User and Group Security Part 3: Administrator Roles and Security Groups

00:00

Welcome back, sir. Agrarians, welcome back to the M s 3. 65 Security Administration. Of course I'm your instructor, Jim Daniels.

00:08

This video we're still a module to identity and access. Lesson one user and group security, part three,

00:17

administrator roles and security groups.

00:21

In this lesson, we will go over

00:23

in mystery 65 ad minerals invest 3 65 group types and their scenarios for each group

00:30

and how to create groups in a sign and men Rolls

00:35

Administrator Roles and M s 3 65

00:38

Administrator Roles are used to assign specific administrative functions to users and groups.

00:45

Each roll mats to a common business function gives permission to do specific tasks in the admin center

00:52

as well as within power show.

00:54

You can manage roles in the M s 3 65 using the admin center or within power show

01:00

global admin is can assign admin roles

01:04

to assign admin roles in the industry. 65 Admin center. You need to log in using a global admin account.

01:12

So in the admin center you're already logged in. You click from users and then active users

01:18

on the active users page.

01:19

Choose the user who's who's an enroll. You want to assign a change.

01:26

Properties page for the user opens up

01:29

next. The roles. Quick edits

01:32

on the Edit User Roles page. You can choose the following options user, which is no admin center access.

01:38

Or you can go in and click on admin center access,

01:42

and you can choose from the pre defying add minerals.

01:48

We have core I minerals, which have beard the very beginning. We also have grain your ad minerals group category,

01:53

such as identity

01:56

billing and other.

01:59

We've all heard two is better than one. What's married into three. What's buried in three.

02:04

Anything more than three right groups are awesome.

02:07

Some of my favorite groups in the history of group Manship

02:13

Robin Hood and his band of Merry Men,

02:15

the adorable seven doors from the snow, I tell,

02:22

and then the news exiting from Anchorman

02:24

again these groups

02:27

or move powerful together

02:30

and bring more to the table as a group than they do in the visuals.

02:35

With that being said,

02:36

there are different types of groups within M s 3 65.

02:39

This table shows there's groups

02:43

a description,

02:45

and when it's recommended to use

02:46

that group and where you created from

02:50

one of the news groups within a mystery. 65 is a office 3 65 Unified Group.

02:55

It's a shared workspace for email, conversation, fouls and calendar events.

03:00

You create this in the Eman Center exchange and in Center Outlook or Web bells.

03:07

You can also horse dude in power. Shell

03:08

is the best group for teamwork across all. Invest racist e file products.

03:15

With a unified group,

03:17

you can associate a team with it.

03:20

You can't have a Group

03:23

One draws

03:23

group SharePoint site. You have all of these capabilities

03:27

that come pre built with it.

03:30

We have a destroyer wist, a district for

03:31

email sent to its end, all members of the group.

03:35

It's not retroactive. So if that means if you ask my today, they only receive

03:40

e mail center that grew from that moment forth

03:44

that's created an exchange that man

03:46

in mystery 65 admin course Power show

03:50

Mellon Able Security Girl.

03:52

This is a distribution group

03:53

also could be used for signing permissions.

03:57

So this is a hybrid between a district heard and a security, or when you need to assign permissions to an object

04:02

but also have the need to have a distribution list. That's when you use this

04:08

security group.

04:10

That one able security group without being mellow enabled is only used. Scram permissions to resource is

04:16

dynamic district

04:18

they use is defined recipient filters to dynamically determined membership. There is no pre defined membership list. When something is sent to it,

04:28

it performs a query, and it populates it

04:30

right in and there.

04:32

We need a flexible distribution changes automatically based on predictive and define conditions.

04:40

A lot of times within my organization, we use dynamic destro for staff emails

04:46

for all users.

04:47

Let's say you have a Department of Human Resources. You can save a dynamic destro query toe where any user object with an active mailbox that has human resource is as a department variable.

05:00

It's part of every

05:02

so in the matter who's added or removed. It goes based on those conditions. That's where dynamic destroy really comes in handy.

05:12

To create a group in the M s for 65 admin center

05:16

scared of the group tab

05:17

and then choose new group

05:19

and then choose your group type

05:23

to delete a girl

05:24

again in the admin center or exchange admin center. You pour the group up

05:28

and you just gotta do it.

05:30

Body Bouches Mother says Individual user Osama is the devil.

05:35

If you've missed that part of water boy, I advise you go back and we watch it.

05:41

It's in the movie. I guarantee you don't

05:44

make monitors say angry.

05:46

Keep naming conventions intuitive and simple.

05:50

Add users and groups to those groups for permission ing

05:55

instead of assigning direct permissions.

05:59

Let's keep your job and your management of all of this easier.

06:02

Long term

06:04

groups

06:06

and assigned those groups permissions

06:10

maintain a well defined account in group revision. Process

06:14

those the best prices

06:15

as your 80 him. Proposal Day management enables you to manage control of monitor access within your organization.

06:24

It includes Resource is across the entire emissary. C C five Environment

06:29

as a 80 10 allows you to

06:31

see which users are assigned Privilege roles

06:35

Enable one demand just in time. Administrative access to these online services.

06:41

See a history

06:43

auto twist of administrator activation, including changes made.

06:46

You guys will get alerts about changes and the assignment of administrative roles.

06:53

You can also require approval to activate as your A D privilege. I'm enrolls,

06:57

and you can do

06:59

membership

07:00

review all

07:02

Cruz Obtaining Management Service introduced the concept of eligible administration instead of traditional permanent administration

07:10

eligible admissions or users that need at administrative access periodically but not 24 7.

07:16

Their role is inactive until they need the accidents.

07:20

Then they complete the innovation process, and they're elevated to be an active admin for a predetermined amount of time.

07:29

You have

07:30

More. Organizations are choosing to use this approach,

07:33

so they eliminate permanent admin access to privileged roles.

07:39

Quiz.

07:40

An office 3 65 group

07:43

is a type of group breaking men for teamwork.

07:46

We had about four different groups. Five different groups. Office 3 65 Unified Group Have one specific recommendation. Do you remember? What of this?

07:56

Yes, it's for teamwork.

07:58

It's the best group you create to have teamwork that is integrated across the entire demonstrate 65 service platform.

08:05

Out of the in privileged identity management.

08:07

You can use the pin audio history to see all users honest and activation within a given period of time.

08:16

Well, look here. We're looking at the

08:18

Pantanal.

08:20

That's kind of the tongues. What's looking had a pen panel

08:24

and we can see here. Under activity was looking out of history.

08:28

Its approval is access management

08:30

different from privilege. A Danny management.

08:33

So approvals. Identity management primarily allows managing access for 80 roles in role groups

08:39

offered was access management supplied only at that specific task.

08:43

To recap this lesson

08:46

multiple. M s 3 65 group times exists in each one serves. It's a niche

08:52

travelers. A Danny management allows you to manage, monitor and control user access within your organization.