When adding an M365 tenant to Safetica, you can synchronize either the whole tenant or a specific subset of users. To sync selected users, create a Microsoft Graph query specifying criteria such as country or department.
Introduction
To synchronize users from your Entra ID, you must first add your Microsoft 365 tenant. Learn more about it here.
When adding a Microsoft 365 tenant to Safetica, syncing and protecting all your tenant users might not be desirable. For this scenario, we offer the option to specify which M365 tenant users to synchronize and which not.
To synchronize only a subset of M365 tenant users, follow these steps:
You can only specify the subset of tenant users while adding a new M365 tenant.
1. Prepare a Microsoft Graph query
First of all, prepare a Microsoft Graph query that will include only the desired subset of users. You must decide which users should be synchronized and identify what common characteristics they share (e.g., country or department, etc.).
To be able to write the Microsoft Graph query, you must be familiar with Microsoft Graph API.
To define the query:
1. Open Microsoft Graph Explorer and sign in with your global admin account.
2. Go to Users > All users in the organization.
3. Based on the shared attributes of your user subset, choose the appropriate query parameters to narrow the selection to users you want to synchronize.
Example: Query to synchronize only users that are part of a specific country:
https://graph.microsoft.com/v1.0/users/?$filter=Country eq 'Czech Republic'
or
https://graph.microsoft.com/v1.0/users/?$filter=UsageLocation eq 'CZ'
Example: Query to synchronize only users that belong to a specific department (e.g. Finance):
https://graph.microsoft.com/v1.0/users/?$filter=Department eq 'Finance'
4. Test and validate that your query returns the intended results in Microsoft Graph Explorer. There is no syntax validation in Safetica console.
2. Paste the query into Safetica console
Once you validate that there are no syntax errors in your query and that it returns the desired results, you can:
1. Open Safetica console.
2. Go to Cloud services and click the Add M365 tenant tile.
3. Choose the Specific users option.
4. Paste the part of your prepared query that follows after $filter= into the text box.
Example: https://graph.microsoft.com/v1.0/users/?$filter=Country eq 'Czech Republic'
5. Click Continue and finish adding your M365 tenant.
The query cannot be changed after configuration. To change the subset of users synchronized with Safetica, you must remove the tenant and add it again with a new query.
Safetica will synchronize only those M365 tenant users who meet your query criteria. Users who do not meet the query criteria should not be synchronized and visible in Safetica console.
To learn more about users and groups synced from your Microsoft 365 tenant, click here.
Read next
Introducing Safetica Cloud Protection
How to add your Microsoft 365 tenantActivating and deactivating Microsoft Outlook protection
Activating and deactivating Microsoft Exchange protection
Activating and deactivating Microsoft SharePoint protection