HENNGE Access Control Implementation Procedure List (Microsoft 365)

Target

This is intended for customers who are implementing HENNGE Access Control in Microsoft 365.

Objective

Federate Microsoft 365 with HENNGE Access Control to enforce access control.

Notes

1. Please confirm the necessary items according to your service and usage.

2. The content of this article is based on the product as of October 2023 and may be subject to change without notice.

Table of Contents

1. Preparations

1.1. Check Global IP Address
1.2. Modify the Default Domain Setting of Microsoft 365 (External Link)
1.3. Confirm how users access Microsoft 365 (Access Source Environment)
1.4. Collect HENNGE Device Certificate Device Information
1.5. Check the Status of Exchange Online Modern Authentication
1.6. Adjust Microsoft Volume License Service Center
1.7. Hide the "Maintain Sign-in State" Screen in Microsoft 365
1.8. Disable the "Always Connect to Outlook" Function in Outlook on the Web
1.9. Consider HENNGE Access Control Operational Policies
1.10. Configure HENNGE Access Control Operational Policies

2. User Synchronization from Active Directory to Microsoft 365 and HENNGE Access Control

2.1. Organize Users in Active Directory
2.2. Prepare and Set Up the Machine for Installing Azure AD Connect (External Link)
2.3. Install Azure AD Connect and Start User Synchronization (External Link)
2.4. Check the Operating Requirements for the Installation Machine of HENNGE Directory Sync Tool
2.5. Configure Active Directory Domain Controller and Check OS Versions
2.6. Install HDEPasswordFilter.dll on All Domain Controllers (WS 2016 and later)
2.7. Install HENNGE Directory Sync Tool
2.8. Execute the Security Group Assignment Batch
2.9. Initial Configuration of HENNGE Directory Sync Tool Configuration File (config.ini)
2.10. Confirm the Configuration of Passwords for Synchronized Users
2.11. Run HENNGE Directory Sync Tool

3. User Synchronization between HENNGE Access Control and Microsoft 365

3.1. Change the UPN of Objects Other than Microsoft 365 Users to the onmicrosoft.com Domain
3.2. Bulk User Registration / Update / Deletion
3.3. Admin Consent for User Synchronization
3.4. Synchronize Users from Microsoft 365 to HENNGE Access Control
3.5. Change Passwords for Users Synchronized from Microsoft 365 to HENNGE Access Control
3.6. User Synchronization between HENNGE Access Control and Microsoft 365
3.7. Solutions for Frequent Sign-in Prompts in Microsoft 365 Applications

4. Configuring Tenant-Wide Allowance of Unread Notifications in HENNGE Secure Browser

4.1. Configure Unread Notification Settings in HENNGE Secure Browser

5. End-User Settings Required for Using Access Control in HENNGE Access Control

5.1. Install HENNGE Secure Browser
5.2. Authenticate End Devices in HENNGE Secure Browser
5.3. Configure Receiving OTP (One-Time Password) in Applications
5.4. Configure Receiving OTP (One-Time Password) via Email
5.5. Issue HENNGE Device Certificate
5.6. Install HENNGE Device Certificate

6. Configuration of Access Control Policies in HENNGE Access Control

6.1. Assign Access Policy Groups to Users
6.2. Assign Browser Policies to Users

7. Connection between HENNGE Access Control and Microsoft 365

7.1. Federation Connection Setup Between Microsoft 365 and HENNGE Access Control
7.2. Federation Confirmation Between HENNGE Access Control and Microsoft 365
7.3. Disconnecting Azure AD Modern Authentication

1. Preparations

1.1. Confirming Global IP Address

To control access based on the source IP, please verify the IPs to allow access.

1.2. Changing Default Domain Setting in Microsoft 365

Change the default domain setting of your Microsoft 365 tenant to .onmicrosoft.com (initial domain of your Microsoft 365 tenant). For details, consult Microsoft or your Microsoft 365 reseller.

1.3. Verifying How Users Access Microsoft 365 (Access Source Environment)

Before considering and setting access policies, please verify the end users' usage environment.

1.4. Collecting Device Information for HENNGE Device Certificate

* If you are using HENNGE Device Certificate, please follow this item.

Information about the devices is required for issuing HENNGE Device Certificates. Please select the target devices and collect the necessary information in advance.

1.5. Checking the Status of Exchange Online Modern Authentication

1.6. Adjusting Microsoft Volume Licensing Service Center

1.7. Disabling the "Keep Me Signed In" Screen in Microsoft 365

1.8. Disabling the "Always Connect to Outlook" Feature on Outlook on the Web

1.9. Reviewing HENNGE Access Control Operational Policies

Please consult your implementation guide for more details.

