Cloud fundamentals/Administering Microsoft Office 365 and Intune
Creating users and groups, and assigning services and licences
editCreating users and groups
editThe creation and management of users and groups is normally done by an administrator. Good practice is to make user names and email addresses something similar such as johndoe and johndoe@contoso.com. This process will be similar to creating accounts in Active Directory or other products. They can be added individually or by bulk import of a CSV file, or if it is appropriate (e.g. very large organisations) your onsite Active Directory can be synchronised with Office 365. Check out the module 2 video (about 31 minutes in) of this MVA Getting the most out of your Office 365 trial course for further details. (You may need to sign up to Microsoft Virtual Academy to access this.)
The process of creating groups (and some other features) is covered in this video resource on Office 365 administration. Note the MTA does not explicitly cover some of the features mentioned (such as Delve) at the moment, but it does not mean they will not include it in the future.
Groups can be created by users or by an administrator, this allows an enormous amount of flexibility. The key place to create a group is in Outlook, where the create option asks you to specify a name for the group, an ID, plus an optional description. There is also a tick box to enable members to receive group conversations.
Once you have created a group you then add members to that group by searching for them in the directory. Note the directory is the full list of users of your Office 365 system, not just your contacts. When a person is added to the group they will receive a welcome email. What they see when they look at the group are icons linking them to 'Create conversations' (Lync), 'Visit document library' (SharePoint), and use calendar (Outlook/Exchange). This demonstrates the close integration that exists between Exchange, SharePoint and Lync within Office 365. When new members are added to an existing group they get access to all the previous conversations and other existing resources.
Assigning services and licences
editYou need to have administrative rights in order to assign services and licences to users.
The process for assigning licences is described in this support page, it can be summarised as follows:
Assigning permissions in Office 365 and Intune
editAdministrative roles
editThe principal administrative role is the 'Administrator', this is the only admin role available in the Small Business edition of Office 365. You can have as many administrators as you wish, but for security you should restrict the number to only those that require the role. An administrative role can be applied to an account from the Office 365 Admin Center, selecting Users then Active users. From this page you can select the user and change their settings to the required role. Note Administrators are expected to be able to provide both an alternative email address and a mobile phone number for password recovery purposes.
The administrative roles available are[1]:
- Billing Admin: They can manage subscriptions, support tickets and monitor the service health. Note that if you bought your subscription from a Microsoft reseller, they will have the billing admin role instead of someone in your organization.
- Global Admin: Can perform all the administrative functions and are the only admins who can create admins. The person who signed up for Office 365 originally is a Global Admin by default.
- Service Admins: Can manage service requests and monitor the service health.
- Password Admin: Can do the same as Service admins plus reset passwords for users and other password admins.
- User management admins: Can do the same as Password Admins plus manage users accounts and groups.
The roles you choose to have depends on what you organization needs, a small company may only have a global admin and a user management admin, for example. Some of these roles will also have corresponding roles in Exchange, SharePoint and/or Lync. See this Office 365 article for more information.
Password policies
editThe primary password policy for Office 365 relates to password age. The password options are accessed from the dashboard via Service Settings > Passwords. The password age/expiry policy enable you to set the password life to be between 14 and 730 days, in other words users can't be forced to change passwords more frequently that every two weeks or less frequently that every two years. One exception is often made to this for service accounts, i.e. accounts used by the Operating System rather than a user, where the PowerShell Online Services Module can be used to set passwords that never expire.
Users can change their password from Settings > Office 365 settings > Password. Some organisations may for operational reasons prevent users from changing passwords (it could be some form of shared account), in which case the option will not be available.
If a user forgets their password, they can either ask an administrator (with the appropriate rights) to reset it, or they can reset it themselves via the Microsoft Online Password Reset site[2].
It is implied (by the lack support information I can find to the contrary) that Office 365 does not enforce password length or complexity rules, this of course may change (or simply not be correct!). The advice give by Microsoft is that passwords should be between 8 and 18 characters long, and contain at least 3 character types from uppercase, lowercase, number, and symbol.
Subscriptions and licences
editEach account needs to have a subscription to the applications it is to be used for, these are assigned by the administrator when the account is first created. Only a Global or Billing Administrator can see/change what licences/subscriptions are available to the organisation. This information can be found from the Admin App. > Billing > licences.
See this Office 365 support page for the details of adding or removing subscriptions and licences. The support page goes in to the details of what products are covered by the different subscriptions, and how groups of users can have licences added or removed in bulk. Note if a licence is removed from a user, their data is deleted after 30 days except for data held in SharePoint online.
Monitoring service health in Office 365 and in Intune
editService health dashboard
editThe first step in examining the health of Office 365 is to login to the Office 365 Portal. The Admin Center will show the Service Health information, listing all the Office 365 components in turn. If there are issues with any of the components, information will be displayed here. There is also a link to more details which gives you a 30 day history view, showing if there were issues and indicating if further information is available. The additional information will show the messages that were presented at the time, indicating the nature of the problem and when it was fixed.
In the Support section of the health dashboard you can see the top issues that have been affecting Office 365, access further on line help and search for further information if required.
RSS feeds and alerts
editMaintenance schedule, message center and support
editThe Roadmap for Office 365gives users a guide as to where Microsoft intend to take Office 365 next, and may indicate when.
One form of support is the community portal, this is where users will endeavour to support other users. This is a free service and can often be a way to solve problems rapidly, as what may be a problem to you may well have been a problem to someone else previously.
Official support can be obtained by email and by phone if required, and there is a premier support offering at an additional cost. A recent feature of the administration center is the message center, that shows the current support requests and their status. Also in the message center is information regarding upcoming changes, that not only inform you of what is coming but also advises you on planning for these changes.