Automatic provisioning of agent based on M365 group or similar?

With LDAP, you can provision agents just by adding them to the proper LDAP group on the LDAP server (if you configure that in the LDAP integration) which is very nice. Admins literally don’t have to lift a finger to make a new employee a Zammad agent if they’re supposed to be, just add them to the right group when the AD account is created.

Is there a way to simulate this via Microsoft 365 authentication? I set up the authentication, limited the access to use this auth source to a few specific groups in Microsoft 365 and it seems to be working great, but I have to manually assign users to be agents. That’s an extra step. Obviously nothing insurmountable but it’s very nice to just have that “happen” after you create a user in M365.

No that’s not possible - however, the LDAP sync can either add the new user before the first login or update it after (depending on what scenario comes first). The Microsoft 365 login, like all other login methods, is fairly limitted so there’s also things like e.g. phone numbers missing.

Also the login only sets first- and lastname during the initial first login (that creates the user) and never again touches the meta data. So the LDAP sync would be the cleaner approach to ensure data stays current and clean.