Embed Size (px)
Citation preview
Click to edit Master subtitle style02 | Managing Users, Groups, and
Licenses
Anthony Steven | Principal Technologist, Content MasterMartin Coetzer | Portfolio Architect, Microsoft
Manage Users and Licenses by Using the Administration Center
Manage Security and Distribution Groups
• Manage Cloud Identities with Windows PowerShell
Module Overview
Manage Users and Licenses by Using the Administration CenterCreate UsersManage Users and Licenses
• Demo: Create users in Office 365
• Delete and Restore Users
• Common Errors and Best Practice Guidelines
Create Users
• Three ways to create and manage users:– Using only Office 365
– Using Office 365 synchronized with a directory service
– Using AD FS
• User provisioning options:– Office 365 Administration Portal
–Windows PowerShell
– Bulk Import (CSV file)
– Directory Synchronization
Manage Users and Licenses
• Edit single or multiple users in Office 365 admin center– Domain and company information
– Administrator roles
– Sign-in status
– User location
• Assign Office 365 service licenses to users– Replace existing licenses
– Add to existing licenses
• View license information– Number of licenses used
– Unlicensed users
Demo: Create Users in Office 365
Delete and Restore Users
• Delete single or multiple users– Office 365 admin center portal
– Windows Azure Active Directory Module for Windows PowerShell - Remove-MsolUser
– Deleted users are ‘inactive’ for 30 days (‘soft delete’)
• Restore deleted users before 30 day grace period– Office 365 admin center portal
– Windows Azure Active Directory Module for Windows PowerShell - Restore-MsolUser
Common Errors and Best Practice Guidelines• Common errors– Default password policy is not defined, so Office 365 email
does not work and users have to change their passwords
– User leaves the organization and when his or her account is deleted, the user’s mailbox is also deleted
• Best practices– Design user account plan for the future
– Standardize on user naming conventions
– Ensure accuracy when entering names
– Look for duplicate accounts when using directory sync
Manage Security and Distribution GroupsCreate and Edit Office 365 Security Groups
• Demo: Create Security Groups in Office 365
• Delete Office 365 Security Groups
• Exchange Online and SharePoint Online Groups
• Common Errors and Best Practice Guidelines
Create and Edit Office 365 Security Groups• Office 365 security groups are not mail-enabled–Mail-enabled groups do not appear in the Office 365 admin
center portal
• Security groups are used to grant permissions to sites and resources in SharePoint Online
• Create groups with admin center portal or through Windows PowerShell – New-MsolGroup
• Security groups can be nested to improve organization
Demo: Create Security Groups in Office 365
Delete Office 365 Security Groups
• Deleted security groups are permanently deleted– Its members are not deleted
• Delete security groups– Admin center portal
–Windows PowerShell – Remove-MsolGroup
Exchange Online and SharePoint Online Groups• Exchange Online groups– Distribution groups
– Mail-enabled security groups
– Dynamic distribution groups
• SharePoint Online groups– Collection of users with same permission level
– Typically contain Office 365 security groups
• Default SharePoint groups– Dependent on site template used
Common Errors and Best Practice Guidelines• Common errors– Poorly documented security group structure
– Overly complex security group structure
– User unintentionally becomes a member of a dynamic distribution group
• Best practices– Organize users logically based on access needs
– Add groups to SharePoint groups rather than users
– Keep naming convention simple and clear
– Maintain a well-defined account provisioning process
– Create policies and procedures for group maintenance
Manage Cloud Identities with Windows PowerShellUsing Windows PowerShell with Office 365
• Demo: Create Users with PowerShell
• Managing Users and Licenses with PowerShell
• Managing Security Groups with PowerShell
• Common Errors and Best Practice Guidelines
Using Windows PowerShell with Office 365• WAAD Module for PowerShell– Connects to Office 365 to perform common and repetitive
administrative tasks
• Ensure your environment meets requirements
• Using WAAD Module for PowerShell to manage Office 365
1. Install the module
2. Connect to the service
3. Use Get-help
Demo: Create Users with PowerShell
Managing Users and Licenses with PowerShell• Add users and licenses - New-MsolUser
– -LicenseAssignment switch to assign licenses
• Manage licenses - Set-MsolUserLicense– Use scripts to bulk update licenses
– -LicenseOptions switch to assign subset of licenses
• Delete users - Remove-MsolUser– Soft delete – remains in recycle bin for 30 days
– Hard delete – permanently deleted from recycle bin
• Restore users - Restore-MsolUser– Within 30 days
Managing Security Groups with PowerShell• Create security groups– New-MsolGroup
• Delete security groups– Remove-MsolGroup
• Add users to and remove users from a security group– Get-MsolUser (to retrieve objectId)
– Add-MsolGroupMember
– Remove-MsolGroupMember
Common Errors and Best Practice Guidelines• Common errors
– Changing a license incorrectly disconnects the mailbox
– Deleting groups and users by mistake
– Not reviewing or testing PowerShell scripts
– Not knowing the difference between connecting to the Windows Azure Active Directory and the tenant
– Not having a usage location set for users
• Best practices– Review and test PowerShell scripts thoroughly
– Validate changes made by PowerShell scripts
– Only provide permissions to the appropriate people
Manage Users and Licenses by Using the Administration Center
Manage Security and Distribution Groups
• Manage Cloud Identities with Windows PowerShell
Module Review
©2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
