Target
This is intended for customers who are implementing HENNGE Access Control in Microsoft 365.
Objective
Federate Microsoft 365 with HENNGE Access Control to enforce access control.
Notes
1. Please confirm the necessary items according to your service and usage.
2. The content of this article is based on the product as of October 2023 and may be subject to change without notice.
Table of Contents
1.1. Check Global IP Address
1.2. Modify the Default Domain Setting of Microsoft 365 (External Link)
1.3. Confirm how users access Microsoft 365 (Access Source Environment)
1.4. Collect HENNGE Device Certificate Device Information
1.5. Check the Status of Exchange Online Modern Authentication
1.6. Adjust Microsoft Volume License Service Center
1.7. Hide the "Maintain Sign-in State" Screen in Microsoft 365
1.8. Disable the "Always Connect to Outlook" Function in Outlook on the Web
1.9. Consider HENNGE Access Control Operational Policies
1.10. Configure HENNGE Access Control Operational Policies
2. User Synchronization from Active Directory to Microsoft 365 and HENNGE Access Control
2.1. Organize Users in Active Directory
2.2. Prepare and Set Up the Machine for Installing Azure AD Connect (External Link)
2.3. Install Azure AD Connect and Start User Synchronization (External Link)
2.4. Check the Operating Requirements for the Installation Machine of HENNGE Directory Sync Tool
2.5. Configure Active Directory Domain Controller and Check OS Versions
2.6. Add UNIX ID Management to All Domain Controllers (WS 2012 / WS 2012 R2)
2.7. Install HDEPasswordFilter.dll on All Domain Controllers (WS 2016 and later)
2.8. Install HENNGE Directory Sync Tool
2.9. Execute the Security Group Assignment Batch
2.10. Initial Configuration of HENNGE Directory Sync Tool Configuration File (config.ini)
2.11. Confirm the Configuration of Passwords for Synchronized Users
2.12. Run HENNGE Directory Sync Tool
3. User Synchronization between HENNGE Access Control and Microsoft 365
3.1. Change the UPN of Objects Other than Microsoft 365 Users to the onmicrosoft.com Domain
3.2. Bulk User Registration / Update / Deletion
3.3. Admin Consent for User Synchronization
3.4. Synchronize Users from Microsoft 365 to HENNGE Access Control
3.5. Change Passwords for Users Synchronized from Microsoft 365 to HENNGE Access Control
3.6. User Synchronization between HENNGE Access Control and Microsoft 365
3.7. Solutions for Frequent Sign-in Prompts in Microsoft 365 Applications
4. Configuring Tenant-Wide Allowance of Unread Notifications in HENNGE Secure Browser
4.1. Configure Unread Notification Settings in HENNGE Secure Browser
5. End-User Settings Required for Using Access Control in HENNGE Access Control
5.1. Install HENNGE Secure Browser
5.2. Authenticate End Devices in HENNGE Secure Browser
5.3. Configure Receiving OTP (One-Time Password) in Applications
5.4. Configure Receiving OTP (One-Time Password) via Email
5.5. Issue HENNGE Device Certificate
5.6. Install HENNGE Device Certificate
6. Configuration of Access Control Policies in HENNGE Access Control
6.1. Assign Access Policy Groups to Users
6.2. Assign Browser Policies to Users
7. Connection between HENNGE Access Control and Microsoft 365
7.1. Federation Connection Setup Between Microsoft 365 and HENNGE Access Control
7.2. Federation Confirmation Between HENNGE Access Control and Microsoft 365
7.3. Disconnecting Azure AD Modern Authentication
1. Preparations
1.1. Confirming Global IP Address
To control access based on the source IP, please verify the IPs to allow access.
1.2. Changing Default Domain Setting in Microsoft 365
Change the default domain setting of your Microsoft 365 tenant to .onmicrosoft.com (initial domain of your Microsoft 365 tenant). For details, consult Microsoft or your Microsoft 365 reseller.
1.3. Verifying How Users Access Microsoft 365 (Access Source Environment)
Before considering and setting access policies, please verify the end users' usage environment.
1.4. Collecting Device Information for HENNGE Device Certificate
* If you are using HENNGE Device Certificate, please follow this item.
Information about the devices is required for issuing HENNGE Device Certificates. Please select the target devices and collect the necessary information in advance.