1.10. Configuring HENNGE Access Control Operational Policies

HENNGE offers setup services. Please consult your implementation guide for details.

If you prefer to set it up yourself, please review the following contents:

Setting Up the Login Screen

Password-Related Settings

Settings Related to Secure Browser (HENNGE Secure Browser)

Other Settings

2. User Synchronization from Active Directory to Microsoft 365 and HENNGE Access Control

* If you are synchronizing users from Active Directory to HENNGE Access Control, please follow this item.

* Please note that the required tasks may vary depending on the version of Active Directory.

2.1. Organizing Users in Active Directory

2.2. Preparation and Setup of the Machine for Azure AD Connect Installation (External Link)

For more details, please check with Microsoft and Microsoft 365 resellers.

2.3. Installation of Azure AD Connect and User Synchronization Start (External Link)

For more details, please check with Microsoft and Microsoft 365 resellers.

2.4. Confirmation of Operating Requirements for the Installation Machine of HENNGE Directory Sync Tool

2.5. Configuration of Active Directory Domain Controllers and OS Version Check

2.6. Installation of HDEPasswordFilter.dll on All Domain Controllers (WS 2016 and later)

2.7. Installation of HENNGE Directory Sync Tool

2.8. Execution of Assign-HDEOnePasswrdSyncGroup.bat

2.9. Initial Setup of HENNGE Directory Sync Tool Configuration File (config.ini)

2.10. Confirmation of Password Configuration for Synchronized Users

2.11. Execution of HENNGE Directory Sync Tool

3. User Synchronization between HENNGE Access Control and Microsoft 365

If you are synchronizing users from HENNGE Access Control to Microsoft 365, please perform this section.

3.1. Change UPN of Objects Other Than Users in Microsoft 365 to onmicrosoft.com Domain

3.2. Bulk User Registration / Update / Deletion

- Bulk User Registration

- Bulk User Update

- Bulk User Deletion

3.3. Admin Consent for User Synchronization

3.4. User Synchronization from Microsoft 365 to HENNGE Access Control

※ This section is for customers who have been using Microsoft 365 before implementing HENNGE One.
※ This section involves work performed by HENNGE. Please contact your implementation guide for assistance as needed.

3.5. Password Change for Users Synchronized from Microsoft 365 to HENNGE Access Control

※ This section is for customers who have completed "3.4. User Synchronization from Microsoft 365 to HENNGE Access Control."
・Password Change for Users Synchronized from Microsoft 365 to HENNGE Access Control

3.6. User Synchronization between HENNGE Access Control and Microsoft 365

※ This section involves work performed by HENNGE. Please contact your implementation guide for assistance as needed.

4. Configure Unread Notifications for HENNGE Secure Browser at the Tenant

* If you are using HENNGE Secure Browser, please follow this item.

4.1. Configure Unread Notifications for HENNGE Secure Browser (Microsoft 365)

5. End-User Configuration for Using HENNGE Access Control Access Control

5.1. HENNGE Secure Browser Installation

* If you are using HENNGE Secure Browser, please follow this item.

HENNGE Secure Browser Installation (iOS)
HENNGE Secure Browser Installation (Android)
HENNGE Secure Browser Installation (Windows PC)
HENNGE Secure Browser Installation (macOS)

5.2. HENNGE Secure Browser Device Authentication

* If you are using HENNGE Secure Browser, please follow this item.

5.3. Configuration to Receive OTP (One-Time Password) in the Application

* If you are using OTP, please follow this item.

5.4. Configuration to Receive OTP (One-Time Password) via Email

* If you are using OTP, please follow this item.

5.5. Issuing HENNGE Device Certificate

  * If you are using HENNGE Device Certificate, please follow this item.

・Issuing HENNGE Device Certificate

5.6. Installing HENNGE Device Certificate

* If you are using HENNGE Device Certificate, please follow this item.

6. Configuration of Access Control Policies in HENNGE Access Control

6.1. Assigning Access Policy Groups to Users

6.2. Assigning Browser Policies to Users

* Please follow this item if you are using HENNGE Secure Browser.

Assigning Browser Policy Groups to Users

7. Connection Between HENNGE Access Control and Microsoft 365

7.1. Setting Up Federation Connection Between HENNGE Access Control and Microsoft 365

7.2. Federation Confirmation Between HENNGE Access Control and Microsoft 365

7.3. Disconnecting Azure AD Modern Authentication

          
Was this article helpful?