Click to edit Master subtitle style

03 | Administering Office 365

Anthony Steven | Principal Technologist, Content MasterMartin Coetzer | Portfolio Architect, Microsoft

Manage Administrator Roles in Office 365

Configure Password Management

• Administer Rights Management

Module Overview

Manage Administrator Roles in Office 365Office 365 Administrator RolesAssign Administrator Roles

• Demo – Assign Administrator Roles

• Delegated Administration

• Common Errors and Best Practice Guidelines

Office 365 Administrator Roles

Office 365 Administrator Role Role Tasks

Billing administrator Make purchases, manage subscriptions, manage support tickets, and monitor service health

Global administrator Perform all administrative tasksPassword administrator Change/reset passwords, manage service requests,

and monitor service healthService administrator Manage service requests and monitor service healthUser management administrator

Create and delete users and groups, reset passwords, manage service requests, and monitor service health

Assign Administrator Roles

• In the Office 365 admin center– Admin>Office 365>users and groups

– Select user>edit

– On settings page, assign role, select admin role and provide alternate email address

• In Windows PowerShell– Get-MsolRole

– Get-MsolUserRole

– Get-MsolUserRoleMember

– Add-MsolRoleMember

– Remove-MsolRoleMember

Demo: Assign Administrator Roles

Delegated Administration

• Delegated administration process– Open offer email from partner

– Navigate to authorization page in Office 365

– Authorize the partner

– Start the trial or subscription

• Partner assigned administration roles– Full administration = Global administrator

– Limited administration = Password administrator

Common Errors and Best Practice Guidelines• Common errors– Granting more access than is necessary

– Not planning administration roles

– Not following a reference model

• Best practices– Ensure that administrator roles are carefully planned

– Document and audit administration roles/privileges

– Keep administration roles up to date

– Get approval/sign off on administration roles design

Configure Password Management

Manage Passwords and Password PoliciesManage Passwords and Password Policies with PowerShell

• Demo: Changing Passwords and Setting Password Policy

• Common Errors and Best Practice Guidelines

Manage Passwords and Password Policies• Password expiry policy– Number of days before it expires

– Number of days warning prior to expiry

• Resetting user passwords– Creates new temporary password

• Resetting admin passwords– Reset it yourself

– Get another admin to reset for you

Manage Passwords and Password Policies with PowerShell• Change/reset a user’s password

• Set tenant password policy– Password expiry

– Password expiry notification warning

• Configure user password to never expire

• Remove the never-expires setting

• View which user passwords are set to never expire– All these settings are for single user or all users

• Remove strong password complexity requirements– Single user only

Demo: Changing Passwords and Setting Password Policy

Common Errors and Best Practice Guidelines• Common errors– Not standardizing password policies

– Not aligning cloud policies with on-premise policies

• Best practices– Ensure administrator roles are correctly defined.

– Ensure users and administrators know the password reset process

– Create standard password policies

– Enforce strong passwords

Administer Rights ManagementRMS in Office 365 OverviewPlan RMS in Office 365Activate and Configure RMS in Office 365RMS Integration with Exchange OnlineRMS Integration with SharePoint OnlineRMS Integration with Office

• Common Errors and Best Practice Guidelines

RMS in Office 365 Overview

• Protects sensitive data– Email

– Documents

• Offers persistent protection – Static or in transit

• Integrates with Office 365– Office integration

– Exchange Online

– SharePoint Online

Plan RMS in Office 365

1. Create Office 365 tenant security groups and mail-enabled groups

2. Decide who will manage the tenant key, you or Microsoft

3. Download and install the Rights Management module for Windows PowerShell

4. Activate Rights Management

Activate and Configure RMS in Office 365• Activate using admin center portal– Service settings>rights management>manage>activate

• Activate using Windows PowerShell– Import-Module aadrm

– Connect-aadrmservice

– Enable-aadrm

• Manage RMS administrator roles– Add-AadrmRoleBasedAdministrator

– Get-AadrmRoleBasedAdministrator

– Remove-AadrmRoleBasedAdministrator

RMS Integration with Exchange Online

• Enable IRM Services in Exchange Online1. Enable Rights Management in Office 365

2. Connect to Exchange Online with Remote PowerShell

3. Configure RMS Online Key Sharing Location

4. Import TPD from RMS Online

5. Enable IRM in Exchange Online

6. Test IRM configuration

• Apply IRM to emails in OWA

• Administrator-defined IRM in Exchange Online– Transport protection rules (Outlook and OWA)

– Outlook protection rules (Outlook)

RMS Integration with SharePoint Online

• Enable IRM Services in SharePoint Online– SharePoint admin center>settings>Information Rights

Management>Use the IRM service specified in your configuration

– Refresh IRM settings

• Apply IRM to document libraries or lists in SharePoint Online– Library>Library Settings>Permissions and

Management>Information Rights Management>Restrict permissions on this library on download

– Configure document access rights

RMS Integration with Office

• Office support for Rights Management

– Office Pro Plus 2013 and Office 2010 – supported

– Office 2007 – not supported

• Office Professional Plus 2013 Client Configuration

– Install Office and login with Office 365 credentials

• Office 2010 Client Configuration

– Install Office

– Install RMS sharing application

– Login with Office 365 credentials

• Protecting Office Content with Rights Management

– Templates

– User defined rights

Common Errors and Best Practice Guidelines• Common errors– Lack of administrator knowledge

– Lack of end-user training

– RMS policies too complex

– Non-MS device compatibility

• Best practices– Use KISS principle

– Ensure users are aware that IRM is only for Office 2010/ 2013 clients

Manage Administrator Roles in Office 365

Configure Password Management

• Administer Rights Management

Module Review

©2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.