RM Cloud Service Delivery can assist you with your Microsoft® 365™ federation. For further information, please speak to your Sales representative on 01235 645 316 or email getintouch@rm.com, quoting this article.

Microsoft 365 makes Office applications available in the cloud from any computer at any location. This includes the full suite of Office productivity tools, including Outlook® via Microsoft Exchange Online. We recommend that you make Microsoft 365 available to your establishment through RM Unify. You can use RM Unify to create your Microsoft 365 users and RM Unify (Premium) makes it easy to keep these accounts synchronised. Therefore staff and students can access their email and other Office applications from RM Unify without any additional sign on.

This article outlines the stages of setting up Microsoft 365 with RM Unify and setting up email for your establishment.

• The co-existence of Entra Connect Sync and RM Unify both linked to the same Microsoft 365 domain is not supported because you cannot have both RM Unify and Entra Connect attempting to update and manage your Microsoft 365 user accounts. RM Unify is RM's Identity Provider (IdP) and SSO solution for UK education establishments who wish to use Microsoft 365.
• Entra Connect Sync must be disabled for the domain you intend to federate to RM Unify. Please follow TEC3426861 in the Other Useful Articles section below to prepare your domain and users for federation.
• The script in TEC3426861 will clear the OnPremisesImmutableId attribute in Microsoft 365 for all users on the domain to be federated. This attribute is populated by Entra Connect Sync and must be cleared ready for RM Unify to populate with a different value during the federation. Failure to prepare your users may result in them being unable to SSO to (unable to access) their Microsoft 365 accounts after federation - see example error message below.

• Prior to beginning the federation process, your RM Unify user accounts must either:
  • show no RM Unify email address at all in the RM Unify Management Console, or
  • show with an RM Unify email address that uses the Microsoft 365 domain you plan to federate (unless your establishment is already federated to a Google Workspace domain, in which case the RM Unify email address will show with the Google Workspace domain)
• Where the RM Unify establishment is already federated to Google Workspace:
  • RM Unify accounts will be automatically matched to any pre-existing Microsoft 365 accounts in the Microsoft domain, using the username part of the user's RM Unify email address as the basis for the match
  • No option to manage or edit the email addresses that are matched to the RM Unify accounts will be presented
  • Where a matching username is not found in Microsoft 365, a new account will be provisioned using the existing username part of the user's RM Unify email address

Any problematic email addresses identified as a result of the above conditions can be removed by an RM Unify admin via the RM Unify Management Console, or by using the 'mail attribute' function of RM Unify AD Sync (if in use by your establishment) to set the correct, desired email address.

• Your Microsoft 365 accounts must have an unpopulated ImmutableID attribute. The ImmutableID in Microsoft 365 is populated with a unique value by RM Unify upon federation and is used to keep all data in sync. Pre-existing ImmutableIDs, due to the use of Microsoft Azure AD Connect, or other third-party federation services, will cause the federation wizard to fail. Please follow TEC3426861 in the Other Useful Articles section below to prepare your users for federation.
• Once federated to RM Unify, your users will always need to authenticate with RM Unify before being granted access to Microsoft 365 services. Your users will always use their RM Unify password to authenticate; this may be set directly in RM Unify or may be synced from your local network.
• After the federation, only users linked to an RM Unify account will be able to log on to Microsoft 365 accounts on that federated domain.

You will need Adobe® Reader® installed in order to view this document. If you get a File Download box when clicking the floppy disk icon, then you do not have Adobe Reader installed. To download Adobe Reader, refer to DWN6001 in the Other Useful Articles section below.

To download the PDF from the Download section below:

• In Microsoft Edge:
  1. Right-click the disk icon for 'microsoft_365_with_rm_unify_installation_and_setup_guide.pdf' file and select 'Open link in new tab'.
  2. The file opens in a new tab. If you wish to save the file, in the top left-hand side, click the disk icon ('Save a copy'). The Save As window is displayed and prompts for a location to save the download to, browse to the folder where you want to save it and click Save.
  3. Go to the location where you have saved the file and open it.
• In Google Chrome:
  1. Right-click the disk icon for 'microsoft_365_with_rm_unify_installation_and_setup_guide.pdf' file and select 'Save link as'.
  2. When the Save As window is displayed and prompts for a location to save the download to, browse to the folder where you want to save it and click Save.
  3. When the download has finished and appears at the bottom of the screen, click the arrow alongside it and select Open.

You can close this error window/tab and, going back to the RM Unify federation wizard, click Next to move on to step 5.

Despite RM Support not being granted partner access to your Microsoft 365 domain, the federation will complete successfully. We aim to address this issue in the next update to the federation wizard.