About
This article covers how to install Virtru at the domain level for Entra ID (formerly Azure AD) customers. By installing Virtru at the domain level, your entire Entra ID organization will be synced with Virtru and your users will gain the ability to read secure messages sent to alias and group addresses. You'll also grant Virtru admin status to all Entra admins for your domain.
If you plan to sync users as part of the Virtru for Outlook Installation Process, please note, you will still need to separately deploy or have your users manually install the plugin.
Please Note
This process must be carried out by a Microsoft Admin that must also be a Virtru admin.
If you have purchased licenses for only a subset of your users/organization, then you need to implement a provisioning group prior to completing the domain level sync via the steps below.
*Warning*
If your users' User Principal Names (UPNs)/login addresses do not align with their Primary SMTP/emailing addresses, do not sync. This will disrupt plugin activation. Instead, users' emailing addresses should be added manually and, when activating plugins, users should activate via email (not Office 365).
Steps to Install
Before getting started, contact Virtru Support and let them know you plan to Entra ID sync. There are some pre-requisites that must be completed on the Virtru side first. Please include the email address of the Entra ID admin who will run the sync (needs to be an admin in both Microsoft and Virtru).
Once Virtru has confirmed the prerequisites are complete, follow the below steps to configure and perform a sync:
1. Open an Incognito/Private window in your browser. This ensures you'll only be logged into one active Microsoft session. Optional but highly recommended
2. As there is no "app", you will need to navigate to the "Virtru Azure AD Sync" consent directly
3. Log in with your Microsoft admin account
4. Click Accept to approve the permissions request by "Virtru Azure AD Sync"
Once accepted, you should be directed to the Virtru Control Center and your first sync should initiate.
Additional Resources:
Product Limitations
Our current Entra ID sync can support organizations hosted on "Global Azure" which include:
Since our current implementation only supports “Global Azure” this limits us from using the following plans.