Welcome back to the Syncro Power Hour: our interactive webinar series is designed to equip our partners with the knowledge and tools to maximize the value of the Syncro platform.
In this second session, we dove deep into a topic at the forefront of every MSP’s mind: Microsoft 365 integration. This session brought together Syncro product experts Vance Forbush (Product Manager) and Lee Ramse (Senior Product Manager), alongside a few of our partners Danielle Zink from Orchestrate Technologies, and Leonard “Len” Caplan from CDML Computer Services, to tackle the complexities of M365 management head-on.
Step-by-Step Integration: Connecting M365 and Entra ID to Syncro
During the Power Hour, we provided a comprehensive walkthrough on how to connect Microsoft 365 and Entra ID to your Syncro account. This crucial step is the foundation for streamlining your M365 management.
Key Requirements and Permissions
To ensure a smooth integration, it’s vital to understand the necessary permissions and prerequisites:
- Dedicated Syncro Service Account: We recommend creating a dedicated service account for the integration. This account needs to be a Global Admin in your tenant.
- Admin Agents Security Group: The service account must be a member of the “Admin Agents” security group in your tenant.
- Entra ID MFA (Multi-Factor Authentication): For security purposes, the service account must be prompted by Entra ID MFA during the integration process. It’s not enough to simply have MFA configured; it must actively prompt.
Connecting Your Tenants
Syncro offers two primary methods for connecting your tenants: Single Tenant Option and CSP (Cloud Solutions Provider) Option.
Option 1: Single Tenant
Best for: Managing your own tenant.
How it works: After logging into your Microsoft Partner Center, navigate to “Customers,” select the relevant tenant and then go to “Admin Relationships”. From here, you can request a new admin relationship, specifying the duration (up to 730 days, or two years) and enabling auto-extend. The critical step here is to select the correct Entra roles.
During the demo, Lee walked through selecting all 12 necessary roles to ensure full functionality, including roles like Exchange Administrator, Cloud App Security Administrator, Teams Administrator, and Security Administrator. Once these roles are selected and the relationship is confirmed, Microsoft will generate a link that an admin at your customer’s tenant must approve.
Option 2: CSP
Best for: This method is designed for MSPs managing multiple client tenants. It allows you to pull in all your child tenants for centralized management.
Common Setup Mistakes and How to Avoid Them
Our partners, Danielle and Len, shared valuable real-world insights on avoiding common pitfalls:
Avoiding Shortcuts: While it might be tempting to reuse existing admin accounts, creating a new, dedicated Syncro service account from the outset, as outlined above, can prevent numerous headaches down the line.
“Consent Failure” Errors: Danielle highlighted an issue where “consent failure” errors appeared for some tenants. This was often linked to “risky sign-ins” flagged as false positives within Entra ID Protection. The solution was to clear these risky sign-ins in Entra ID Protection (under ID Protection), then disconnect and reconnect the integration in Syncro to refresh the connection.
Understanding Security Group Requirements: A crucial tip from Lee was understanding that for the integration to work correctly, Syncro’s current implementation requires all necessary Entra roles to be consolidated within a single security group.
If you’re currently using a setup where roles are distributed across multiple groups (e.g., one role per group), this will result in a “missing security group” or “missing role” error. Syncro is aware of this and has a backlog item to make this more seamless in the future, but for now, consolidating roles into one group for the Syncro service account is key.
Managing Multiple Domains within a Single Tenant: Len also pointed out that for clients using multiple domains under one M365 tenant, all users from all associated domains will be pulled into Syncro. This can lead to duplicate user entries if not managed carefully. Syncro offers options to filter user synchronization by groups, domains, office locations, or licenses, which can help manage this.
Unlocking the Power of XMM for M365 Management
Once integrated, Syncro XMM transforms M365 management from a series of manual, disconnected tasks into a streamlined, automated process.
Centralized User Management: Gain near real-time control for emergencies. You can directly perform actions like password resets and MFA authentication method resets from within Syncro, eliminating the need to jump between multiple Microsoft portals. This is a huge time-saver and allows for quicker responses to security incidents or user issues.
Delegated Access: You can delegate access to these user management functions to your front-line technicians without granting them full Global Admin rights in Microsoft. This significantly enhances efficiency, reduces security risks, and frees up time for senior technicians to focus on more complex tasks.
Enhanced Security Posture with Baselines: The “Essential Security” Baseline, built on the CIS framework, evaluates M365 across five key areas with 22 foundational rules. This tool provides:
- Automated Compliance Assessments: Baselines run twice daily, giving you consistent data points on your customers’ compliance status.
- Detailed Audit Reports: Generate comprehensive audit reports that are perfect for executive summaries or Quarterly Business Reviews (QBRs).
- Microsoft Secure Score Integration: Gain insights into your clients’ security posture with direct Secure Score integration.
- Actionable Guidance: Receive prescriptive implementation guidance to remediate failed rules and improve compliance.
- Notifications: Enable notifications to be alerted whenever a rule’s compliance status changes, keeping you proactive.
- Upcoming User Actions: Includes revoking active sessions and blocking/allowing users to sign in. These features will provide even greater control and security in compromised user scenarios.
Your Path to a More Secure and Profitable MSP Business
By leveraging Syncro’s robust M365 integration, MSPs can achieve significant operational efficiencies, strengthen their security posture, and improve profitability. The ability to standardize delivery, automate mundane tasks, and gain deep insights into client environments empowers your team to focus on higher-value activities and scale your business effectively.
Be sure to join our next episode on Friday, August 8, 2025, where we’ll be diving into Overlooked Secrets to Smarter Device Management. This session includes:
- Best practices for structuring policy folders for scalability
- How to automate device data collection with custom scripts (BitLocker, battery health, and more)
- Real-world examples from an MSP that’s doing it right
In the meantime, check the Syncro Community Forum for bonus resources, session recordings, and announcements about the previous Power Hour episodes and more.
Share