Identitynow and M365 Licensing for Email

I have not created mailbox just by using AD connector so far, I would like to look into that as well.

But below is the approach I have used in a bit many clients,

  1. Create an AD Group in On-Prem AD or directly in Azure AD.
  2. Make sure that this Group will be in scope with Azure AD Sync job, so that Group will sync between on-prem AD and Azure AD.
  3. Add E3/E5 or any other license your organization is using to the same Group.
  4. In SailPoint IdentityNow, provision this Group to the users based on your requirements.
  5. Use native Rules in AD source, ConnectorAfterCreate or ConnectorAfterModify
  6. Develop PowerShell script which will be triggered from native Rules, Use Enable-RemoteMailBox in PowerShell to enable user mailbox

Thanks
Krish

4 Likes