Microsoft 365 offers Enterprise Mobility & Security (EMS), Windows 10, and Office 365 to enhance business productivity and security. Because Microsoft 365 offers a variety of services and features, not everything is in the same place. Therefore, we need to navigate within different portals, and familiarity with “what is where” gets really important over time.
In this course, we will have a look at some of the most common tasks to be performed by Microsoft 365 administrators related to Azure AD identities, how to secure your environment by assigning the correct permissions to your users, and how to reduce administrative overhead. We’ll do various tasks in different ways by using the Microsoft 365 Admin Center, the Azure portal, and even use Windows PowerShell for automating bulk actions.
Choosing the right type of identity for your current infrastructure is the first step for any successful Microsoft 365 deployment.
Learning Objectives
- Plan Azure AD Identities
- Manage Users and Groups
- Manage User Access with Access Reviews
- Manage Passwords and Password Policies
- Implement Self-Service Password Reset (SSPR)
- Manage Product Licenses
Intended Audience
- People preparing for Microsoft’s MS-100 exam
- Microsoft 365 Administrators
Prerequisites
- Experience with Microsoft 365
- Experience with the Azure portal
- Experience with PowerShell
If you have an Azure AD Premium P2 or an EMS E5 subscription, then you can use access reviews. And with this feature, you can review on a regular basis if your users still need access to let's say to an application or be a member of a group for instance. But first, we need to configure the access reviews.
So, when you log into your Azure ID portal, we need to go to access reviews. If you don't see access reviews on your left panel, make sure to go to all services, and star the service that you want to create a shortcut for. Let's click on access reviews. And if you never used access reviews and this is your first time, you can see that all the options are currently grayed out. The only one available is onboard, so let's click on onboard, and click on onboard now.
Let's go back to access reviews, and now the options are available. Now let's go ahead and create a new access review. Click on controls, and new access review. Give your review a name, give the description if you need to, you can specify when this new access review should start. By default it is set to the date you are actually creating this review or you can change it.
Then, for the frequency, expand the menu. And you can specify if this access review should occur as a one-time, weekly, monthly, quarterly or even annually. The duration in days by default for monthly is fourteen days, which means that the reviewer will have fourteen days to review the memberships.
Then, we can set when this access review should end, if you choose never, everything will be grayed out, end by, we can set an end date and occurrences. You need to specify the number of occurrences for the end.
If we expand the menu for users to review, we can review members of a group, or assign to an application. For this demonstration, let's choose members of a group and select the scope.
Do you want to target only guest users? Or everyone? Now, it's time to select the group, choose your group and click on select. For the reviewers, expand the menu and we have group owners, selected users or members. Where members will be members themselves reviewing their memberships.
On the programs section, if you click on it, Azure AD offers you a default program, but you can create some more like a GDPR program or a finance program, for instance. And so you would target those specific programs. If you don't wanna specify your program, just close the blade.
On the upon completion settings, what do you wanna do after the reviews take place? Do you want to auto-apply the results and what should happen if the reviewer is not responding to your access review? You can decide not to make any changes, be a little more strict and remove the access, approve the access, or take recommendations from Microsoft.
In advanced settings, we have more settings that we can choose from. Like, do you wanna enforce the reason for approval, main notifications, and reminders.
Once we're happy, click on start. The access review is now being created. And let's go back to overview. Now we can see that the dashboard has already changed.
Veronique is a SharePoint and Office 365 consultant for an IT company based in Glasgow, UK. She loves photography, the outdoors, and long walks with her two dogs! You can follow Veronique on Twitter @veronicageek or read her blog at https://veronicageek.com.