2 hours 42 minutes
Welcome back to the office. 3 65 Migration primer Course
I'm your starter, Jim Daniels. And today we're gonna go over Model three Identity Lesson six, which is the last lesson of this module. Deadly management.
In this lesson, we're gonna go over daily management distinctions between your different identities, setups and officer existed. Five
multiple ways to manage objects and Officer 65. And what happens in the event
they won't promise connection issue or disaster? What does that mean for your office? Online users.
If you are in a cloud only user environment,
everything is managed with the 3 65 Admin Center or the azure ADM and center quote only a Can't you do not manage one promise
hybrid user environment.
The guests and cloud created accounts you manage those in Azure A. D or the office. 3 65 Admin Center
for on premise accounts exists in your on premise, out of directory about our seat
and authenticated either through as Radi Canete or a DFS
those air still managed on prime.
Remember, we talked about where you use your one premise at the right re tools, such as a duck to manage those users
certain cloud only attributes of those users, such as licensing information for office 3 65 Those are still managed in office. 3 65 admits in a or in the azure a D admin center.
cloud Users can update their password when they know the prior one. Within any as Radi Town.
You know your password. You can always reset it.
Certain. 3 65 ad men's we talked about roles earlier can reset all cloud user passwords and 3 65 Admin Center or in the Azure, A D admin center
on premise. Users can reset and manage your password through on premise, tools and services, whether it's through the Windows Client interface or you have some tool already deployed
on premise. Adminis can also reset in Man's on Premises created user passwords through those on premise directory tools.
Another method for users to manage passwords is by the point self service Password reset. This is a feature that requires either as your a D premium one or premium to license or the pretend it is under the end for 65 business.
The Azure 80 premium wanted to. Those are also included as part of the Enterprise Mobility and Security suites.
Password right back has to be enabled in as radi Connect
Ford function for the ST Users,
Adminis can combine self service password reset in multi factor authentication registration at the same time.
In this scenario, a user doesn't matter if they or a quality only user where it won't premise user that a sink through 80 connect they can actually go on when they have all been the 3 65
and set their passports taken. Reset the password based on the second factor, they can unlock their account,
and it's a really nice way
for users to be able to manage those themselves. Because think about it. What's always your number one call when you don't have self managed these passports to your several steps has always Hey, I'm locked out. Can you help me reset my password? This helps alleviate those calls.
There are some nuances within Azure 80 connect. One of them is once a U. P. N is sink initially for a new user,
it's not automatically updated,
so if you have a user, their name changes. You misspelled their name. Maybe if they get married or get divorced
and you change it in on premise Active directory. It will not automatically update
Display name Will Mel Proxy. All that stuff does, but the U. P. And they used for an account log in will not
you have to use power show for that?
Speaking of power shell, there are a few things that you can manage within your as your 80 connect.
By importing the module a D sink
with important *** model a D sink,
you can actually load up and look at some configuration and stink options. Using the command set Dash 80 ST Sync schedule,
you can also manually kick off a sink for a full seek. A start dash 80 sink sink cycle space dash policy type space initial.
If you want to do a Delta ST considered a full sink, replace that word initial with Delta and performing Delta Sink
Power Shelling Officer 65
Power Show is a fantastic management tool with office 3 65
If you want to fully manage your officer 65 azure A D environment, you have to use the power show
some of you. It kind of freaks you out, but you will have to get used to it
because there are certain things in power shell that you can do that you cannot do. In the admin centers,
there are two power shell versions that you need. The first is one of the original
my herself, as her at a directory model for power Show
those commands the prefixes mso Well,
the more recent one is the azure active directory power shell for graft
Perfect for those commands
as our a d.
All right, so we have mso Well, we have as your a d as your two versions of power cell that you're gonna need to be comfortable with.
For MSO willpower. Sue,
you need to install a 64 bit Microsoft Online Services signing assistant to the machine that will be using power. So
you need to install the module in power show as an admin installed dash module messa AMs on
to connect connect dash in my civil service, it'll prompt you for your user name and password.
Things are license assignments and user account management
such as reset in the UPM.
Those are things that currently you do in MSL you do not do those in azure a. D as of yet
for as your 80 power show, where your eye assessment needs to be a Windows Seven plus or Windows Server 2008 or two. Plus
you just all the module in power show as an and then just like within this. Although
installed as model as radi
to connect Canete, that's as or a D.
So think of as Radi as Version two
to manage office 3 65 and Azure, A. D and power show. Newer features of office 3 65 such as unified groups.
You could manage those within Azure 80 Power shell, but you cannot through msrb l Power Show
when using as Radi connect, the U P and Attribute doesn't update after the initial sink of the account. Is that true of faults? We talked about it briefly.
The answer to that is true. Remember, it doesn't update the UPM
after it's created the object in Azure 80
you have to use power shell for that. Let's talk about Dior or emergency.
What happens for your users? They're authentication. They're signing Inability for the Officer C C five services. If you have a major disaster or some of your one premise network or infrastructure goes down.
Quote only accounts they operate is know All they need is Internet.
If they're connected, they can reset, log in access everything a D connects. Users can still again passed, Review said, are updated via on premise with the on premises of the rectory. They won't update if the azure 80 connection was broke.
But users in the cloud still function as as normal, and your saint users can still again a DFS. Remember a single point of failure. If you're a DFS environment goes down, you have to switch up. Indication to Azure 80. Connect as a backup, where users cannot access the services at all.
So as a Radi Canete,
users can still access services in law again. There's some limited synchronization and update abilities at that connections. Berg, a. DFS. If that goes down, you have to switch it in order for users to be able to authenticate
a lot of companies or doing back up infrastructure in the cloud as Dior option. Sometimes that includes shut down version of a DFS that they spend up after one prim
this compromise or has issues. Sometimes it's a as your 80 connect server
toe where they replicate on premise there as Radi connects over to the cloud.
And if there is a issue with the premise, they roll it over to the clouds, where users can still get in and they can do some basic management. To recap. Dante, Mass. Murder
Power Shell is a valuable and needed tool for completely daily management of Officer 65. Currently, you need both in Esso and as your A D Power Shell models for full management of the Features
Self Service Password for recent is a feature that requires a premium azure 80 license. Thank you so much for taking time out of your schedule to join me in this, and I hope to see you for the next model. Thank you.