1.5. Checking the Status of Exchange Online Modern Authentication
1.6. Adjusting Microsoft Volume Licensing Service Center
1.7. Disabling the "Keep Me Signed In" Screen in Microsoft 365
1.8. Disabling the "Always Connect to Outlook" Feature on Outlook on the Web
1.9. Reviewing HENNGE Access Control Operational Policies
Please consult your implementation guide for more details.
1.10. Configuring HENNGE Access Control Operational Policies
HENNGE offers setup services. Please consult your implementation guide for details.
If you prefer to set it up yourself, please review the following contents:
* If you are using Classic View, follow the steps in the following items.
・Setting Up the Login Screen (Classic View)
・Password-Related Settings (Classic View)
・Secure Browser (HENNGE Secure Browser) Related Settings (Classic View)
・Other Settings (Classic View)
* If you have enabled Modern View, please follow the steps in the following items:
・Setting Up the Login Screen (Modern View)
・Password-Related Settings (Modern View)
・Settings Related to Secure Browser (HENNGE Secure Browser) (Modern View)
2. User Synchronization from Active Directory to Microsoft 365 and HENNGE Access Control
* If you are synchronizing users from Active Directory to HENNGE Access Control, please follow this item.
* Please note that the required tasks may vary depending on the version of Active Directory.
2.1. Organizing Users in Active Directory
2.2. Preparation and Setup of the Machine for Azure AD Connect Installation (External Link)
For more details, please check with Microsoft and Microsoft 365 resellers.
2.3. Installation of Azure AD Connect and User Synchronization Start (External Link)
For more details, please check with Microsoft and Microsoft 365 resellers.
2.4. Confirmation of Operating Requirements for the Installation Machine of HENNGE Directory Sync Tool
2.5. Configuration of Active Directory Domain Controllers and OS Version Check
2.6. Addition of UNIX ID Management to All Domain Controllers (WS 2012 / WS 2012 R2)
2.7. Installation of HDEPasswordFilter.dll on All Domain Controllers (WS 2016 and later)
2.8. Installation of HENNGE Directory Sync Tool
2.9. Execution of Assign-HDEOnePasswrdSyncGroup.bat
2.10. Initial Setup of HENNGE Directory Sync Tool Configuration File (config.ini)
2.11. Confirmation of Password Configuration for Synchronized Users
2.12. Execution of HENNGE Directory Sync Tool
3. User Synchronization between HENNGE Access Control and Microsoft 365
If you are synchronizing users from HENNGE Access Control to Microsoft 365, please perform this section.
3.1. Change UPN of Objects Other Than Users in Microsoft 365 to onmicrosoft.com Domain
3.2. Bulk User Registration / Update / Deletion
If you are using Classic View, please follow the steps in the following sections:
- Bulk User Registration / Update / Deletion (Classic View)
If you have enabled Modern View, please follow the steps in the following sections:
- Bulk User Registration (Modern View)
- Bulk User Update (Modern View)
- Bulk User Deletion (Modern View)
3.3. Admin Consent for User Synchronization
3.4. User Synchronization from Microsoft 365 to HENNGE Access Control
※ This section is for customers who have been using Microsoft 365 before implementing HENNGE One.
※ This section involves work performed by HENNGE. Please contact your implementation guide for assistance as needed.
3.5. Password Change for Users Synchronized from Microsoft 365 to HENNGE Access Control
※ This section is for customers who have completed "3.4. User Synchronization from Microsoft 365 to HENNGE Access Control."
※ If you are using the classic view, please follow the steps below.
・Password Change for Users Synchronized from Microsoft 365 to HENNGE Access Control (Classic View)
※ If you have enabled the modern view, please follow the steps below.
・Password Change for Users Synchronized from Microsoft 365 to HENNGE Access Control (Modern View)
3.6. User Synchronization between HENNGE Access Control and Microsoft 365
※ This section involves work performed by HENNGE. Please contact your implementation guide for assistance as needed.
3.7. Resolving Frequent Sign-In Prompts in Microsoft 365 Applications
2.2. Preparing and Setting Up the Machine for Azure AD Connect Installation (External Link)
For more details, please consult Microsoft and Microsoft 365 resellers.
