Service Update

Overview

To further increase the security of your connections between your Mimecast account and your Azure tenant, Mimecast is pleased to announce the Azure Active Directory Synchronization Integration update, that will adopt the Connectors workflow as documented in Migrating Server Connectors.

Your Azure Active Directory Synchronization Integration will use a Connector to communicate with Microsoft Azure. The Connector will use the OAuth 2.0 standard for authentication and will use the Principle of Least Privilege (PoLP).

What's changing

When using such a Connector, you will no longer have to create and manage an Azure application for Azure Active Directory Synchronization within your Azure tenant. Instead, Mimecast will take you through a consent workflow. Once consent has been granted, Mimecast will use secure tokens to communicate with your Azure tenant. The mechanism to obtain security tokens will use a daily rotating certificate to provide further security to the communication between your Mimecast account and your Azure tenant. 

Recommended actions 

Migration Steps for Required Update

Once the update becomes available in your region, you will be notified within your Mimecast Administration Console that you have an Azure Active Directory Synchronization Integration that needs to be migrated to the Connector workflow. The prompt will display in the top right corner:

When using the “Migrate now” option, it will open the Connectors page for you, from where you can start your migration process:

To successfully migrate, you will need to log into Azure with an account that has the permissions to grant consent to applications:

New Integration Setup Wizard

When configuring a new Azure Active Directory Synchronization Integration, a Connector can be selected within the Wizard, or a new Connector can be created:

Required Actions

Once deployed, please migrate your Azure Active Directory Synchronization Integrations, by following the migration steps above. Please ensure that you complete the update before May 24th, 2023. Failing to do so could result in service disruptions, as Mimecast will no longer be able to synchronize with your Azure Active Directory after this date.

When your migrations have been completed, the migration page will automatically disappear from the Services > Connectors section within your Mimecast Administration Console.

Post-migration, we recommend you remove the previously created Azure application from your Azure tenant, as it will no longer be required.

Deployment Schedule

Deployment of the updated connectivity method and the migration experience has been scheduled for the week of February 20th, 2023.
After the deployment, the "Switch to Legacy Version" option currently displayed under Users & Groups | Directory Synchronization will no longer be available. All Azure Active Directory Synchronization integrations should be migrated at your earliest convenience (and before May 24th, 2023).

Current Status: Deployed.

Migration Deadline: May 24th, 2023 - After this date Azure AD Synchronization Integrations that have not been migrated will no longer be able to authenticate.