Microsoft 365 offers Enterprise Mobility & Security (EMS), Windows 10, and Office 365 to enhance business productivity and security. Because Microsoft 365 offers a variety of services and features, not everything is in the same place. Therefore, we need to navigate within different portals, and familiarity with “what is where” gets really important over time.
In this course, we will have a look at some of the most common tasks to be performed by Microsoft 365 administrators related to Azure AD identities, how to secure your environment by assigning the correct permissions to your users, and how to reduce administrative overhead. We’ll do various tasks in different ways by using the Microsoft 365 Admin Center, the Azure portal, and even use Windows PowerShell for automating bulk actions.
Choosing the right type of identity for your current infrastructure is the first step for any successful Microsoft 365 deployment.
Learning Objectives
- Plan Azure AD Identities
- Manage Users and Groups
- Manage User Access with Access Reviews
- Manage Passwords and Password Policies
- Implement Self-Service Password Reset (SSPR)
- Manage Product Licenses
Intended Audience
- People preparing for Microsoft’s MS-100 exam
- Microsoft 365 Administrators
Prerequisites
- Experience with Microsoft 365
- Experience with the Azure portal
- Experience with PowerShell
Another way to create users is from the Azure AD portal. And this is accessible from your Microsoft 365 admin center because Azure AD is the directory service for Office 365. So when we open Azure ID portal, we land into the dashboard. If you have the Quick tasks pinned to your Dashboard, you can create a user from here, or you can access users on your left-hand side. If you don't see users on your left-hand side, go into All Services, and make sure to star the service you want to.
Now let's go ahead and create a new user. Click on users, and new user. When you create users, using the Azure AD portal, the process is similar to the Microsoft 365 admin center. While you may have more options to choose from, on the Azure Portal.
So let's give our user a name and a user name. You can see that every time we enter data correctly, we have the green check mark.
Now, let's click on profile. And because we are creating a cloud user, we can enter some data ourselves. Let's give more detail for this user. Then click on okay.
Let's expand the properties blade. Here you can see that the source of authority is Azure Active Directory, and that's because this is a cloud user. If you want, you can add this user to a group, let's make him a member of the security group, called Sales. Click on it, and click on select.
And now it's time to choose a role for this user. Let's click on Directory role, and we have the choice between a user, a Global admin, and a Limited administrator. And this is different from the Microsoft 365 admin center, where this was called "Customize Administrator." Let's choose Limited administrator, and if we scroll down, we have more options. Let's choose an exchange administrator, and click on okay. You can tick the box to show the password if you want to, and let's click on create. If the user doesn't appear, let's click on refresh, and now it's been created.
Note that the source is the Azure Active Directory because this a cloud user. But we haven't assigned any license yet. So let's do that now.
First, we need to click on the user, and what's very important before you can assign a license to any user, is to set the usage location. If you don't set the usage location for the user, you will get an error if you try to license this user. So let's scroll down, and under settings, we have usage location. Let's click on edit, and set the proper usage location for this user. The usage location is used by Microsoft 365 to be able to give the right features because some features are not available in some countries. Let's click on save at the top, and go to licenses.
You can see that we're still in the John Doe profile, so every license that we're gonna assign will be for this user. Let's click on assign, and products. Choose your subscription, select, and go to assignment options. This is where we choose the services to assign to the user. By default, everything is on, and you only need to set the services to off for the license not to be assigned to the user. So let's remove Microsoft Planner and the StaffHub. So instead this user will not have access to Microsoft Planner and the StaffHub. Once you're happy, click on okay, and click on assign.
We can see in the top right that the license has been assigned, and instead is currently active. From the Azure ID portal, we can also delete users, like in the Microsoft 365 admin center.
So let's go back to all users, and select the user we just created. You can see in the top row, that we have "Delete users", so before you delete the user, make sure you have some governance in place. And you particularly need to pay attention to the OneDrive for Business, as well as the emails.
When you delete a user, everything will be available for up to thirty days by default. And after those thirty days, everything will be deleted permanently.
So let's click on delete user, and yes. Now we can see that the user has been deleted successfully.
Veronique is a SharePoint and Office 365 consultant for an IT company based in Glasgow, UK. She loves photography, the outdoors, and long walks with her two dogs! You can follow Veronique on Twitter @veronicageek or read her blog at https://veronicageek.com.