HENNGE Access Control Implementation Procedure List (Microsoft 365)

Target

For customers who are using Microsoft 365 and implement the HENNGE Email DLP.

Purpose

To do federation between Microsoft 365 and HENNGE Access Control and access control.

Notes

1. Please check the necessary items according to the service/usage you are using.  

2. The content of this article based on the product content as of March 2019 and may be revised without prior notice.

Contents

1. Advance Preparation

1.1. Confirmation of global IP address 
1.2. Confirm on Microsoft 365 Usage of Groupware (Access Environment)
1.3. HENNGE Device Certificate Device Information Gathering
1.4. Checking Exchange Online Modern Authentication Status 
1.5. Checking Skype for Business Modern Authentication Status
1.6. Microsoft Volume License Center Coordination
1.7. HENNGE Access Control Operation Policy Review
1.8. HENNGE Access Control Operation Policy Setting 

2. User Synchronization from Active Directory to Microsoft 365・HENNGE Access Control

2.1. Prepare for users on the Active Directory
2.2. Prerequisites for Azure AD Connect Installation (External Link)
2.3. Azure AD Connect Installation・Start User Synchronization (External Link)
2.4. Prerequisites Checks for HENNGE Directory Sync Tool
2.5. Check on the Active Directory Domain Controller Structure and OS Versions
2.6. Adding the UNIX ID Component to all Domain Controllers (For 2008R2)
2.7. Adding the UNIX ID Component to all Domain Controllers (For 2012/2012R2)
2.8. How to install HDEPasswordFilter.dll on Active Directory (WS 2016 onwards)
2.9. Installation of HENNGE Directory Sync Tool
2.10. Execution of Assign-HDEOnePasswrdSyncGroup.bat
2.11. First time setting up the config.ini file for HENNGE Directory Sync Tool
2.12. Confirm on the Synchronization User Password Configuration
2.13. Execution of HENNGE Directory Sync Tool

3. User Synchronizing Setting between HENNGE Access Control and Microsoft 365

3.1. Change the UPN to onmicrosoft.com domain for None User Objects
3.2. How to perform Batch User
3.3. HENNGE Access Control : HENNGE One Directory Sync (Microsoft 365 with Azure Active Directory)
3.4. User Synchronization between HENNGE Access Control and Microsoft 365

4.Setting to Allow Unread Notification of HENNGE Secure Browser by Tenant

4.1. Admin Consent for Secure Browser Push notification

5. Settings on End User Side to Use HENNGE Access Control `s access control

5.1. HENNGE Secure Browser Installation
5.2. Authentication of HENNGE Secure Browser on Devices
5.3. Use application to receive OTP(One-Time Password)
5.4. Use email to receive OTP(One-Time Password) token
5.5. Issuing HENNGE Device Certificate
5.6. How to Install HENNGE Device Certificate

6. HENNGE Access Control access control Policy Setting

6.1. Assign Users to Access Policy Groups
6.2. Assign Devices to App Policy Groups

7. Connection Settings between HENNGE Access Control and Microsoft 365

7.1. Federation connection between HENNGE Access Control Microsoft 365
7.2. Confirmation of Federation Status between HENNGE Access Control and Microsoft 365 (Single Sign-On)
7.3. Disconnect Azure AD Modern Authentication

1. Advance Preparation

1.1. Confirmation global IP address 

Check the IP which allows access, since it is controlled by the source IP.

1.2.Confirm on Microsoft 365 Usage of Groupware (Access Environment)

Please check the usage environment of the end-user when considering and setting the access policy.

1.3. HENNGE Device Certificate Device Information Gathering

※ Please implement this section when you are using the HENNGE Device Certificate.

When issuing the HENNGE Device Certificate, information on the target device is required.
Please select the target device and collect information in advance.

1.4. Checking Exchange Online modern Authentication Status

1.5. Enabling ADAL (Modern Authentication) for Skype for Business Online

1.6. Microsoft Volume License Center Coordination

1.7. HENNGE Access Control Operation Policy Review

Please consult with your implementation guide.

