☁️
Tminus365 Docs
  • 🚀Welcome to Tminus365 Docs
  • 🔐Security
    • Azure AD (Entra)
      • MFA Shall Be Required for All Users
      • MFA is enforced on accounts with Highly Privileged Roles
      • MFA is enforced for Azure Management
      • MFA registration and usage shall be periodically reviewed
      • Legacy Authentication shall be blocked
      • High Risk Users Shall Be Blocked
      • High Risk Sign-Ins Shall Be Blocked
      • Browser Sessions shall not be persistent for privileged users
      • MFA shall be required to enroll devices to Azure AD
      • Managed Devices shall be required for authentication
      • Guest User Access Shall be restricted
      • The number of users with highly privileged roles shall be limited
      • Users assigned highly privileged roles shall not have permanent permissions
      • Activation of privileged roles should be monitored and require approval
      • Highly privileged accounts shall be cloud-only
      • Highly privileged role assignments shall be periodically reviewed
      • Passwords shall not expire
      • Azure AD Logs shall be collected
      • Only Admins shall be allowed to register 3rd party applications
      • Non-admin users shall be prevented from providing consent to 3rd party applications
      • Authorized Applications shall be configured for Single Sign-On
      • Inactive accounts shall be blocked or deleted
    • Teams
      • Private Channels shall be utilized to restrict access to sensitive information
      • External Participants SHOULD NOT Be Enabled to Request Control of Shared Desktops or Windows in Meet
      • Anonymous Users SHALL NOT Be Enabled to Start Meetings
      • Automatic Admittance to Meetings SHOULD Be Restricted
      • External User Access SHALL Be Restricted
      • Unmanaged User Access SHALL Be Restricted
      • Contact with Skype Users SHALL Be Blocked
      • Teams Email Integration SHALL Be Disabled
      • Only Approved Apps SHOULD Be Installed
      • File Sharing and File Storage Options shall be blocked
      • Only the Meeting Organizer SHOULD Be Able to Record Live Events
      • Attachments SHOULD Be Scanned for Malware
      • Link Protection SHOULD Be Enabled
      • Restrict Users who can Create Teams Channels
      • Teams Channels shall have an expiration policy
      • Data Loss Prevention Solutions SHALL Be Enabled
    • Exchange
      • Automatic Forwarding to External Domains SHALL Be Disabled
      • Sender Policy Framework SHALL Be Enabled
      • DomainKeys Identified Mail SHOULD Be Enabled
      • Domain-Based Message Authentication, Reporting, and Conformance SHALL Be Enabled
      • Enable Email Encryption
      • Simple Mail Transfer Protocol Authentication SHALL Be Disabled
      • Calendar and Contact Sharing SHALL Be Restricted
      • External Sender Warnings SHALL Be Implemented
      • Data Loss Prevention Solutions SHALL Be Enabled
      • Emails SHALL Be Filtered by Attachment File Type
      • Zero-Hour Auto Purge for Malware SHOULD Be Enabled
      • Phishing Protections SHOULD Be Enabled
      • Inbound Anti-Spam Protections SHALL Be Enabled
      • Safe Link Policies SHOULD Be Enabled
      • Safe Attachments SHALL Be Enabled
      • IP Allow Lists SHOULD NOT be Implemented
      • Mailbox Auditing SHALL Be Enabled
      • Alerts SHALL Be Enabled
      • Audit Logging SHALL Be Enabled
      • Enhanced Filtering Shall be configured if a 3rd party email filtering tool is being used
    • SharePoint
      • File and Folder Links Default Sharing Settings SHALL Be Set to Specific People
      • External Sharing SHOULD be Set to “New and Existing Guests”
      • Sensitive SharePoint Sites SHOULD Adjust Their Default Sharing Settings
      • Expiration Times for Guest Access to a Site SHOULD Be Determined by specific needs
      • Users SHALL Be Prevented from Running Custom Scripts
    • OneDrive
      • Anyone Links SHOULD Be Turned Off
      • Expiration Date SHOULD Be Set for Anyone Links
      • Link Permissions SHOULD Be Set to Enabled Anyone Links to View
      • Windows and MacOS devices should be prevented from syncing the OneDrive Client on personal devices
      • Legacy Authentication SHALL Be Blocked
    • Intune
      • Personal Devices should be restricted from enrolling into the MDM solution
      • Devices shall be deleted that haven’t checked in for over 30 days
      • Devices compliance policies shall be configured for every supported device platform
      • Noncompliant devices shall be blocked from accessing corporate resources
      • MFA Shall be required for Intune Enrollment
      • Security Baselines should be configured for Windows Devices
      • Windows Update Rings shall be configured for Windows Devices
      • Update Policies shall be configured for Apple Devices
      • App Protection policies should be created for mobile devices
      • Mobile devices shall only be able to access corporate data through approved client apps
      • Lockout screen and password settings shall be configured for each device
      • Encryption shall be required on all devices
      • Windows Hello for Business should be configured where applicable
      • Authorized Applications should be deployed to managed devices
      • Device Use Shall be restricted until required applications are installed
      • Devices and Applications shall be wiped when a user leaves the organization or reports a lost/stolen
  • ⚙️Configurations
    • GDAP
      • My Automations Break with GDAP: The Fix!
      • Vendor Integrations Break with GDAP: The Fix!
      • Adding GDAP Relationships
      • Leveraging PIM with GDAP
      • GDAP Migration with Microsoft 365 Lighthouse
    • GoDaddy
      • Defederating GoDaddy 365
  • 🛡️CIS Controls
    • CIS Mapped to M365
  • 🔌Vendor Integrations
    • Pax8
      • Automating NCE subscription renewal notices
      • Leveraging the Pax8 API in Power Automate
    • IT Glue
      • Automating Intune Device Documentation in IT Glue
      • Automating Microsoft Documentation
    • Huntress
      • Leveraging the Huntress API in Power Automate
    • Syncro
      • Automating Microsoft 365 Documentation in Syncro
      • Custom Connector in Power Automate
      • Creating Tickets for Azure AD Risky Users
Powered by GitBook
On this page
  • Prerequisites
  • Steps
  • Conclusion
  1. Vendor Integrations
  2. Syncro

