WS 2016 or later)
  4. Install HENNGE Directory Sync Tool
  5. Install root certificate for HENNGE Directory Sync Tool operation
  6. Create API client for running HENNGE Directory Sync Tool
  7. Initial setup of HENNGE Directory Sync Tool configuration file (config.ini)
  8. Set passwords for users to be synced
  9. Confirm password settings for users to be synced
  10. Run HENNGE Directory Sync Tool

User Sync between Access Control and Microsoft 365

  1. Change object UPN to onmicrosoft.com domain
  2. Batch user registration / update / delete
  3. Configure user sync between Access Control and Microsoft Entra ID

Allow Secure Browser unread notifications at the tenant level

  1. Configure Secure Browser unread notifications

Settings required on the end user side to use Access Control access control

  1. Install Secure Browser
  2. Device authentication for Secure Browser
  3. Configure OTP (One-Time Password) to be received via application
  4. Configure OTP (One-Time Password) to be received via email
  5. Issue Device Certificate
  6. Install Device Certificate
  7. Check Device Certificate installation status
  8. Install application to read Device Certificate

Access Control Access Policy Settings

  1. Assign Access Policy Groups to users
  2. Test Access Policy Group policy operation
  3. Assign browser policy groups to users

Settings for using the HENNGE One portal site

  1. Add Microsoft 365 link to HENNGE One portal site

Connect Access Control and Microsoft 365

  1. Federation connection work between Microsoft 365 and Access Control
  2. Confirm federation between Access Control and Microsoft 365
  3. Disconnect Microsoft Entra ID modern authentication
  4. Connect with services using Single Sign-On (SSO)

Procedure

Preparation

  1. Change the default domain setting in Microsoft 365
    Change the default domain setting of your Microsoft 365 tenant to .onmicrosoft.com (the initial domain of the Microsoft 365 tenant).
    For details, please check with Microsoft or your Microsoft 365 reseller.

  2. Disable "Always connect to Outlook" feature in Outlook on the web

  3. Check the status of modern authentication for Exchange Online

  4. Collect device information
    * If you are using Device Certificates, please perform this step.
    Device information is required to issue Device Certificates.
    Please select and collect information for the target devices in advance.

  5. Consider Access Control operation policy
    Consider the operation policy for Access Control (access control rules, items displayed on the login screen, etc.).
  6. Configure Access Control operation policy
    Reflect the considered Access Control operation policy in the actual product settings.

User Sync from Active Directory to Microsoft 365 / Access Control

If you want to sync users from Active Directory to Access Control, please follow this section.

  1. Organize users in Active Directory

  2. Configure Microsoft Entra Connect and start user sync
    For details, please check with Microsoft or your Microsoft 365 reseller.

  3. Install HDEPasswordFilter.dll on all domain controllers (WS 2016 or later)

  4. Install HENNGE Directory Sync Tool

  5. Procedure for installing root certificate for HENNGE Directory Sync Tool operation

  6. Create API client for running HENNGE Directory Sync Tool

  7. Initial setup of HENNGE Directory Sync Tool configuration file (config.ini)

  8. Set passwords for users to be synced
    Change the password for all users to be synced once.

  9. Confirm password settings for users to be synced

  10. Run HENNGE Directory Sync Tool

User Sync between Access Control and Microsoft 365

If you want to sync users between Access Control and Microsoft 365, please follow this section.

  1. Change object UPNs other than Microsoft 365 users to onmicrosoft.com domain

  2. Batch user registration / update / delete

  3. Configure user sync between Access Control and Microsoft Entra ID
    First, refer to the following article to configure immediate and scheduled sync for the target domain.
    Access Control User Sync Settings (Access Control → Microsoft 365)

    * If you are using multiple domains and want to add user sync settings for another domain after already configuring user sync, please refer to the following article.
    Add domain for scheduled Access Control user sync (Access Control → Microsoft 365)

Allow Secure Browser unread notifications at the tenant level

  1. Configure Secure Browser unread notifications
    * This section is for customers using Secure Browser.

Settings required on the end user side to use Access Control access control

  1. Install Secure Browser
    * This section is for customers using Secure Browser.

  2. Device authentication for Secure Browser
    * This section is for customers using Secure Browser.

  3. Configure OTP (One-Time Password) to be received via application
    * This section is for customers using OTP.

  4. Configure OTP (One-Time Password) to be received via email
    * This section is for customers using OTP.

  5. Issue Device Certificate
    * This section is for customers using Device Certificates.

  6. Install Device Certificate
    * This section is for customers using Device Certificates.

  7. Check Device Certificate installation status
    * This section is for customers using Device Certificates.

  8. Install application to read Device Certificate
    * This section is for customers using Device Certificates.
    Install Microsoft Authenticator

Access Control Access Policy Settings

  1. Assign Access Policy Groups to users

  2. Test Access Policy Group policy operation

  3. Assign browser policy groups to users
    * This section is for customers using Secure Browser.

Settings for using the HENNGE One portal site

  1. How to Add a Microsoft 365 Link to the Access Control User Portal
    * For customers using the HENNGE One portal site.

Access Control and Microsoft 365 Connection

  1. Federation Connection Procedure for Access Control and Microsoft 365

  2. How to Verify Federation Between Access Control and Microsoft 365

  3. Disconnecting Microsoft Entra ID Modern Authentication

  4. Connecting to Services for Single Sign-On (SSO)
    If you have services other than Microsoft 365 that use SSO, you can download procedures with a proven track record from this section.