Time
6 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
7

Video Transcription

00:00
Welcome back to the M s 3 65 Security Administration course
00:05
I'm your instructor, Jim dangles.
00:07
And today we're going to be a model to identity and access
00:12
Lesson one user and group security, part two in. That's 3 65 user accounts.
00:18
Our objectives in this video is we're gonna learn all about unnecessary 65 user identities.
00:25
We're going to go over the user account lifecycle,
00:28
and we're gonna go over a day to day management over these users and the role licensing
00:33
at a high level. There are three office 3 65 identity models
00:38
cloud identity zero on premises, servers zero on premises, directory services. This is the easiest to get identity identities, riot. A source. It's only in the cloud
00:50
synchronize identity.
00:52
That's where you have as your a d connect on prim,
00:55
and it synchronizes your identity with as a right of directory
01:00
Federated identity. This could be where you use
01:04
a DFS
01:06
or you utilize the new federation capabilities within Azure
01:11
80 connect
01:11
where in the world to user accounts come from. I have a couple of theories.
01:18
Very one
01:19
is when
01:21
to user objects love each other very much.
01:25
They materializes relationship.
01:27
And then, according to your S, L. A, it could be eight months, nine months, sometimes 10 months later, you have a brand new user can object.
01:36
Theory number two is a user account stork.
01:40
You put in a request every day at midnight.
01:42
This mystical, magical creature comes by a seizure request and it drops off the associative amount of user objects.
01:51
Was one of those do you think is correct?
01:53
Of course, you're not certifiably insane. So you know both of these scenarios are unlikely and impossible.
02:00
But there are a few ways you can create user account
02:05
in S 3 65
02:07
the industry 65 Admin center.
02:10
It's a simple Web interface and also has a mobile app.
02:14
You created Robin your mobile device.
02:15
You can import multiple users. Screenshot on there is from the admin center.
02:22
But it is the C S V import, so you can create multiple users at once from pretty determined. See, SV foul
02:29
power shell.
02:30
You can do command line creation of single or bulk users
02:35
as a radi connect. This is the synchronization of on premises users to azure a D, which is a M s very 65 account
02:45
to use as Radi connect
02:47
on your first run
02:50
and lastly, provisioned
02:51
those users they get sink into
02:53
as Ryan a Dr Ary.
02:58
If look at how to create user accounts and power sue,
03:00
we have the new
03:02
that's invisible user command with
03:06
and some of the attributes and information that we need. We need to use a principal name.
03:09
This boy name
03:12
first name, last name. There's are optional
03:15
if we want to create it. But also license the user
03:20
first thing is, with the figure out what kind of licensing we have available.
03:23
What is the text by you of the skew that we want to sign them. So for this will do to get that in miso accounts key
03:31
That brings back the available excuse that you can assign as a licensing in your tenant.
03:38
We're gonna put those two commands on the one
03:40
No. M s a little user.
03:43
He's a principal name. Mike dot Taison
03:46
at my domain
03:47
display name Mike Tyson. Notice here how we have quotes in power show. Whenever you have a value that has a space, they must be containing quotes.
03:57
First name Mike. Last name Taison uses location US
04:01
license agreement.
04:02
This is where we got from. Get MSF. L can't ask you
04:06
do 10 a name and then the
04:11
skew description.
04:14
So in this command, we will create the user might not Taison.
04:16
And we would assign Hindi developer Paki finds
04:20
When you create a user account, the only required attributes
04:25
user principal name,
04:27
display name and uses application.
04:30
This three are required
04:32
managing user accounts. The industry 65 admin center is used in at a single or multiple users. You can edit them both. Now,
04:41
A couple of years ago,
04:42
it wasn't that easy. You kids have a good today.
04:46
You're gonna sign different administrative roles within in s 3 65
04:49
you're gonna sign user license and change location, settings and user signing status. So if you want to allow them to sign and if you want to block him for signing, then there's there's just some things that you can do
05:01
within the user level.
05:04
At the core of access to what a user has availability to in invest 3 65 is the license era sign.
05:13
They need licensing to access and different services.
05:16
Outwork. There's a different licenses for different levels with that, I work SharePoint sky teams
05:24
wherever the access and the service is that require all associated licence.
05:29
When you sign a license that a user that service is automatically set up for that user
05:34
to assign a license, you confuse the M S 3 65 Admin Center or Windows Power show.
05:41
In fact, in the previous spring, we looked at a example from our show.
05:46
Delete the user account. When users Leader organization they typically no woman to require that account m. S 3 65.
05:54
We delayed the user's account.
05:56
The assigned 3 65 license for that user becomes available.
06:00
It releases to your pool, and then you can assign into another user.
06:04
When you delete user account,
06:06
the account becomes inactive
06:09
and the user cannot sign in to access any unnecessary 65 services.
06:14
In this race, 65 retains the account and a soft deleted inactive account state for 30 days
06:23
and stays for 30 days. After dilation
06:25
up to 30 days, you can restore the account in the associated information with it at any time.
06:30
After 30 days, it goes into a hard billy state.
06:35
If you use
06:36
as your 80 connect for your synchronization
06:40
when an account is removed on premise
06:43
the ST As Radi,
06:45
you can also be removed because within directory, synchronisation your on premises and a directory is your authority.
06:54
So when something's removed or changed on Prem,
06:57
as are 80 connect synchronizes at in the cloud
07:01
Deleting Restore power shell.
07:04
Very simple.
07:05
Remove in this of l user user Principal Name that listen in the soft early state,
07:12
remove in The soil User is a principal name
07:15
removed from recycle bin
07:17
That actually gives him the hard delete.
07:20
So after their in the softly state run, run the same command with it removed from her cycle being switch
07:29
and there will be first
07:30
to restore some my from the soft deleted state
07:33
restore in SL User user principal name, Another E V en
07:39
Quist are
07:41
when account is deleted. It goes into a soft delish in state and can be recovered for
07:46
30 60 45 or 14 days.
07:50
We just went over, this
07:55
survey says
07:57
30 days
07:58
softly. Did
08:00
objects say for 30 days by default.
08:03
So in recap,
08:05
user management is a core function
08:07
of your daily operation in M s 3. 65 clouds synchronize and Federated or the three basic identity models
08:16
in M s very 65. Both the M s 3. 65 admin center and power shell can be used to manage the user account lifecycle from start to finish, as well as a sign licensing to those users.
08:30
Thank you for joining me. I hope to see you next time.

Up Next

MS-500: Microsoft 365 Security Administration

The Microsoft 365 Security Administration course is designed to prepare students to take and pass the MS-500 certification exam. The course covers the four domains of the exam, providing students with the knowledge and skills they need to earn their credential.

Instructed By

Instructor Profile Image
Jim Daniels
IT Architect
Instructor