Microsoft 365 admin center: Google to Entra Identity Sync service

🚨 The Signal: A new cloud-to-cloud service in Microsoft 365 admin center enables one-way synchronization of Google Workspace user identities to Entra ID. This simplifies onboarding for organizations migrating from Google to Microsoft 365, streamlining identity creation.

The Impact

Security teams and identity administrators are affected by new identity synchronization capabilities, requiring careful configuration to prevent identity sprawl or misconfiguration.

• Security Teams: Risk of misconfigured identity synchronization leading to unauthorized access.
• Identity Administrators: New configuration options require careful review to maintain identity hygiene.
• Compliance Officers: Need to update documentation for identity lifecycle management processes.
• Migration Teams: Simplified onboarding but requires validation of synced attributes and permissions.

The Action

1. Review existing identity governance policies for external identity synchronization.
2. Define attribute mapping and synchronization scope before enabling the service.
3. Implement conditional access policies for newly synced identities.
4. Monitor synchronization logs for errors or unexpected identity creations.
5. Conduct a post-migration audit of synced user accounts and their permissions.

Domain: Entra · Impact: medium · Workload: Entra ID