To manage GAL and public folder contact synchronization for Office 365 tenants, CiraSync requires the user to have Global Admin permissions.

You can make a dedicated Azure/Office 365 account for this.  If you are only using the GAL Sync feature, the account does not need to be a licensed user, so this procedure won’t incur any additional charges from Microsoft. If you are reading from a public folder, you won’t be able to assign “reviewer” permissions to the service account unless it is mail-enabled. We use “Exchange Online Kiosk” for this since it is the least expensive mail-enabled account you can buy.

The benefits of making a dedicated Azure Account are as follows:

• If you use your own Office 365 credentials, you will need to change the password periodically.  The dedicated account can have a super strong password, and you can set it to never expire.
• As with any third-party application accessing your tenant, it is convenient to give the exact permissions required to run the software.
• You can disable this account without affecting anything else
• It is self-documenting regarding the purpose of the account, and you can delegate management to a coworker without revealing your own password.

If you are going to support 10 or more users with CiraSync, we recommend following these steps to set up this dedicated account and perform public folder contact sync for Office 365:

1) Launch the Office 365 Admin Center and choose Edit a User

2) Edit the user that will be used to setup CiraSync Enterprise Edition

3) Verify that this user is a Global Administrator. This is required.

4. Click “Edit” if you would like to assign a user with Global Administrator privileges and admin roles, which grant permissions to view data and perform tasks in admin centers.