@vmanalyst!

Cloud Office365

Part 3 – Office365 -Identity and Access – Users, Groups & Devices

By Ash Thomas #

Loading

In this blog, we will explore the identity management section of Azure AD.

Create AD Groups

There are three groups in Azure

  • Security Group – eg: Marketing Any users in the Marketing group, will gain access to that group
  • Microsoft365 – provides collaboration options such as access to a shared mailbox, files, SharePoint site, etc.
  • Dynamic Group – Allows grouping of users based on location, department, etc

Let’s begin by creating a dynamic group in Azure for our Norfolk Office

We will choose Dynamic Group as we will want to group users later based on the office location they work

Every group should have a group owner so we’ve added one here.

Creating Users

Since we choose to add users dynamically via their office location, our users will be automatically added to the group when the office location is set to Norfolk.

Password Reset Registration

Self-service password resets can be done via the below tab

We will add email/phone authentication

Notify users about events on password resets

Assigning Users to Groups

Go to groups, add memberships and choose to add the user. As a group owner we can add members into a group.

Assigning Licenses to Individual Users

Microsoft 365 licenses can be applied at the individual user level or at the group so here is the method to assign licenses at a user level.

Add the license required

Our license is thus entitled to the user.

Assigning Licenses to Groups

Rather than assigning licenses at an individual user level, it’s much faster and recommended to do the assignment at the group level and this happens under the licenses tab at the Group level. When you add a member to this group, you get licenses automatically, and when you remove the user losses his licenses as well.

As expected, the licenses are inherited from our AD Group Norfolk.

Creating Administrative Units

AU in short will give a few users some privileged access in our Norfolk office so they can reset passwords, assign licenses etc.

Click on the helpdesk administrator

Add Sarla as our Helpdesk admin for Norfolk Site

Click Review and Create

Our Administrative Unit Norfolk HelpDesk Admins is now ready.

Test User Access

Login as the new user we created using one of the links

We’ve secured our access using phone/email

Once logged in, I should be able to see the apps I provisioned to the user.

Monitoring Office 365 Consumption

Login into the admin center to verify the license utilization

Deleting Groups

An important point to remember is we can restore groups that are created with Microsoft365 security type but we cant restore Security groups.

Our Microsoft 365 Group has been restored

(Visited 64 times, 1 visits today)

By Ash Thomas

Ash Thomas is a seasoned IT professional with extensive experience as a technical expert, complemented by a keen interest in blockchain technology.

Leave a Reply