Troubleshoot: Microsoft 365 / Entra ID Integration

Symptoms: Newly created users in JumpCloud are not being synced to Microsoft 365 as expected. Despite verifying that the user is part of a group integrated with Microsoft 365 and attempting to manually resync the directory, the accounts are not being replicated in Office 365.

Resolution:

1. Set the user's email domain as a default domain under the Microsoft 365 integration.
2. Remove and re-add the user to the JumpCloud group that is synced with Microsoft 365.

The error you’re encountering suggests that the userPrincipalName (UPN) for the user being synced contains a domain that is not verified in your Microsoft 365 organization

Symptoms: This error occurs when the email address for a user contains a domain that has not been verified in your Microsoft 365 organization. When a new user is created in JumpCloud and is synced with M365 with an email address belonging to an unverified domain, then the user account does not sync for that user.

Resolution: For synchronization to succeed, the email address must end with a verified domain, typically the same one used for your organization’s email addresses.

To resolve this error, follow these steps:

Step 1: Verify the User’s Email Address

1. Confirm that the Email Address (e.g., username@domain.com) is configured with a valid, verified domain.
2. Note that Microsoft will reject the sync if the domain associated with the email address is not verified in your organization.

Step 2: Verify the Domain in Microsoft 365

1. Open the Microsoft 365 Admin Center.
2. Navigate to Settings > Domains.
3. Check if the domain you’re using for the email address is listed and marked as verified.
   • If the domain is not verified, follow the on-screen instructions to add and verify the domain in Microsoft 365.

Step 3: Update the Email Address (if required)

If the email address contains an unverified or invalid domain, update it to a verified domain:

1. In the JumpCloud Admin Console, locate the user with the sync error.
2. Edit the user’s email address to use a verified domain in your organization.
3. Re-attempt the sync after saving changes.

Additional Troubleshooting

If the domain is verified but the error persists, verify the following:

• Ensure there are no formatting issues with the email address.
• Check for conflicts with other users in Microsoft 365 that may be causing the error.

Symptoms: The M365 Sync is failing with this error in directory sync, DI logs, or in Jumpdesk.

Resolution: This issue occurs when a JumpCloud User Group has an incompatible naming convention that includes an extra space or forbidden characters(@, (, ), [, ], \, ", ;, :, <, >, or ,).

Correct the Group Name

1. Log in to the JumpCloud Admin Portal.
2. Go to Identity Management > User Groups and select the group experiencing the sync issue.
3. Go to Details tab > Group Configuration, in the Name field, remove the extra space from the name.
4. Click Save Group.

Reauthorize the Affected Users

1. On the User Groups page, select the corrected group.
2. Select the Users tab.
3. Clear the checkboxes for the affected Users to remove them from the group, then click Save Group.
4. Select the checkboxes for the same Users to re-add them to the group, then click Save Group.

Symptoms: The M365 Sync is failing with this error in the API.

Resolution: The Microsoft 365 API validation does not accept these spaces/forbidden characters in the mailNickname property, preventing proper synchronization.

Remove the forbidden character and try to sync again.