Customers hosted on Office 365 may prefer to use Azure Active Directory to sync users and groups to Proofpoint Essentials. This will allow you to import active users, aliases, and distribution / security groups into Proofpoint. Configuring the Azure sync also allows O365 to be used as authentication for accessing the Proofpoint portal.


  • Proofpoint Essentials currently supports the Home and Business plans for Azure.
  • The O365 account setting up the Azure sync must have global administrator rights.

Configure O365 for Azure Sync

  • Log into the Azure Active Directory admin center ( as a global administrator.
  • On the left side of the screen, click Azure Active Directory
  • Navigate to App Registrations > New Registration

  • Set a name to help identify this application such as “Proofpoint Essentials Azure AD Sync”
  • Leave the "Supported account types" field as "Accounts in this organizational directory only ([your organization] only - Single tenant)
  • Set the platform to Web, then fill in the Redirect URI field depending on your region
  • Click “Register”  at the bottom of the page

  • Copy the Application Client ID. This is needed later, so it is recommended to paste it somewhere such as in a Notepad window.

  • Navigate to API Permissions > Add a permission

  • Select Microsoft Graph > Delegated Permissions, then set the following:
    • Under the Directory tab, select Directory.Read.All
    • Under the Group tab, select Group.Read.All
    • Under the User tab, uncheck User.Read and select only User.ReadBasic.All

  • Click Application Permissions at the top of the screen, then set the following:
    • Under the Directory tab, select Directory.Read.All
    • Click “add permissions” at the bottom of the page when finished

  • Click “Grant admin consent for [your organization]”

  • On the left, click “Certificates and Secrets” > New client secret

  • Set the name to “Proofpoint Essentials Azure AD Sync”
  • Set the expiration date for 2 years

  • Copy the secret key’s value, NOT the “Secret ID.”

Configure Proofpoint Essentials for Azure Sync

  • Navigate to User Management > Import & Sync > Azure Directory Sync
  • Paste in the Application Client ID and the Client Secret Key (value) copied from Azure into the relevant fields.

  • Set the sync frequency to 1 hour.
  • Click Save to make sure the entered values are correct, then click Save and Run Sync Now.

  • The next page will show which accounts are going to be added / removed / updated. After reviewing the changes, click "Sync Active Directory" at the bottom of the page to apply them.

If you are on the Business+, Advanced+, or Professional+ packages, continue to Set Up One-Click Message Pull

Otherwise, proceed to next step: Configure O365 for Proofpoint