View
256
Download
4
Category
Tags:
Preview:
Citation preview
Mod 2: User Management
Chris Oakman | Managing Partner Infrastructure Team | Eastridge TechnologyStephen Hall | CEO & SMB Technologist | District Computers
Version 2.0 for Office 365
Day 1Administering Office 365
Day 2Administering Office 365
Office 365 Overview & Infrastructure Administering Lync Online
Office 365 User Management Administering SharePoint Online
Office 365 DirSync, Single Sign-On & ADFS Exchange Online Basic Management
MEAL BREAK
Exchange Online Deployment & Migration
Exchange Security & Protection
Exchange Online Archiving & Compliance
Jump Start Schedule – Target Agenda
Module 2: User Management
• Adding a New Domain to Office 365• Understanding Identities• Adding/Managing Users & Groups• Administration Roles Overview
For Midsize Businesses and Enterprises
Add A New Domain to Office 365
Add and verify a domain name
Prepare before you add your domain
Specify services for your domain
Edit DNS records for Office 365 services
DEMO | Adding a domain Using:
Office 365 admin center Public DNS (GoDaddy.com) Private DNS (Windows
Server)
Module 2: User Management
• Adding a New Domain to Office 365• Understanding Identities• Adding/Managing Users & Groups• Administration Roles Overview
For Midsize Businesses and Enterprises
Understanding Identities | Identity TypesCloud Identity Separate credential from
corporate credential Authentication occurs via
cloud directory service Password policy is stored
in Office 365
Federated Identity• Same credential as
corporate credential• Authentication occurs via
on-premises Active Directory service
• Password policy is stored on-premises
• Requires Directory Synchronization
Identity Usage Scenarios
Cloud IdentityCloud Identity +
DirSyncFederated Identity*
Scenario
Smaller organizations with or without on-premises Active Directory
Medium-Large organizations with Active Directory on-premises
Large organizations with Active Directory on-premises
Requires DirSync
Pros
Does not require on-premises server deployment
“Source of Authority” is on-premises
Enables coexistence
Single Sign-On experience
“Source of Authority” is on-premises
2 Factor Authentication options
Enables coexistence
Cons
No Single Sign-On
No 2 Factor Authentication options
2 sets of credentials to manage with, potentially, different password policies
No Single Sign-On
No 2 Factor Authentication options
2 sets of credentials to manage with, potentially, different password policies
Requires on-premises server deployment
Requires on-premises server deployment in high availability scenario
Require Fields for Office 365 Identity/User• Display name• User name• User location*
* - Required by Office 365 admin center GUI, NOT by PowerShell
Module 2: User Management
• Adding a New Domain to Office 365• Understanding Identities• Adding/Managing Users & Groups• Administration Roles Overview
For Midsize Businesses and Enterprises
Three Options for Provisioning Users• Office 365 Admin Center
Manual/Single user creation Bulk/CSV Import
• Directory Synchronization Includes on-premises Active Directory objects created via Active
Directory Users and Computers, Exchange Management Console, 3rd party identity management solutions, etc.
• PowerShell Microsoft Online Services Module for Windows PowerShell Native Exchange cmdlets via remote PowerShell
NOTE - Either Cloud or federated identity required
Simple User Management
Add, Upload, Delete, Filter or Search for Users
Edit or Delete a Select User or Group of Users
Reset user password or edit User Exchange or Lync properties
Manage active users, deleted users, security groups or
delegated admins
Enhanced User Management
Manage password expiration policy for all users
Activate Directory Synchronization
Password Management | Office 365 admin center• Creates an auto-generated password• Requires user to change password on next login• Allows admin to send password through email
Password Management | PowerShell
• Set user password & force change on next login:Set-MsolUserPassword -userPrincipalName <user ID> -NewPassword “password“
• Set user password without forcing a password change:Set-MsolUserPassword -userPrincipalName <user ID> -NewPassword
“password" -ForceChangePassword $false
Password Expiration Policy| Office 365 Admin Center• Password duration limitations
14 days - 730 days
NOTE – The default number of days before passwords expire is 90 days
Password Expiration Management| PowerShell• Set a user password to expire
Set-MsolUser -UserPrincipalName <user ID> -PasswordNeverExpires $false
• Set a user password to never expire (not recommended)
Set-MsolUser -UserPrincipalName <user ID> -PasswordNeverExpires $true
• Set all user passwords to expire / never expire (not recommended)Get-MSOLUser | Set-MsolUser -PasswordNeverExpires $false //set all passwords to expireGet-MSOLUser | Set-MsolUser -PasswordNeverExpires $true //set all passwords to never
expire
• Determine which passwords are set to never expireGet-MSOLUser | Select UserPrincipalName, PasswordNeverExpires
DEMO | Managing Cloud Users
Using Office 365 Admin CenterAdd Single user Add Multiple usersChange password timeout settingsReset password
Using PowerShell Set new user’s password to Change new user’s password
to never expire Setting passwords on
multiple user accounts
Module 2: User Management
• Adding a New Domain to Office 365• Understanding Identities• Adding/Managing Users & Groups• Administration Roles Overview
For Midsize Businesses and Enterprises
Overview of Administration Roles
Tenant Admin
Includes full permissions to the company Is the role assigned to the initial user created when signing up Can assign admin permissions to other users
Billing Admin Has full permissions for billing tasks and read-only permissions for company objects
(domains, users) Receives notifications for billing events
User Account Admin
Has read-only permissions to all company objects and has user administration permissions Cannot make changes to billing or tenant admins
Help Desk Admin
Has read-only permission to all company objects and has reset password privileges Cannot reset password for tenant, billing, or user account admins
Service Support Admin
Has read-only permissions to all company objects Has the ability to manage individual services
User Is the default role for all users Does not include any admin permissions
Administrator Permissions by Role
http://onlinehelp.microsoft.com/en-us/office365-enterprises/ff637584.aspx
Recommended