Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-8912: How to block attributes from syncing to Office 365 without clearing the source data

App Access Service ,   App Gateway Service ,  

5 July,17 at 09:54 PM


Is it possible to hide an attribute(s) from sync to Office 365 in order to not display in the GAL (global address list) or OAB (Offline Address Book), or in the Office 365 admin portal? 


An administrator wishes to use Mobile numbers (AD attribute name 'mobile') for MFA (SMS and Phone call challenges), but does not want a Users personal mobile phone number published in the GAL. 


This is possible, using Centrify provisioning and a custom addition to the provisioning script. Note that the example below will prevent mobile phone number from sync'ing and therefore will not be shown in the GAL or OAB, This can be modified to use other AD attribute names such as middleName or any other non-critical attributes. (DisplayName, ProxyAddresses, Mail, samAccountName, and UserPrinicipalName are REQUIRED for a successful sync/provisioning). To add this, paste the below example to a new line in the provisioning script section (Office 365 WS-Fed + Provisioning>>Provisioning>> Provisioning script)


User-added image

Once added to the Provisioning script, a new sync event is needed to sync the null value and override (if applicable) what was initially sync'd. The easiest way to do this is to Select the User(s) from the User section and choose to Sync all Apps for the User(s). 

User-added image

Or if this change is needed for more than one User (most likely), then a Full sync, bypassing cache (since we do not see a change being made in source directory or to role membership, this is needed).

To do this, in Admin portal, browse to Settings>>Users>>Outbound Provisioning>>Provision Enabled Applications (and select the Office 365 app) and then in the pop up, choose to bypass caching and re-sync all objects. Depending on your organization size, this my take a few minutes to a few hours. 

User-added image

Note that there could be a delay before the GAL is updated. Additionally, the OAB typically does not sync on demand, and so Outlook client may not update right away. Any delays in updating of the GAL/OAB will need to be addressed with Office 365 directly, as Centrify does not control the update frequency. 

For additional information not covered in this guide or troubleshooting assistance, please review Centrify Online Help or visit the Centrify Customer Portal at

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.