Azure, Office 365, Technology

3. Creating, Configuring and Managing Identities

Understanding the concepts of user identities

  • The term identity is used for using 1 identity to sign in to multiple accounts (SSO)
  • Azure AD is the central directory services store
  • Identities can be sync’d from on premise AD

Some people say this is less secure because if a hacker gets your account details they have access to all your different systems. But you can use MFA with the identity login.

Managing Identities

  • Azure AD Portal
  • M365 admin centre
  • On Premise AD with sync using Azure AD Connect
  • PowerShell

Licences and Roles

Licences: enables/disables features that your users can utilise

Roles:  gives your users rights to perform actions including administrative controls in your environment

 

Creating, Configuring and giving a licence to User Identities

Azure Method

Create an identity:

  1. Go to Azure portal -> Azure Active Directory -> Users
  2. Click Create New
  3. Fill out their details
  4. Add to groups or assign roles if you choose
  5. NOTE: you must specify usage location, otherwise you can’t give them a licence

Assign a licence

  1. Go to the user in Azure AD
  2. Go to Licences -> Assignments
  3. Select the licences for the user and save

M365 Method

  1. Go to M365 portal -> Users -> Add User
  2. Enter their details
  3. Assign the licence (usage location is forced here)
  4. Add a Role if you choose

 

Management of User Creation in Bulk

Using the Azure Portal Web interface

  1. – go to Azure Portal -> All users
  2. – Click on “Bulk Operations” -> Bulk Create
  3. – This lets you download a CSV template you can use to create the users
  4. – Edit your template with the new users and then upload the file
  5. – this will create a “job” to create the users

 

 

Understanding Groups in Azure AD

Types of groups

  • Office 365 (Creates Team collaboration including email group)
  • Distribution Groups (Email only group)
  • Mail-enabled Security group (Security group with email)
  • Security (access to resources only)

Assigned Vs Dynamic Groups

  • Assigned groups are static. You manually assign objects
  • Dynamic groups allows Azure to be queried based upon an attribute tied to an identity. Membership is based on the attributes. EG: if in the marketing dept add them to the Marketing group

 

Group Management using M365 Admin Centre

Creating Groups

  • Go to M365 Admin portal
  • Click on ‘Groups -> Active Groups -> New Group’
  • Select the Group Type
  • Give it a name
  • Set the group owners
  • Set the Group email address
  • Choose the privacy settings (Private, public etc…)
  • Click Create

 

Creating and Managing Groups in Azure AD

Creating a group

  • Go Azure Portal ->Azure AD ->Groups ->New Group
  • Select the Group Type
  • Give it a name and description
  • Select whether you can assign Azure AD roles to this group
  • Select the membership type:
    • Assigned: static group where you assign people
    • Dynamic: this allows you to add a query to associate members to groups based on attributes. Eg: if they are in Sales dept add them to this group

 

 

Managing Licences for User Identities in Azure AD

  • Go to Azure AD -> Users -> pick a user
  • Click on Licences
  • From here you can manage the licences for that user

NOTE: for users to get a licence they must have a usage location selected

Leave a Reply

Your email address will not be published. Required fields are marked *