Microsoft 365 Connector

The Microsoft 365 Connector app has been updated to version 4.0 with a great new key feature: the app now supports Microsoft Teams.  In a nutshell, administrators of a UCS environment can now activate and deactivate groups for Teams, add and remove individual user accounts, and determine Team owners.

Administrators in particular benefit from this new feature. Everything is now managed via the Univention Management Console (UMC), and there is no need to configure users and groups in multiple apps. Instead, administrators can allow members of a certain group to use Microsoft Teams by setting up the Connector app accordingly. In this blog post I’d like to introduce the new feature. I will also show you how to manage Microsoft Teams in the new Microsoft 365 Connector.

What’s the Microsoft 365 Connector?

The Connector app synchronizes users and groups between Univention Corporate Server (UCS) and Azure Active Directory (Azure AD), Microsoft’s identity and access management service. Through the connector, administrators can control which of the UCS users have access to Microsoft 365 and which groups can use Microsoft Teams. UCS provisions the selected user accounts and groups and makes the data available to Active Directory Domain Services (AD DS). UCS administrators can configure which attributes are synchronized; optionally, certain attributes are anonymized in the process.

Apart from that, the Microsoft 365 Connector allows administrators to set up Single Sign-on (SSO). UCS users log in to the portal and automatically gain access to Microsoft 365, i.e. the office applications, cloud services, etc. The login runs via UCS’ integrated SAML implementation and thus enables SSO for the users. No password hashes are transferred to Microsoft Azure at any time, and the user passwords do not leave the UCS domain. The user is authenticated only through his or her web browser.

The Microsoft 365 Connector app is suitable for organizations that want to manage their users on UCS and give them access to Microsoft 365 features and applications. To use the connector, Azure Active Directory and a Microsoft 365 (trial) subscription are required.

Office 365 setup wizard

New Connector Feature: Microsoft Teams

In previous versions, the Microsoft 365 Connector only synchronized user accounts and groups between UCS and an Azure Active Directory domain. Sysadmins had to activate the group synchronization in order to use this feature. Version 4.0 allows UCS administrators to activate and deactivate groups for use with Microsoft Teams. A subscription, such as Microsoft 365 Business Basic or Microsoft 365 Business Standard, is mandatory (more about the Microsoft plans). The administrator must ensure that each user in a Teams group has a subscription which includes Microsoft Teams.

To manage Microsoft Teams in the Connector app, first activate the group synchronization by setting the UCR variable office365/groups/sync=yes. Next, restart the Univention Directory Listener service (command service univention-directory-listener restart).

Administrators can use the app to create as many teams as they want. The configuration includes a configurable default set of supported Microsoft subscriptions. To enable a UCS group as a Team, administrators activate the group on the Microsoft 365 by clicking the Microsoft 365 Team checkbox. All group members are now automatically added to the new team. Provisioning may take a few minutes because of the Microsoft 365 interface.

The Microsoft 365 tab also offers to define a Team owner. Everything else can be configured in Microsoft Teams itself.

Please note: If you’ve been using a previous version of the Microsoft 365 Connector app, you need to log in to the Azure portal and set up additional permissions for the Microsoft Graph API before restarting the Univention Directory Listener. An article on our help pages explains all necessary steps. For more information on how to set up and use the Microsoft 365 Connector, please refer to our manual. The Changelog includes some links and further details about version 4.0 .

More Features, less Effort

The new Microsoft 365 Connector adds an important and frequently requested feature: support for Microsoft Teams. Managing users and groups now happens in one place, and it’s no longer necessary to configure multiple apps. Enabling group members to use Microsoft Teams has become a lot more convenient – this also works for groups which have already been synchronized. Do you have any questions about the Microsoft 365 Connector? Please feel free to get in touch or join the discussion in the UCS forum.

Use UCS Core Edition for Free!
Download now