Enable Teams and Entra ID (Azure Active Directory) synchronization to keep departmental structures and manager assignments up-to-date in absentify. This integration requires permissions for the absentify Groups Permission Microsoft 365 Enterprise App (App ID: aa06e0d6-dd66-4d79-9ec5-660a87afbfdd), utilizing Directory.Read.All and Group.ReadWrite.All permissions.

Benefits of granting Teams and Entra ID synchronization permissions

Granting the Directory.Read.All and Group.ReadWrite.All permissions to the absentify Groups Permission app offers significant advantages for your organization:

  • Automated department management: Syncs user group memberships directly with department assignments in absentify, making it easier to maintain accurate team structures.

  • Manager synchronization: Ensures that department managers or group owners assigned in Microsoft are automatically reflected as managers in absentify.

  • Prefill for User Export: Populates absentify’s Excel import file with users from Teams and Azure AD groups, streamlining user onboarding and reducing manual data entry.

Default functionality without permissions

If the Directory.Read.All and Group.ReadWrite.All permissions are not granted, absentify’s Teams and Entra ID synchronization features are unavailable. Without these permissions:

  • Manual department assignments: HR or admin teams must manually assign users to departments in absentify, increasing administrative effort and the potential for outdated information.

  • No automated manager sync: Manager assignments will need to be manually maintained, increasing administrative workload for HR.

  • Limited user onboarding efficiency: The user export and onboarding processes will lack automatic population from Teams and Entra ID, requiring manual data entry.

How absentify uses the Directory and Group permissions

To promote transparency and trust, here’s how absentify uses the Directory.Read.All and Group.ReadWrite.All permissions in the absentify Groups Permission app:

  • Directory sync: Directory.Read.All allows absentify to access group and organizational information necessary to mirror your company’s structure in absentify without accessing additional personal data.

  • Group management: Group.ReadWrite.All permits absentify to sync changes in group memberships and managers as department structures change, ensuring that department assignments and managers are consistently updated.

  • Secure storage: All group and department data is stored in absentify’s database to maintain application performance and reduce reliance on Microsoft API calls. Data is stored securely in Azure North Europe, adhering to GDPR requirements. Access to this data is limited exclusively to authorized top management at BrainCore Solutions GmbH, with no access for developers or external parties.

Security and data protection

absentify adheres to strict security protocols to protect your organization’s data:

  • ISO 27001 certification: absentify is ISO 27001 certified, confirming compliance with international standards for information security management.

  • Microsoft 365 App Certification: The absentify Groups Permission app has achieved Microsoft 365 App Certification, meeting Microsoft’s requirements for security, privacy, and compliance. This certification assures that absentify follows best practices in data handling.

  • Controlled access: Access secrets and permissions required for group synchronization are securely stored in an Azure Key Vault, restricted to necessary personnel only. No developers or members of other departments can access production data, ensuring full data security.

Enabling Teams and Entra ID synchronization

To activate automatic synchronization of Teams and Entra ID groups with absentify, follow these steps:

  1. Grant permissions: Start by granting the required permissions through the Microsoft 365 admin portal. Use the following link to initiate the consent process: Grant Permissions

  2. Activate synchronization in absentify: Go to Settings > Integrations in absentify and enable the Teams and Entra ID synchronization options to mirror Microsoft’s group and department structures.

Key features of Teams and Entra ID synchronization

With the Teams and Entra ID integration enabled, absentify provides several key features:

  • Auto-create user accounts: Automatically create new user accounts in absentify based on Teams and Entra ID group memberships.

  • Sync department membership: Department assignments are updated as users are added to or removed from Microsoft groups.

  • Archive users: Automatically archive users in absentify if they are no longer assigned to departments in Microsoft.

  • Sync group owners as department managers: Keep department manager assignments in absentify aligned with group owners in Microsoft.

For a full breakdown of Teams and Entra ID synchronization features, see our support article.

Revoking permissions

If you need to revoke the Directory.Read.All or Group.ReadWrite.All permissions for the absentify Groups Permission app, follow these steps:

  1. Access Azure Active Directory: Log in to the Azure portal with your Microsoft 365 administrator account.

  2. Navigate to Enterprise applications: In the left-hand menu, go to Azure Active Directory > Enterprise applications.

  3. Find and select absentify Groups Permission: Locate the absentify Groups Permission app (App ID: aa06e0d6-dd66-4d79-9ec5-660a87afbfdd) in your list of applications.

  4. Manage permissions: Go to the Permissions section and select Directory.Read.All and Group.ReadWrite.All to revoke absentify’s access to group and directory data.

Revoking these permissions will disable Teams and Entra ID synchronization. Without it, all department memberships and manager assignments in absentify will require manual updates by HR or admin teams.

By granting and, if necessary, revoking the Directory.Read.All and Group.ReadWrite.All permissions for the absentify Groups Permission app, you retain full control over group synchronization, ensuring efficient operations while upholding data security.

Was this page helpful?

Manager SynchronizationAzure AI Integration