User and Group Security Part 3: Administrator Roles and Security Groups

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
6 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:00
Welcome back, sir. Agrarians, welcome back to the M s 3. 65 Security Administration. Of course I'm your instructor, Jim Daniels.
00:08
This video we're still a module to identity and access. Lesson one user and group security, part three,
00:17
administrator roles and security groups.
00:21
In this lesson, we will go over
00:23
in mystery 65 ad minerals invest 3 65 group types and their scenarios for each group
00:30
and how to create groups in a sign and men Rolls
00:35
Administrator Roles and M s 3 65
00:38
Administrator Roles are used to assign specific administrative functions to users and groups.
00:45
Each roll mats to a common business function gives permission to do specific tasks in the admin center
00:52
as well as within power show.
00:54
You can manage roles in the M s 3 65 using the admin center or within power show
01:00
global admin is can assign admin roles
01:04
to assign admin roles in the industry. 65 Admin center. You need to log in using a global admin account.
01:12
So in the admin center you're already logged in. You click from users and then active users
01:18
on the active users page.
01:19
Choose the user who's who's an enroll. You want to assign a change.
01:26
Properties page for the user opens up
01:29
next. The roles. Quick edits
01:32
on the Edit User Roles page. You can choose the following options user, which is no admin center access.
01:38
Or you can go in and click on admin center access,
01:42
and you can choose from the pre defying add minerals.
01:48
We have core I minerals, which have beard the very beginning. We also have grain your ad minerals group category,
01:53
such as identity
01:56
billing and other.
01:59
We've all heard two is better than one. What's married into three. What's buried in three.
02:04
Anything more than three right groups are awesome.
02:07
Some of my favorite groups in the history of group Manship
02:13
Robin Hood and his band of Merry Men,
02:15
the adorable seven doors from the snow, I tell,
02:22
and then the news exiting from Anchorman
02:24
again these groups
02:27
or move powerful together
02:30
and bring more to the table as a group than they do in the visuals.
02:35
With that being said,
02:36
there are different types of groups within M s 3 65.
02:39
This table shows there's groups
02:43
a description,
02:45
and when it's recommended to use
02:46
that group and where you created from
02:50
one of the news groups within a mystery. 65 is a office 3 65 Unified Group.
02:55
It's a shared workspace for email, conversation, fouls and calendar events.
03:00
You create this in the Eman Center exchange and in Center Outlook or Web bells.
03:07
You can also horse dude in power. Shell
03:08
is the best group for teamwork across all. Invest racist e file products.
03:15
With a unified group,
03:17
you can associate a team with it.
03:20
You can't have a Group
03:23
One draws
03:23
group SharePoint site. You have all of these capabilities
03:27
that come pre built with it.
03:30
We have a destroyer wist, a district for
03:31
email sent to its end, all members of the group.
03:35
It's not retroactive. So if that means if you ask my today, they only receive
03:40
e mail center that grew from that moment forth
03:44
that's created an exchange that man
03:46
in mystery 65 admin course Power show
03:50
Mellon Able Security Girl.
03:52
This is a distribution group
03:53
also could be used for signing permissions.
03:57
So this is a hybrid between a district heard and a security, or when you need to assign permissions to an object
04:02
but also have the need to have a distribution list. That's when you use this
04:08
security group.
04:10
That one able security group without being mellow enabled is only used. Scram permissions to resource is
04:16
dynamic district
04:18
they use is defined recipient filters to dynamically determined membership. There is no pre defined membership list. When something is sent to it,
04:28
it performs a query, and it populates it
04:30
right in and there.
04:32
We need a flexible distribution changes automatically based on predictive and define conditions.
04:40
A lot of times within my organization, we use dynamic destro for staff emails
04:46
for all users.
04:47
Let's say you have a Department of Human Resources. You can save a dynamic destro query toe where any user object with an active mailbox that has human resource is as a department variable.
05:00
It's part of every
05:02
so in the matter who's added or removed. It goes based on those conditions. That's where dynamic destroy really comes in handy.
05:12
To create a group in the M s for 65 admin center
05:16
scared of the group tab
05:17
and then choose new group
05:19
and then choose your group type
05:23
to delete a girl
05:24
again in the admin center or exchange admin center. You pour the group up
05:28
and you just gotta do it.
05:30
Body Bouches Mother says Individual user Osama is the devil.
05:35
If you've missed that part of water boy, I advise you go back and we watch it.
05:41
It's in the movie. I guarantee you don't
05:44
make monitors say angry.
05:46
Keep naming conventions intuitive and simple.
05:50
Add users and groups to those groups for permission ing
05:55
instead of assigning direct permissions.
05:59
Let's keep your job and your management of all of this easier.
06:02
Long term
06:04
groups
06:06
and assigned those groups permissions
06:10
maintain a well defined account in group revision. Process
06:14
those the best prices
06:15
as your 80 him. Proposal Day management enables you to manage control of monitor access within your organization.
06:24
It includes Resource is across the entire emissary. C C five Environment
06:29
as a 80 10 allows you to
06:31
see which users are assigned Privilege roles
06:35
Enable one demand just in time. Administrative access to these online services.
06:41
See a history
06:43
auto twist of administrator activation, including changes made.
06:46
You guys will get alerts about changes and the assignment of administrative roles.
06:53
You can also require approval to activate as your A D privilege. I'm enrolls,
06:57
and you can do
06:59
membership
07:00
review all
07:02
Cruz Obtaining Management Service introduced the concept of eligible administration instead of traditional permanent administration
07:10
eligible admissions or users that need at administrative access periodically but not 24 7.
07:16
Their role is inactive until they need the accidents.
07:20
Then they complete the innovation process, and they're elevated to be an active admin for a predetermined amount of time.
07:29
You have
07:30
More. Organizations are choosing to use this approach,
07:33
so they eliminate permanent admin access to privileged roles.
07:39
Quiz.
07:40
An office 3 65 group
07:43
is a type of group breaking men for teamwork.
07:46
We had about four different groups. Five different groups. Office 3 65 Unified Group Have one specific recommendation. Do you remember? What of this?
07:56
Yes, it's for teamwork.
07:58
It's the best group you create to have teamwork that is integrated across the entire demonstrate 65 service platform.
08:05
Out of the in privileged identity management.
08:07
You can use the pin audio history to see all users honest and activation within a given period of time.
08:16
Well, look here. We're looking at the
08:18
Pantanal.
08:20
That's kind of the tongues. What's looking had a pen panel
08:24
and we can see here. Under activity was looking out of history.
08:28
Its approval is access management
08:30
different from privilege. A Danny management.
08:33
So approvals. Identity management primarily allows managing access for 80 roles in role groups
08:39
offered was access management supplied only at that specific task.
08:43
To recap this lesson
08:46
multiple. M s 3 65 group times exists in each one serves. It's a niche
08:52
travelers. A Danny management allows you to manage, monitor and control user access within your organization.
08:58
Thank you for joining me. I hope to see one the next video. Thank you.
Up Next