Sunday, July 26, 2015

Sync the Office 365 GAL to Outlook

By Vern Weitzman

Sync the Office 365 GAL to iPhone, Android and Other Smartphones


You may already know that your iPhone and Android users will be much more productive if they have a cached copy of the GAL in their contacts.

If you are not familiar with the itrezzo Unified Contact Manager and want to sync the GAL, check out the articles listed below:


Configuring itrezzo Contact Management with Azure AD
We recently worked with a customer that had 3000 mailboxes in their Office 365 GAL. The Unified Contact Manager, our unified contact management tool, was using Exchange Web Services and GAL sync was failing miserably.

We wanted to fall back to LDAP since they were running DirSync. Unfortunately, there were three different domains from different locations syncing into Office 365. Each of them had a unique copy of their local GAL. Office 365 had the only complete master copy of all GAL entries.

That is the point where we switched their GAL access type to Azure AD. Things worked perfectly after that.

If you want to Sync the Office 365 GAL to a smartphone, this post explains how and why you might need to use Azure AD.


Graph API

Office 365 Global Address List Types

The snapshot above shows three possible ways that the Unified Contact Manager can create a contact list using the GAL.

  1. If you have DirSync to on-premise AD, you can configure LDAP.
  2. The default method to sync the Office 365 GAL is Exchange Web Services (EWS).
  3. For an Office 365 GAL with more than a few hundred users, an ideal solution is to use Azure Active Directory. Microsoft provides access to Azure AD through the Graph API.

Setting up the Office 365 Tenant to use Azure AD

Using the Graph API connector does take a few extra steps.  The first requirement is to grant the itrezzo Unified Contact Manager permissions to use the Azure Active Directory. If you don't know how to do this, use the procedure detailed in this blog post.


This procedure has you save the Client ID and Tenant ID to the Notepad. You will need it below.


After Azure AD permissions are enabled, run the itrezzo Web Admin and open the Global Configuration Menu. Choose Global Address List.  Select Graph API and fill in your organization's information. An example is shown below.


Paste in the Client ID at the bottom of the Graph API settings.


The Tenant name should match the primary internet domain name.

Azure AD, LDAP, EWS
You should also have the Tenant ID in Notepad. Paste it to the Graph API Tenant ID shown above.  


The login credentials for a Tenant Admin should be used. Typically the itrezzo Service mailbox might lack tenant admin permissions.


Once you have saved the new credentials, restart the itrezzo ECO Platform service.


Under Active Directory, you should now see the GAL as it appears in Outlook on Office 365.  
You may need to click the gear icon in the top right corner of the grid to get Active Directory to refresh.

You can also create a collection. When you try to search the GAL to add members to the collection, it will now use Azure AD.  If this fails, Azure AD is not properly configured.

To diagnose failures, open the logs for the current day of the week.  Scroll to the bottom of the ECO log.  It will have some errors messages. Look for the Azure error result. If you can’t resolve this on your own, feel free to contact itrezzo Support.

Saturday, July 25, 2015

How to configure Azure AD and Office 365 for GAL Sync

By Vern Weitzman

Setup Azure Active Directory for a Native Application


When the itrezzo Unified Contact Manager runs as an on-premise application, it can be configured to access the Azure Active Directory using the Graph API.This blog post shows the steps required to configure an Azure AD Native Application so that it can authenticate and access the GAL (Global Address List).