Microsoft 365 offers Enterprise Mobility & Security (EMS), Windows 10, and Office 365 to enhance business productivity and security. Because Microsoft 365 offers a variety of services and features, not everything is in the same place. Therefore, we need to navigate within different portals, and familiarity with “what is where” gets really important over time.
In this course, we will have a look at some of the most common tasks to be performed by Microsoft 365 administrators related to Azure AD identities, how to secure your environment by assigning the correct permissions to your users, and how to reduce administrative overhead. We’ll do various tasks in different ways by using the Microsoft 365 Admin Center, the Azure portal, and even use Windows PowerShell for automating bulk actions.
Choosing the right type of identity for your current infrastructure is the first step for any successful Microsoft 365 deployment.
Learning Objectives
- Plan Azure AD Identities
- Manage Users and Groups
- Manage User Access with Access Reviews
- Manage Passwords and Password Policies
- Implement Self-Service Password Reset (SSPR)
- Manage Product Licenses
Intended Audience
- People preparing for Microsoft’s MS-100 exam
- Microsoft 365 Administrators
Prerequisites
- Experience with Microsoft 365
- Experience with the Azure portal
- Experience with PowerShell
To manage your users in the Microsoft 365 admin center navigate to Users, Active users, and here you can see that I currently have three users. So let's go ahead and add another cloud user. Click on Add a user, give it a first name and last name, make sure you're okay with the display name, choose Username, select a Domain name, and also choose the Location for this user. Expand the Contact Information and as we are creating a cloud user we can go ahead and fill the information. Scroll down and fill what's needed, expand the Password section.
Here you can choose between an auto-generated password or you can create a password yourself. Tick the box if you want this user to change their password when they first log in, and let's expand the roles.
Here you can set your user as a simple User with no admin roles, a Global administrator, or a Customized administrator. If we choose Customized administrator you'll have more options and you can set this user with any of those admin roles. But let's go back and select user only and expand the Product licenses section.
Here you can choose which plan you wish to assign to the user and you can also create a user with no license. If you select On in here, all the services within this plan will be assigned to the user. But we can expand and choose exactly what we want to assign to the user. So let's give this user Microsoft Teams, Exchange Online, and SharePoint Online.
Scroll down and click on Add. Choose if you want to send a password by email to the user and then click Close. Now the user has been created and if we look at the sync status we can see that this is a cloud user as opposed to a synchronized user. If you need to manage a synchronized user you would need to go directly in your on-premises directory and create the user so it would be synchronized into Office 365.
Now let's imagine that this user has left the company and we want to remove the account. We can select the User, click on the ellipses at the top and Delete user. When you delete a user you have to think about the OneDrive content as well as the emails. And if you haven't created any specific retention policies then you will have up to 30 days and after those 30 days, everything will be permanently deleted. Now let's click on Delete user and confirm the changes. Click on Close and the user is now deleted. If you wish to delete a synchronized user you will again have to do it on-premises and the change will be synced to Office 365.
Veronique is a SharePoint and Office 365 consultant for an IT company based in Glasgow, UK. She loves photography, the outdoors, and long walks with her two dogs! You can follow Veronique on Twitter @veronicageek or read her blog at https://veronicageek.com.