Microsoft Graph Integration (New)

1. Sign in to your Huntress Security Awareness Training (SAT)/Curricula account and navigate to Integration Providers by clicking “Settings” in the top navigation and then clicking “Providers” in the left navigation. 
2. Click “+ Add a provider”
   
3. Click the “Connect” link in the  Microsoft Graph tile.
   
4. Choose the level of security permissions you wish to grant to Huntress SAT/Curricula. 
   • We recommend “Full Permissions,” which is an upcoming feature that will also enable API insertion of messages without setting up allowlisting in your email filter tools and enhanced branding. However, this requires granting permission to write and read messages. Note: This feature is currently in early beta. Please contact your account manager if you would like early access.
     
   • Alternatively, you can grant permission to set up group sync only. This limits the product’s capabilities and is only recommended when your organization’s policy requires a limited scope. 
5. Authenticate with your Microsoft 365 account and click “Accept” on the Permissions requested.
   

1. If you aren’t automatically sent to the group setup step after connecting your SAT account to Microsoft, click “+ Connect a group” on the Providers detail page.
   
2. Choose whether you want to connect to an existing SAT group or create a new one. Please note that the ‘Staff’ group is created by default in all SAT accounts, and there is a one-to-one mapping between an SAT group and a Microsoft 365 mapping.
   
3. Configure the group settings
   • You can leave the Group ID blank to synchronize all identities in the Microsoft 365 directory or paste the group’s “Object ID” from Microsoft. If you would prefer to use the "UPN" (User Principal Name) attribute instead of the user's "Email" attribute, please check this box before syncing. 
     
     
     
   • We recommend the following settings:
     • Enabled:
       1.  “Exclude unlicensed identities” - This setting ignores identities in Microsoft Active Directory that don’t have any licenses assigned to them. This is helpful to avoid importing non-human identities, such as printers and shared desktops.
       2. “Automatic Daily Sync” - This setting will schedule updates every 24 hours to keep your learner's list up-to-date. 
       3. Attribute Options - Unless there are fields you explicitly want to ignore, we recommend leaving them all enabled.
       4. Set non-present learners to "Inactive" status - enable - If you ever delete identities in Microsoft Active Directory without setting them as “Inactive,” this setting will detect that and set learners who no longer appear in Active Directory as “Inactive.”
       5. Create Departments as needed - This will automatically create Departments in the SAT platform once they are seen as part of the sync
     • Disable:
       Set present learners to "Active" status - By enabling this setting, Curricula will ignore your resource’s “status” field when syncing users. Any users present in your resource will be set to “Active” status in the Curricula app after the sync is complete, even if they are marked as inactive or suspended in your directory.
4. Click “Preview & Sync” for stats and detailed information about how identities would be impacted under the' Log tab.'
   
5. If everything looks correct, click “Apply Manual Sync.”
6. After this initial sync, you can view results or download a CSV sync record under the Log tab.
   
7. By running the manual sync, you have completed the configuration and have saved your changes. You can return to Settings->Integrations-> Provider to add more groups within the sync or modify settings.

Note: By setting up the integration, we will automatically mark any domains associated with your  Microsoft 365 account as verified. Once API delivery is released, we will also automatically verify deliverability.