2.3. Installing Azure AD Connect and Starting User Synchronization (External Link)
For more details, please consult Microsoft and Microsoft 365 resellers.
2.4. Checking the Operating Requirements for Installing HENNGE Directory Sync Tool on the Target Machine
2.5. Configuring Active Directory Domain Controllers and Verifying OS Versions
2.6. Adding UNIX ID Management to All Domain Controllers (WS 2012 / WS 2012 R2)
2.7. Installing HDEPasswordFilter.dll on All Domain Controllers (WS 2016 and later)
2.8. Installing HENNGE Directory Sync Tool
2.9. Running Assign-HDEOnePasswrdSyncGroup.bat
2.10. Initial Configuration of HENNGE Directory Sync Tool Settings (config.ini)
2.11. Verification of Synchronized User Password Settings
2.12. Execution of HENNGE Directory Sync Tool
3. User Synchronization between HENNGE Access Control and Microsoft 365
* If you intend to synchronize users from HENNGE Access Control to Microsoft 365, please perform this section.
3.1. Changing UPN of Non-Microsoft 365 Users to onmicrosoft.com Domain
3.2. Bulk Registration/Update/Deletion of Users
* For users using the classic view, please follow the steps in the following section.
- Bulk Registration/Update/Deletion of Users (Classic View)
* For users with modern view enabled, please follow the steps in the following section.
- Bulk Registration/Update/Deletion of Users (Modern View)
3.3. Admin Consent for User Synchronization
3.4. Synchronizing Users from Microsoft 365 to HENNGE Access Control
* This section is for customers who have been using Microsoft 365 before HENNGE One was introduced.
* This section requires actions by HENNGE. Please inform your implementation guide if needed.
3.5. Changing the Passwords of Users Synchronized from Microsoft 365 to HENNGE Access Control
* This section is for customers who have completed "3.4. Synchronizing Users from Microsoft 365 to HENNGE Access Control".
* For users using the classic view, please follow the steps in the following section.
* If you have modern view enabled, please follow the steps in the following section.
3.6. User Synchronization between HENNGE Access Control and Microsoft 365
* This section requires actions by HENNGE. Please inform your implementation guide if needed.
3.7. Resolving Frequent Sign-In Prompts in Microsoft 365 Applications
4. Configure Unread Notifications for HENNGE Secure Browser at the Tenant
* If you are using HENNGE Secure Browser, please follow this item.
4.1. Configure Unread Notifications for HENNGE Secure Browser (Microsoft 365)
4. Configure Unread Notifications for HENNGE Secure Browser at the Tenant
* If you are using HENNGE Secure Browser, please follow this item.
4.1. Configure Unread Notifications for HENNGE Secure Browser (Microsoft 365)
5. End-User Configuration for Using HENNGE Access Control Access Control
5.1. HENNGE Secure Browser Installation
* If you are using HENNGE Secure Browser, please follow this item.
• HENNGE Secure Browser Installation (iOS)
• HENNGE Secure Browser Installation (Android)
• HENNGE Secure Browser Installation (Windows PC)
• HENNGE Secure Browser Installation (macOS)
5.2. HENNGE Secure Browser Device Authentication
* If you are using HENNGE Secure Browser, please follow this item.
5.3. Configuration to Receive OTP (One-Time Password) in the Application
* If you are using OTP, please follow this item.
5.4. Configuration to Receive OTP (One-Time Password) via Email
* If you are using OTP, please follow this item.
5.5. Issuing HENNGE Device Certificate
* If you are using HENNGE Device Certificate, please follow this item.
* If you are using Classic View, follow the steps in the following item.
・Issuing HENNGE Device Certificate (Classic View)
* If you have enabled Modern View, follow the steps in the following item.
・Issuing HENNGE Device Certificate (Modern View)
5.6. Installing HENNGE Device Certificate
* If you are using HENNGE Device Certificate, please follow this item.
6. Configuration of Access Control Policies in HENNGE Access Control
6.1. Assigning Access Policy Groups to Users
6.2. Assigning Browser Policies to Users
* Please follow this item if you are using HENNGE Secure Browser.
* If you are using Classic View, follow the steps in the following item.
・Assigning Browser Policy Groups to Users (Classic View)
* If you have enabled Modern View, follow the steps in the following item.
・Assigning Browser Policy Groups to Users (Modern View)