Azure AD Identities
Managing Users and Groups
Managing Passwords and Password Policies
Self-Service Password Reset
Managing Product Licenses
The course is part of this learning path
Microsoft 365 offers Enterprise Mobility & Security (EMS), Windows 10, and Office 365 to enhance business productivity and security. Because Microsoft 365 offers a variety of services and features, not everything is in the same place. Therefore, we need to navigate within different portals, and familiarity with “what is where” gets really important over time.
In this course, we will have a look at some of the most common tasks to be performed by Microsoft 365 administrators related to Azure AD identities, how to secure your environment by assigning the correct permissions to your users, and how to reduce administrative overhead. We’ll do various tasks in different ways by using the Microsoft 365 Admin Center, the Azure portal, and even use Windows PowerShell for automating bulk actions.
Choosing the right type of identity for your current infrastructure is the first step for any successful Microsoft 365 deployment.
- Plan Azure AD Identities
- Manage Users and Groups
- Manage User Access with Access Reviews
- Manage Passwords and Password Policies
- Implement Self-Service Password Reset (SSPR)
- Manage Product Licenses
- People preparing for Microsoft’s MS-100 exam
- Microsoft 365 Administrators
- Experience with Microsoft 365
- Experience with the Azure portal
- Experience with PowerShell
We can also manage groups from the Azure AD portal. When you're logged into the Azure portal, if you have the quick task on your dashboard, you can create a group from here or you can go to the Groups section that you have on your left-hand side. If you do not see the Groups section on your left-hand side, go to All services, and make sure to start the Groups service. Then, it will appear on your left-hand side.
Let's click on Groups and we have a list of all our groups currently within the tenant. Let's create a new group by clicking on New group.
First, we need to choose the group type. Let's click on the drop-down menu, and from the Azure AD portal, you can see that this is different from the Microsoft 365 admin center where we also had mail-enabled security groups and distribution lists. Let's choose an Office 365 group.
Give your group a name, give it a description and choose the membership type. Expand the menu and you have the choice to assign members directly or use dynamic user. Dynamic user will add members in this group who have specific attributes. Let's choose Assigned and let's add members. We can search users by name or email address, or we can simply select them from the list. Then click on Select.
We now have two members selected for this group, and let's create the group. Now the group has been successfully created.
We can go back to groups on the left-hand side or we can close the blade, and we are back to All groups. We can see our marketing group created, but from the Azure portal, we actually have way more options than from the Microsoft 365 admin center.
If we click on to General, you have a lot of settings that you can choose for groups. Do you want to enable Self Service Group Management or do you want users to be able to create security groups? You have a section about Office 365 groups as well. And if we go into exploration, we can even set a lifetime for the group. So those are a few settings that you can use to manage your groups as well.
Let's go back to All groups and click on our new group. We can see that we have two members and one owner, and on the left-hand side, we can add Members if we want to. We can add Owners, and we can also make this group part of another group. If you are using the group-based licensing, we can also assign licenses to members of this group.
So, let's go back to Overview and delete this group. You can see at the top, we have Delete. Click Yes to delete this group. Click on All groups, and indeed the group has been removed.
Another thing that we can do from the Azure AD portal that we cannot do from the Microsoft 365 admin center is go to the Deleted groups. And from this panel, we can select a group, and either restore the group or delete permanently. Let's click on Delete permanently. Make sure that's really what you want to do because you're not going to be able to restore it, and click on Yes. And now the group has been permanently deleted.
Veronique is a SharePoint and Office 365 consultant for an IT company based in Glasgow, UK. She loves photography, the outdoors, and long walks with her two dogs! You can follow Veronique on Twitter @veronicageek or read her blog at https://veronicageek.com.