1.8. HENNGE Access Control Operation Policy Setting

HENNGE can be set up on your behalf. Please consult with your implementation guide.

2. User Synchronization from Active Directory to Microsoft 365・HENNGE Access Control 

※ When synchronizing users from Active Directory to HENNGE Access Control, please implement this section. 

※ Please note that the required tasks will be different depending on the version of the Active Directory. 2.1. Prepare for Users on the Active Directory

2.2. Prerequisites for Azure AD Connect Installation (External Link)

Please check with Microsoft company or Microsoft 365 reseller for more information. 

2.3. Azure AD Connect Installation・Start User Synchronization (External Link)

Please Check with Microsoft company or Microsoft reseller for more information.

2.4. Prerequisites Checks for HENNGE Directory Sync Tool

2.5. Check on the Active Directory Domain Controller Structure and OS Versions

2.6.Adding the UNIX ID Component to all Domain Controllers (For 2008R2)

2.7. Adding the UNIX ID Component to all Domain Controllers (For 2012/2012R2)

2.8. How to install HDEPasswordFilter.dll on Active Directory (WS 2016 onwards))

2.9. Installation of HENNGE Directory Sync Tool

2.10. Execution of Assign-HDEOnePasswrdSyncGroup.bat

2.11. First time setting up the config.ini file for HENNGE Directory Sync Tool

2.12. Confirm on the Synchronization User Password Configuration

2.13. Execution of HENNGE Directory Sync Tool

3. User Synchronizing Setting Between HENNGE Access Control and Microsoft 365

※ Please implement this section When synchronizing the user from HENNGE Access Control to Microsoft 365.

3.1. Change the UPN to onmicrosoft.com domain for None User Objects

3.2. How to perform Batch User

3.3. HENNGE Access Control : HENNGE One Directory Sync (Microsoft 365 with Azure Active Directory)

3.4. User Synchronization between HENNGE Access Control and Microsoft 365

This section will be complete by HENNGE. Please let your implementation guide know when you have completed 3.3.

4. Setting to Allow Unread Notification of HENNGE Secure Browser by Tenant

※ Please implement this section when applying the HENNGE Secure Browser.

4.1.Admin Consent for Secure Browser Push notification

5. Settings on End User Side to Use HENNGE Access Control `s access control

5.1. HENNGE Secure Browser Installation

※ Please implement this section when applying the HENNGE Secure Browser.

HENNGE Secure Browser Installation (iOS)
HENNGE Secure BrowserInstallation (Android)
HENNGE Secure BrowserInstallation (Windows PC)
HENNGE Secure BrowserInstallation (macOS)

5.2.Authentication of HENNGE Secure Browser on Devices

※Please implement this section when applying HENNGE Secure Browser.

5.3. Use application to receive OTP(One-Time Password)

※ Please implement this section when applying the OTP. 

5.4. Use email to receive OTP(One-Time Password) token

※ Please implement this section when applying the OTP. 

5.5. Issuing HENNGE Device Certificate

※ Please implement this section when applying the HENNGE Device Certificate. 

5.6. How to Install HENNGE Device Certificate

※Please implement this section when applying the HENNGE Device Certificate. 

6. HENNGE Access Control access control Policy Setting

6.1. Assign Users to Access Policy Groups

6.2. Assign Devices to App Policy Groups

※ Please implement the 6.2 section when applying the HENNGE Secure Browser.

7. Connection Settings between  HENNGE Access Control and Microsoft 365

7.1. Federation Connection between HENNGE Access Control and Microsoft 365 (Single Sign-On)

7.2. Confirmation of Federation Status between HENNGE Access Control and Microsoft 365

7.3. How to make the Modern Authentication sessions expired for Microsoft 365 applications?

          
Was this article helpful?

Frequently Asked Questions (FAQs)