SEP Cloud imports only the user accounts with the email addresses that match your Azure domain.
To connect to Azure Active Directory
To go to the Access and Authentication page, do one of the following:
On the Settings page, select Access and Authentication.
On the Groups, Users, and Devices page, in the plus menu, select Create Multiple Users. When the Select User Source window appears, select Cloud Identity Provider.
On the Access and Authentication page, in the Choose Provider list, select Azure.
Read the instructions, and then press Connect.
When the Symantec application window opens in Azure, sign in with your Azure administrator credentials.
Administrator rights are required.
Press Accept to allow SEP Cloud to read directory data, read user profiles, and enable sign-on.
When you return to SEP Cloud, on the Access and Authentication page, press Add Distribution Lists.
In the Add Distribution Lists window, do one of the following, and then press Add List:
To sync one or more distribution lists.
Type the name of a distribution list, and then press Add. Repeat as necessary to add other lists.
You are informed when you sync more users than your subscription supports so that you can take appropriate action. For example, you can buy more licenses or remove some users.
To sync all users.
Switch the Do Not Sync All Users toggle to Sync All Users.
Due to some Azure configuration changes, you might unknowingly sync many users and exceed your license limit. To avoid this situation, SEP Cloud checks for the license availability before assigning any role and license to an Azure user. If enough licenses are not available for your subscription, the synchronization process will fail.
(Optional) Press Sync Now to start synchronization immediately. Otherwise, the sync starts at the next scheduled time, as shown on the page.
When you sync users with Azure for the first time, by default, SEP Cloud sends automated email invitations to all the synchronized users to sign in to SEP Cloud and enroll their devices. If you do not want to send the automated email invitations, you can turn off the Invitation for Enrollment option.
Event logging for Azure Active Directory synchronization
If you're using Azure Active Directory as your identity provider, you can access Active Directory related audit events in the Alerts and Events > Events tab. SEP Cloud raises separate events to provide you a summary of the total number of users that are added, removed, or modified after every Azure synchronization. You can use this information to adjust your Azure synchronization settings and/or license usage.
If the synchronization fails due to some error, a corresponding error event is raised to provide more information.
Managing the users that are synced from Azure
If you have synced user accounts through Azure then the user accounts are managed differently in SEP Cloud.
All users that are removed from Azure are automatically deactivated in SEP Cloud.
If you block certain users in Azure, they are not deactivated. They can't sign into the SEP Cloud console to manage their devices, but their accounts remain active and their devices remain enrolled.
If a previously synced user is subsequently excluded from Azure synchronization, the user's SEP Cloud account remains active for one day. At the end of this grace period, the excluded user account is automatically deactivated. In case this change was unintentional, you are warned immediately.
If you manually deactivate an Azure user in the SEP Cloud console, the user account can only be reactivated manually. Changes to the Azure sync settings do not change the user's status.
If you include previously excluded users from Active Directory synchronization then such users are reactivated in SEP Cloud with next successful sync.
If a user with the SEP Cloud account administrator role is excluded from a sync, the user is not deactivated to make sure that the account administrator never loses access to SEP Cloud.
To keep your user account information up-to-date, all the users are removed from SEP Cloud if their corresponding Azure account has been deleted.