Mod 2: User Management

Chris Oakman | Managing Partner Infrastructure Team | Eastridge TechnologyStephen Hall | CEO & SMB Technologist | District Computers

Version 2.0 for Office 365

Day 1Administering Office 365

Day 2Administering Office 365

Office 365 Overview & Infrastructure Administering Lync Online

Office 365 User Management Administering SharePoint Online

Office 365 DirSync, Single Sign-On & ADFS Exchange Online Basic Management

MEAL BREAK

Exchange Online Deployment & Migration

Exchange Security & Protection

Exchange Online Archiving & Compliance

Jump Start Schedule – Target Agenda

Module 2: User Management

• Adding a New Domain to Office 365• Understanding Identities• Adding/Managing Users & Groups• Administration Roles Overview

For Midsize Businesses and Enterprises

Add A New Domain to Office 365

Add and verify a domain name

Prepare before you add your domain

Specify services for your domain

Edit DNS records for Office 365 services

DEMO | Adding a domain Using:

Office 365 admin center Public DNS (GoDaddy.com) Private DNS (Windows

Server)

Module 2: User Management

• Adding a New Domain to Office 365• Understanding Identities• Adding/Managing Users & Groups• Administration Roles Overview

For Midsize Businesses and Enterprises

Understanding Identities | Identity TypesCloud Identity Separate credential from

corporate credential Authentication occurs via

cloud directory service Password policy is stored

in Office 365

Federated Identity• Same credential as

corporate credential• Authentication occurs via

on-premises Active Directory service

• Password policy is stored on-premises

• Requires Directory Synchronization

Identity Usage Scenarios 

Cloud IdentityCloud Identity +

DirSyncFederated Identity*

Scenario

Smaller organizations with or without on-premises Active Directory

Medium-Large organizations with Active Directory on-premises

Large organizations with Active Directory on-premises

Requires DirSync

Pros

Does not require on-premises server deployment

“Source of Authority” is on-premises

Enables coexistence

Single Sign-On experience

“Source of Authority” is on-premises

2 Factor Authentication options

Enables coexistence

Cons

No Single Sign-On

No 2 Factor Authentication options

2 sets of credentials to manage with, potentially, different password policies

No Single Sign-On

No 2 Factor Authentication options

2 sets of credentials to manage with, potentially, different password policies

Requires on-premises server deployment

Requires on-premises server deployment in high availability scenario

Require Fields for Office 365 Identity/User• Display name• User name• User location*

* - Required by Office 365 admin center GUI, NOT by PowerShell

Module 2: User Management

• Adding a New Domain to Office 365• Understanding Identities• Adding/Managing Users & Groups• Administration Roles Overview

For Midsize Businesses and Enterprises

Three Options for Provisioning Users• Office 365 Admin Center

Manual/Single user creation Bulk/CSV Import

• Directory Synchronization Includes on-premises Active Directory objects created via Active

Directory Users and Computers, Exchange Management Console, 3rd party identity management solutions, etc.

• PowerShell Microsoft Online Services Module for Windows PowerShell Native Exchange cmdlets via remote PowerShell

NOTE - Either Cloud or federated identity required

Simple User Management

Add, Upload, Delete, Filter or Search for Users

Edit or Delete a Select User or Group of Users

Reset user password or edit User Exchange or Lync properties

Manage active users, deleted users, security groups or

delegated admins

Enhanced User Management

Manage password expiration policy for all users

Activate Directory Synchronization

Password Management | Office 365 admin center• Creates an auto-generated password• Requires user to change password on next login• Allows admin to send password through email

Password Management | PowerShell

• Set user password & force change on next login:Set-MsolUserPassword -userPrincipalName <user ID> -NewPassword “password“

• Set user password without forcing a password change:Set-MsolUserPassword -userPrincipalName <user ID> -NewPassword

“password" -ForceChangePassword $false

Password Expiration Policy| Office 365 Admin Center• Password duration limitations

14 days - 730 days

NOTE – The default number of days before passwords expire is 90 days

Password Expiration Management| PowerShell• Set a user password to expire

Set-MsolUser -UserPrincipalName <user ID> -PasswordNeverExpires $false

• Set a user password to never expire (not recommended)

Set-MsolUser -UserPrincipalName <user ID> -PasswordNeverExpires $true

• Set all user passwords to expire / never expire (not recommended)Get-MSOLUser | Set-MsolUser -PasswordNeverExpires $false //set all passwords to expireGet-MSOLUser | Set-MsolUser -PasswordNeverExpires $true //set all passwords to never

expire

• Determine which passwords are set to never expireGet-MSOLUser | Select UserPrincipalName, PasswordNeverExpires

DEMO | Managing Cloud Users

Using Office 365 Admin CenterAdd Single user Add Multiple usersChange password timeout settingsReset password

Using PowerShell Set new user’s password to Change new user’s password

to never expire Setting passwords on

multiple user accounts

Module 2: User Management

• Adding a New Domain to Office 365• Understanding Identities• Adding/Managing Users & Groups• Administration Roles Overview

For Midsize Businesses and Enterprises

Overview of Administration Roles

Tenant Admin

Includes full permissions to the company Is the role assigned to the initial user created when signing up Can assign admin permissions to other users

Billing Admin Has full permissions for billing tasks and read-only permissions for company objects

(domains, users) Receives notifications for billing events

User Account Admin

Has read-only permissions to all company objects and has user administration permissions Cannot make changes to billing or tenant admins

Help Desk Admin

Has read-only permission to all company objects and has reset password privileges Cannot reset password for tenant, billing, or user account admins

Service Support Admin

Has read-only permissions to all company objects Has the ability to manage individual services

User Is the default role for all users Does not include any admin permissions

Administrator Permissions by Role

http://onlinehelp.microsoft.com/en-us/office365-enterprises/ff637584.aspx

DEMO | Assigning Roles & Licenses

Using Office 365 Admin Center