Microsoft Entra ID directory integration for legal holds

Avatar
[System] Everlaw Support

Everlaw’s Legal Holds tool supports a dynamic directory integration with Microsoft Entra ID Directory (previously known as Azure Active Directory). Using this integration ensures your custodian information from Microsoft Entra ID remains up-to-date in Everlaw for all new and existing legal holds.

Once connected to an Entra ID directory, Everlaw automatically pulls information about the people in your Microsoft organization to Everlaw. Updates from the directory then propagate automatically to your legal holds. This means that if you have a custodian on a hold notice whose email changes, the reminder will be sent to the updated email address the next time a hold reminder is sent to that custodian. No action is required on your part for these updates to occur.

This article covers how to create and manage Microsoft Entra ID integrated directories in Everlaw’s Legal Holds tool.

Note

Everlaw’s Legal Hold tool also supports Static directories and Workday integrated directories. To learn more about these options, visit Legal Holds Directories.

Requirements

The following permissions are required when connecting to a Microsoft Entra ID directory:

  • Legal Hold Organization Admin access for the Everlaw organization
  • A Microsoft account with Global Admin-level login credentials for the Microsoft Entra ID directory you want to connect

Note

Once the connection is established, Everlaw's permissions are retained, even if the granting user's Microsoft Global Admin permission is revoked. See the section below on managing a Microsoft integrated directory to learn how to disconnect from Everlaw. Once disconnected, an account with Global Admin-level is required to reconnect the directory.

Create an integrated directory with Microsoft Entra ID

To connect to your Entra ID directory:

  1. Go to Organization home  > Legal Holds > Directories.
  2. Select + Add directory. Then select Microsoft Entra ID directory.
  3. A Microsoft popup will appear. You will be asked to log in, then asked to grant permissions for your organization. You must be a Global Administrator on the Microsoft tenant for the Entra ID you are connecting.

Note

Permissions only have to be granted once for your organization, so even if you fully delete the directory and create another one, you will not need to re-authenticate. If you later want to completely revoke Everlaw’s permissions on your Entra ID directory, you can do so from the Microsoft Entra Admin Center.


Once permissions have been granted, the New Microsoft Entra ID directory wizard will appear. This wizard allows you to name your new directory and choose the properties you’d like to import to Everlaw. It contains five steps: Name, Properties, General settings, Duplicate settings, and Summary.

  1. In the Directory name field, enter a name for the directory. 
  2. Select Next to move to the next step: Properties.
  3. Using the table, choose one or more properties for the directory.

Tip

We highly recommend importing at least Name, Employee ID, Email, Manager, and Manager email.

Important

You will not be able edit the properties you select after the directory is created.

  1. Select Next to move to the next step: General Settings.

Important

Unlike property selections, setting options may be edited after the directory has been created

  1. In the Retain people removed from Microsoft Entra ID section, choose one of the following options:
    • Retain all people (default): Retains a record of all people who have ever existed in the directory, regardless of if they have since been deleted from the the Entra ID directory
    • Retain only people on legal holds: Does not retain people deleted from the Entra ID directory, unless they are included on any drafted, issued, or released hold notices or any data preservations.
  2. In the Disconnection section, you can select whether to send yourself and/or other users a notification if the directory has been disconnected from the associated Entra ID directory. 
    • This option (Send notification email…) is selected by default.
    • If you choose to keep this setting enabled, enter all intended recipients in the Recipients text box. 
  3. Select Next to move to the next step: Duplicate settings.
  4. In the Static people with duplicate identifiers section, choose what you would like to do with any duplicate custodians. Custodians are considered duplicates if they have the same email or employee ID as a custodian from a static directory (a directory not created by an open Microsoft connection) that already exists in your organization.
    The Everlaw directory system flags duplicate custodians but does not force you to resolve all duplicates before connecting a directory or creating legal holds.
    • If you want to have the Microsoft directory overwrite information about duplicate custodians, switch on the Merge into Microsoft Entra ID directory and overwrite. You should choose this option if you are transitioning from a static directory to a Microsoft integrated directory and don't want to have multiple records of your custodians — this step merges the existing static custodian into the new entry.
    • If you do select this option, choose one of the following options to specify how you want identify people in Everlaw:
      • Identify by duplicate employee IDs
      • Identify by duplicate emails

Important

If you do not merge at this step, you cannot merge later. However, if Everlaw identifies an unmerged email address connected to both a static person and a person from your Microsoft directory, the static person will be flagged as having inactive duplicate emails. This releases them from any existing hold notices, but not existing data preservations, and you cannot add them to any new hold notices or data preservations. You can see this information on the Manage people with duplicate emails page.

  1. Select Next to move to the next step: Summary.
  2. Review the summary of your selections. Then select Create Microsoft Entra ID directory.
  3. If any duplicate custodians were identified, a People flagged as duplicate dialog appears. It identifies:
    • Custodians with inactive duplicate emails who have automatically been released from existing hold notices, if any
    • Custodians with duplicate employee IDs or emails
  4.  Select Done to close this dialog.
    This opens to the directory's page and the initial sync begins automatically.

Manage your integrated Microsoft Entra ID directory

Once the directory has been created, you can find it on the Organization home > Legal Holds > Directories page. The time since it was last synced is listed next to the directory type.

To view the directory information select View.

This opens the full page for that directory.

Once the directory has been connected, updates to custodians happen automatically. Whenever a change is made on the Microsoft side — including updating a custodian’s information, adding a custodian, and deleting a custodian — that information is sent to Everlaw, and the change is made immediately.

To see precisely when your directory was last synced with Microsoft, select the three-dot menu on the individual directory’s page. The date and time of the last sync is listed under STATUS.

From this three-dot menu, you can also:

  • View or edit your directory settings
  • Disconnect from and/or reconnect to the Entra ID directory
  • Delete your directory, severing the connection completely
  • Manage people with duplicate emails
Was this article helpful?
0 out of 0 found this helpful

Do you have feedback about this article? Let us know