{"id":784,"date":"2022-05-01T21:42:09","date_gmt":"2022-05-01T21:42:09","guid":{"rendered":"https:\/\/www.spktechfit.com\/?p=784"},"modified":"2022-05-01T21:42:09","modified_gmt":"2022-05-01T21:42:09","slug":"3-creating-configuring-and-managing-identities","status":"publish","type":"post","link":"https:\/\/www.spktechfit.com\/?p=784","title":{"rendered":"3. Creating, Configuring and Managing Identities"},"content":{"rendered":"<h2>Understanding the concepts of user identities<\/h2>\n<ul>\n<li>The term identity is used for using 1 identity to sign in to multiple accounts (SSO)<\/li>\n<li>Azure AD is the central directory services store<\/li>\n<li>Identities can be sync&#8217;d from on premise AD<\/li>\n<\/ul>\n<p>Some people say this is less secure because if a hacker gets your account details they have access to all your different systems. But you can use MFA with the identity login.<\/p>\n<h3>Managing Identities<\/h3>\n<ul>\n<li>Azure AD Portal<\/li>\n<li>M365 admin centre<\/li>\n<li>On Premise AD with sync using Azure AD Connect<\/li>\n<li>PowerShell<\/li>\n<\/ul>\n<h3>Licences and Roles<\/h3>\n<p>Licences: enables\/disables features that your users can utilise<\/p>\n<p>Roles:\u00a0 gives your users rights to perform actions including administrative controls in your environment<\/p>\n<p>&nbsp;<\/p>\n<h2>Creating, Configuring and giving a licence to User Identities<\/h2>\n<h3><b>Azure Method<\/b><\/h3>\n<p>Create an identity:<\/p>\n<ol>\n<li>Go to Azure portal -&gt; Azure Active Directory -&gt; Users<\/li>\n<li>Click Create New<\/li>\n<li>Fill out their details<\/li>\n<li>Add to groups or assign roles if you choose<\/li>\n<li><b>NOTE: <\/b>you must specify usage location, otherwise you can&#8217;t give them a licence<\/li>\n<\/ol>\n<p>Assign a licence<\/p>\n<ol>\n<li>Go to the user in Azure AD<\/li>\n<li>Go to Licences -&gt; Assignments<\/li>\n<li>Select the licences for the user and save<\/li>\n<\/ol>\n<h3><b>M365 Method<\/b><\/h3>\n<ol>\n<li>Go to M365 portal -&gt; Users -&gt; Add User<\/li>\n<li>Enter their details<\/li>\n<li>Assign the licence (usage location is forced here)<\/li>\n<li>Add a Role if you choose<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<h2>Management of User Creation in Bulk<\/h2>\n<p><b>Using the Azure Portal Web interface<\/b><\/p>\n<ol>\n<li>&#8211; go to Azure Portal -&gt; All users<\/li>\n<li>&#8211; Click on &#8220;Bulk Operations&#8221; -&gt; Bulk Create<\/li>\n<li>&#8211; This lets you download a CSV\u00a0template you can use to create the users<\/li>\n<li>&#8211; Edit your template with the new users and then upload the file<\/li>\n<li>&#8211; this will create a &#8220;job&#8221; to create the users<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h2>Understanding Groups in Azure AD<\/h2>\n<h3><b>Types of groups<\/b><\/h3>\n<ul>\n<li>Office 365 (Creates Team collaboration including email group)<\/li>\n<li>Distribution Groups (Email only group)<\/li>\n<li>Mail-enabled Security group (Security group with email)<\/li>\n<li>Security (access to resources only)<\/li>\n<\/ul>\n<h3><b>Assigned Vs Dynamic Groups<\/b><\/h3>\n<ul>\n<li>Assigned groups are static. You manually assign objects<\/li>\n<li>Dynamic groups allows Azure to be queried based upon an attribute tied to an identity. Membership is based on the attributes. EG: if in the marketing dept add them to the Marketing group<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2>Group Management using M365 Admin Centre<\/h2>\n<h3>Creating Groups<\/h3>\n<ul>\n<li>Go to M365 Admin portal<\/li>\n<li>Click on &#8216;Groups -&gt; Active Groups -&gt; New Group&#8217;<\/li>\n<li>Select the Group Type<\/li>\n<li>Give it a name<\/li>\n<li>Set the group owners<\/li>\n<li>Set the Group email address<\/li>\n<li>Choose the privacy settings (Private, public etc\u2026)<\/li>\n<li>Click Create<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2>Creating and Managing Groups in Azure AD<\/h2>\n<h3>Creating a group<\/h3>\n<ul>\n<li>Go Azure Portal -&gt;Azure AD -&gt;Groups -&gt;New Group<\/li>\n<li>Select the Group Type<\/li>\n<li>Give it a name and description<\/li>\n<li>Select whether you can assign Azure AD roles to this group<\/li>\n<li>Select the membership type:\n<ul>\n<li>Assigned: static group where you assign people<\/li>\n<li>Dynamic: this allows you to add a query to associate members to groups based on attributes. Eg: if they are in Sales dept add them to this group<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h2>Managing Licences for User Identities in Azure AD<\/h2>\n<ul>\n<li>Go to Azure AD -&gt; Users -&gt; pick a user<\/li>\n<li>Click on Licences<\/li>\n<li>From here you can manage the licences for that user<\/li>\n<\/ul>\n<p><b>NOTE: for users to get a licence they must have a usage location selected<\/b><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Understanding the concepts of user identities The term identity is used for using 1 identity to sign in to multiple accounts (SSO) Azure AD is the central directory services store Identities can be sync&#8217;d from on premise AD Some people say this is less secure because if a hacker gets your account details they have [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[13,12,3],"tags":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/posts\/784"}],"collection":[{"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=784"}],"version-history":[{"count":1,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/posts\/784\/revisions"}],"predecessor-version":[{"id":785,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/posts\/784\/revisions\/785"}],"wp:attachment":[{"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=784"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=784"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=784"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}