Custom Connector in Power Automate

PreviousAutomating Microsoft 365 Documentation in SyncroNextCreating Tickets for Azure AD Risky Users

Last updated 1 year ago

As an MSP, you should be constantly trying to automate workflows. Power Automate allows you to create workflows across applications with basic triggers and actions. Custom connectors can be established and used as part of your flows. In this article, I will show you how to set up a custom connector for Syncro using their Rest APIs. As an example, I will show you how to create a ticket as an action after setting up the custom connector. These workflows allow you to trigger events in your customer tenants to then create action in your Syncro environment. Triggers can also be set up from Syncro, such as a new contact being created, that generate actions in Microsoft (new user created in Azure AD).

Prerequisites

It should be noted that this is a more advanced deployment because we are interacting with APIs to create this connection and establish triggers/actions. If you do not have experience in this regard, this may not be worth your time. Here are the other prerequisites I would mention:

  • Power Automate subscription per customer (we will be setting up these custom connectors in customer environments. Power Automate comes with most 365 plans.)

  • An created in your Syncro Environment with the necessary permissions for the actions you want to create in Power Automate (i.e. Tickets-Create if you want to create new tickets)

  • Access/Knowledge of

  • Postman

    • I like to use postman to test out the API in my environment and grab the necessary IDs we will need to execute our actions (like creating a new ticket)

Steps

Login to power automate and select Data>Custom Connectors

Select +New Custom Connector>Create from Blank

  • Upload an Image (Optional)

  • Provide a description (optional)

  • In the host section provide the URL that you use to sign in.

  • In the Base URL add /api/v1

  • When you are done, click Security ->

  • Choose API key for the authentication Type.

  • Enter a parameter label of api-key

  • For Parameter name enter Authorization

  • Click Definition ->

Definitions allow you to define actions or triggers in Syncro. In this example, I will show you how to create a ticket as an action. Note that you can make as many actions or triggers as you would like. Start by selecting +New Action and adding the following:

  • Next, under Request select +Import from Sample.

  • Select post

  • For the url enter the format of https://yourSubdomain.syncromsp.com/api.v1/tickets

    • Note that this request URL is specific to tickets

  • In the body you can copy and paste the example value for a post request in Syncro’s API documentation. Here you can determine what fields you would want to have when you create a support ticket. Some of these fields are required like subject, customer_id, body. This is why I like to use postman to test out the APIs to know exactly what I will need. Additionally, if you have specific use cases in mind for workflows that will use this action, you may just want to add the fields in the body that you would want in the ticket to avoid any clutter

  • When you have the body entered, click Import

Now that we entered our request template we can modify the headers and body to add specific information. This is useful when you want static fields that never change. These can be prepopulated with the exact info you want and you can customize them so that they cannot be changed when setting up the action. In this example we will modify the content-type and customer_ID.

Click the 3 dots next to Content-Type and click Edit

When you modify these fields you can define the default values, make them required, and set them to internal so that no one can change them later. Fill out Content-Type as you see below:

When you are done click on the back arrow and then click edit on the body. In the body section you will see all of the fields you added to your JSON. Click on edit for the customer ID. here is where will will also use postman to get the correct customer ID as a prepopulated value in the ticket. This customer should match the customer tenant you are in creating this custom connector.

Use the customers call to see the unique IDs of your customers in Postman

Before you move on to testing, you may want to modify Body and subject as additional fields that are required for the input of the action. For tickets, you will also note that you will have two subjects, one for the main part of the ticket and another for the first comment that is being made. For this reason, you may want to distinguish one with a Default value or title.

Once you have all fields saved, click Create Connector

You will receive a success message and now you will want to click on Test > +New Connetion

Here you will be asked to enter the api key that you created/grabbed in the prerequisites. When you enter the correct format click Create Connection

Important! The format of this entry is extremely important. You will want to put in Bearer (insert API key) into this text field. Again the format is Bearer space API key

On the following page, click the refresh button to see the connection you just set up.

Below you will see all of the fields you entered of the JSON body. Here you can enter values as an example to test the operation. Fill out the fields and click Test operation

If successful, you will see a 200 status and the body of the ticket you just created. If you get an error it is likely that you either:

  1. Did not fill out the necessary fields required for this API call. In this case, you would get an error stated whatever field that is required (i.e. Subject)

  2. You get an unauthorized error message which means you either entered your API key in incorrectly or you did not give your API key the necessary permissions in Syncro for the API call you are trying to make.

Back in Syncro, you can see the ticket that was just generated off of the test event

Here you can see all of the fields I entered in power automate that were generated.

Now when you go to create a flow, you can select Custom to see your custom connector. Clicking into the connector will allow you to see all of the actions and triggers you have created

Conclusion

I hope that this article provided some targeted guidance for creating Syncro as a custom connector in Power Automate. If you are interested in any consulting services to help set this connector up, feel free to

🔌
contact me here.
API key
Syncro’s Rest API