For ‘Cloud-only’ deployments you will need to have Office 365 Global Administrator account credentials ready so that you can consent Directory to read and write from Azure Active Directory.
If your organization has an on-premises Active Directory instance (hybrid configurations), please use the following check-list to make sure you are ready to install the Hyperfish agent:
1 Choose a domain-joined machine to host the local Directory Agent. This machine should meet or exceed the following requirements:
- Supported Operating Systems: Windows Server 2019 or above
- Microsoft .NET Framework 4.8
- Processor: 3 GHz
- Memory: 8 GB
2 Provision service accounts.
On-premises Agent Service Account
Choose a service account to run the Directory service. This account needs the necessary Active Directory read/write permissions to surface and update the profile attributes you want to manage with Directory.
You can read more about creating a service account here: Hyperfish AD Service Account Creation
Legacy Office 365 Connector Service Account
If you plan to utilize the Office 365 Legacy connector to surface SharePoint Online user profile attributes an O365 Connector service account will need to be provisioned.
This Office 365 account should have:
- Exchange Online - Mail Recipients Role
- SharePoint Online - SharePoint Administrator
3 Outbound ports:
- 443 - HTTPS for API calls -- used to authenticate the installation, check licenses, download configuration from our cloud service.
- 5671 - AMQPS (TLS) for Hyperfish queue service
4 Domain whitelist:
These only applies if you have a requirement to restrict egress traffic from Directory agent, using outbound network or FDQN rules.
These are the domains our agent will be reaching out to based on your region: