# Microsoft 365 This guide covers the full process of integrating Peig with Microsoft 365 — from initial setup through to federation, after which Peig handles all authentication for your Microsoft 365 domain and passwords are no longer used. ## Prerequisites Before starting, confirm you have the following in place: * A Microsoft 365 tenant with a **corporate domain** — not the initial `.onmicrosoft.com` domain * At least one **Microsoft 365 Business Premium** license assigned to the admin account (required for SSO and user provisioning) * **Global Administrator** access to Microsoft Entra ID * **Global Admin** access to your Peig workspace ## How the deployment works The Microsoft 365 deployment is divided into three phases: **Preparation** — Tasks that can be completed in advance at your own pace. Setting up Entra ID, registering the app, and configuring the Peig connector. None of this affects your existing Microsoft 365 authentication until the Cutover phase. **Migration** — Time-sensitive. Users onboard to Peig while still authenticating via their existing Microsoft credentials. This phase should take place during a low-activity window and must have a clear deadline. Once complete, the migration configuration is removed. **Cutover** — The domain is switched from managed to federated. From this point, all Microsoft 365 authentication is handled by Peig. Users can no longer log in with passwords. Plan this step carefully — it should happen when users are not active. {% hint style="danger" %} Once the domain is switched to federated, users who have not completed onboarding will lose access. Ensure all users are onboarded before cutover. {% endhint %} ## Deployment steps | Step | Description | Phase | | -------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------- | ----------- | | [1. Microsoft Entra ID Setup](/welcome-to-peig-documentation/deployment-guides/microsoft-365/entra-id-setup.md) | Create or confirm your Entra tenant and corporate domain | Preparation | | [2. App Registration](/welcome-to-peig-documentation/deployment-guides/microsoft-365/app-registration.md) | Register PeigUserManagerApp in Entra and assign permissions | Preparation | | [3. Configure Peig Connector](/welcome-to-peig-documentation/deployment-guides/microsoft-365/configure-connector.md) | Set up the Microsoft 365 provider connector in Peig | Preparation | | [4. User Migration](/welcome-to-peig-documentation/deployment-guides/microsoft-365/user-migration.md) | Onboard users while Microsoft still handles authentication | Migration | | [5. Federation Setup](/welcome-to-peig-documentation/deployment-guides/microsoft-365/federation-setup.md) | Switch the domain to federated — Peig takes over authentication | Cutover | ## Additional guides * [Managing MS365 Identifiers](/welcome-to-peig-documentation/deployment-guides/microsoft-365/managing-identifiers.md) — Resolving account mismatches between Peig and Microsoft 365 * [Entra Device Enrollment](/welcome-to-peig-documentation/deployment-guides/microsoft-365/entra-device-enrollment.md) — Configuring Peig as the Web Sign-In provider for Entra Joined Windows devices ## Important notes {% hint style="warning" %} Do not assign the Microsoft 365 provider to any users until Step 5 is complete. Assigning it prematurely requires removing and re-adding the provider, which causes all user group associations to be lost. {% endhint %} {% hint style="warning" %} Federation can only be enabled or disabled once every 10 minutes. Make sure you are ready before executing the cutover step. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.peig.io/welcome-to-peig-documentation/deployment-guides/microsoft-365.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.