Welcome back to the M s 3 65 Security Administration course
I'm your instructor, Jim dangles.
And today we're going to be a model to identity and access
Lesson one user and group security, part two in. That's 3 65 user accounts.
Our objectives in this video is we're gonna learn all about unnecessary 65 user identities.
We're going to go over the user account lifecycle,
and we're gonna go over a day to day management over these users and the role licensing
at a high level. There are three office 3 65 identity models
cloud identity zero on premises, servers zero on premises, directory services. This is the easiest to get identity identities, riot. A source. It's only in the cloud
That's where you have as your a d connect on prim,
and it synchronizes your identity with as a right of directory
Federated identity. This could be where you use
or you utilize the new federation capabilities within Azure
where in the world to user accounts come from. I have a couple of theories.
to user objects love each other very much.
They materializes relationship.
And then, according to your S, L. A, it could be eight months, nine months, sometimes 10 months later, you have a brand new user can object.
Theory number two is a user account stork.
You put in a request every day at midnight.
This mystical, magical creature comes by a seizure request and it drops off the associative amount of user objects.
Was one of those do you think is correct?
Of course, you're not certifiably insane. So you know both of these scenarios are unlikely and impossible.
But there are a few ways you can create user account
the industry 65 Admin center.
It's a simple Web interface and also has a mobile app.
You created Robin your mobile device.
You can import multiple users. Screenshot on there is from the admin center.
But it is the C S V import, so you can create multiple users at once from pretty determined. See, SV foul
You can do command line creation of single or bulk users
as a radi connect. This is the synchronization of on premises users to azure a D, which is a M s very 65 account
to use as Radi connect
and lastly, provisioned
those users they get sink into
If look at how to create user accounts and power sue,
that's invisible user command with
and some of the attributes and information that we need. We need to use a principal name.
first name, last name. There's are optional
if we want to create it. But also license the user
first thing is, with the figure out what kind of licensing we have available.
What is the text by you of the skew that we want to sign them. So for this will do to get that in miso accounts key
That brings back the available excuse that you can assign as a licensing in your tenant.
We're gonna put those two commands on the one
No. M s a little user.
He's a principal name. Mike dot Taison
display name Mike Tyson. Notice here how we have quotes in power show. Whenever you have a value that has a space, they must be containing quotes.
First name Mike. Last name Taison uses location US
This is where we got from. Get MSF. L can't ask you
do 10 a name and then the
So in this command, we will create the user might not Taison.
And we would assign Hindi developer Paki finds
When you create a user account, the only required attributes
user principal name,
display name and uses application.
This three are required
managing user accounts. The industry 65 admin center is used in at a single or multiple users. You can edit them both. Now,
A couple of years ago,
it wasn't that easy. You kids have a good today.
You're gonna sign different administrative roles within in s 3 65
you're gonna sign user license and change location, settings and user signing status. So if you want to allow them to sign and if you want to block him for signing, then there's there's just some things that you can do
within the user level.
At the core of access to what a user has availability to in invest 3 65 is the license era sign.
They need licensing to access and different services.
Outwork. There's a different licenses for different levels with that, I work SharePoint sky teams
wherever the access and the service is that require all associated licence.
When you sign a license that a user that service is automatically set up for that user
to assign a license, you confuse the M S 3 65 Admin Center or Windows Power show.
In fact, in the previous spring, we looked at a example from our show.
Delete the user account. When users Leader organization they typically no woman to require that account m. S 3 65.
We delayed the user's account.
The assigned 3 65 license for that user becomes available.
It releases to your pool, and then you can assign into another user.
When you delete user account,
the account becomes inactive
and the user cannot sign in to access any unnecessary 65 services.
In this race, 65 retains the account and a soft deleted inactive account state for 30 days
and stays for 30 days. After dilation
up to 30 days, you can restore the account in the associated information with it at any time.
After 30 days, it goes into a hard billy state.
as your 80 connect for your synchronization
when an account is removed on premise
you can also be removed because within directory, synchronisation your on premises and a directory is your authority.
So when something's removed or changed on Prem,
as are 80 connect synchronizes at in the cloud
Deleting Restore power shell.
Remove in this of l user user Principal Name that listen in the soft early state,
remove in The soil User is a principal name
removed from recycle bin
That actually gives him the hard delete.
So after their in the softly state run, run the same command with it removed from her cycle being switch
and there will be first
to restore some my from the soft deleted state
restore in SL User user principal name, Another E V en
when account is deleted. It goes into a soft delish in state and can be recovered for
30 60 45 or 14 days.
We just went over, this
objects say for 30 days by default.
user management is a core function
of your daily operation in M s 3. 65 clouds synchronize and Federated or the three basic identity models
in M s very 65. Both the M s 3. 65 admin center and power shell can be used to manage the user account lifecycle from start to finish, as well as a sign licensing to those users.
Thank you for joining me. I hope to see you next time.