#Add a Tenant

When you assign the User and device management service to a customer and consent to the app during the process of onboarding the customer or adding services for the customer, the customer’s tenant will be automatically displayed in this module.

If an existing customer has tenants that want to use the functionalities of this module, you can add those tenants to the module.

Refer to the following steps to add a new tenant of an existing customer to the module:

1. On the User management page, click Add tenant in the upper-right corner.

2. Select a customer from the drop-down list.

3. Complete the subscription information for this service:

   • Subscription type – Select the subscription type for this service: Trial or Subscription. For Trial, you can assign up to 5 customers, and the subscription expiration date is fixed. This number is calculated among all premium services.

   • Source – Select a value to indicate the source of your subscription.

   • Payment type – Select the payment type.

   • User seats – Select the number of users you want to assign the subscription.

   • Subscription expiration date – By default, Same as pooled subscription is selected to keep the same expiration date as the pooled subscription. You can select Expire now or select Specify a time to set an expiration date for the customer’s subscription.

   • Contract end date – Click the calendar button and select the contract end date.

4. Click Continue.

5. Select a tenant of the customer.

   If there are no available tenants for the customer, you can click Add new tenant. For detailed instructions on how to add a tenant, refer to Add a Microsoft 365 Tenant.

6. Select a tenant type: Cloud only or Hybrid. Keep in mind that once a tenant type is defined, it cannot be altered. Please configure it carefully.

7. Consent to the APElements Security and Analysis app for the tenant:

   • If the APElements Security and Analysis app for the tenant has already been consented, a green checkmark icon will appear. Click Save to add the tenant.

     This typically occurs during the process of assigning the User and device management service to a customer and consenting to the app during the process of onboarding customer or adding services.

   • If the APElements Security and Analysis app for the tenant needs to be consented, complete the following steps:

     1. Click Authenticate.

     2. The permissions required for this app are displayed. Review the permissions and click Accept.

     3. A page appears indicating that the app was authorized. Close this page, and you will be redirected back to the Add tenant window.

     4. Click Save to add the tenant.

8. Configure hybrid tenant – If the tenant type is Hybrid, you must configure additional settings. The Configure hybrid tenant window pops up with setup types:

   • Basic setup offers limited features.

   • Advanced setup unlocks the full set of features.

   Basic setup:

   1. Upload certificate and secret – Upload the certificate and secret. The certificate serves as credentials that allow your application to authenticate itself, requiring no interaction from a user at runtime. Refer to Prepare a Certificate to prepare a CER certificate.

   2. Click Next.

   3. Copy application ID and thumbprint – Copy and securely save the values of the certificate and secret, as you will need them during the agent installation process. Then, download the agent installation package and complete the agent installation on your local device. Refer to Manage Agents to install and configure your hybrid agent.

   4. Click Next.

   5. Validate agent – After installing the agent, validate the connection between your local AD and Elements.

   6. Click Next.

   7. Manage source objects (optional) – Run initialization to classify users and groups into the corresponding categories in Elements.

   8. Click Next.

   9. Manage hybrid & Exchange type – Select a hybrid type and an Exchange type for the tenant. The hybrid type determines the data source for user management, while the Exchange type determines the data source for email-related features. You can select from the following options:

      • Hybrid type: Local AD and Microsoft Entra ID or Local AD only.

      • Exchange type: Exchange Online or Hybrid Exchange.

   10. Click Save.

   Advanced setup:

   1. App registration – Click Configure. If an app registration already exists for the tenant, select it and Continue. If no app registration exists for the tenant, create a new one before proceeding.

   2. Agent – Install an agent to your local device. After installation, click Validate to validate the connection between your local AD and Elements.

   3. AD naming profile – Select an AD naming profile for the tenant. If no AD naming profile exists for the tenant, create a new one before proceeding.

   4. Data source – Select a data source: Local AD and Microsoft Entra IDor Local AD only. If you choose to focus exclusively on local user management, Elements will automatically exclude cloud users from dashboards and lists to simplify user management. Note that you can change the data source later on the Tenant settings > Tenant setting details page > Overview tab.

   5. Exchange type – Select an Exchange type: Exchange Online or Hybrid Exchange.

   6. Click Save.