Time
6 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
7

Video Transcription

00:00
Welcome back, sir. Agrarians, welcome back to the M s 3. 65 Security Administration. Of course I'm your instructor, Jim Daniels.
00:08
This video we're still a module to identity and access. Lesson one user and group security, part three,
00:17
administrator roles and security groups.
00:21
In this lesson, we will go over
00:23
in mystery 65 ad minerals invest 3 65 group types and their scenarios for each group
00:30
and how to create groups in a sign and men Rolls
00:35
Administrator Roles and M s 3 65
00:38
Administrator Roles are used to assign specific administrative functions to users and groups.
00:45
Each roll mats to a common business function gives permission to do specific tasks in the admin center
00:52
as well as within power show.
00:54
You can manage roles in the M s 3 65 using the admin center or within power show
01:00
global admin is can assign admin roles
01:04
to assign admin roles in the industry. 65 Admin center. You need to log in using a global admin account.
01:12
So in the admin center you're already logged in. You click from users and then active users
01:18
on the active users page.
01:19
Choose the user who's who's an enroll. You want to assign a change.
01:26
Properties page for the user opens up
01:29
next. The roles. Quick edits
01:32
on the Edit User Roles page. You can choose the following options user, which is no admin center access.
01:38
Or you can go in and click on admin center access,
01:42
and you can choose from the pre defying add minerals.
01:48
We have core I minerals, which have beard the very beginning. We also have grain your ad minerals group category,
01:53
such as identity
01:56
billing and other.
01:59
We've all heard two is better than one. What's married into three. What's buried in three.
02:04
Anything more than three right groups are awesome.
02:07
Some of my favorite groups in the history of group Manship
02:13
Robin Hood and his band of Merry Men,
02:15
the adorable seven doors from the snow, I tell,
02:22
and then the news exiting from Anchorman
02:24
again these groups
02:27
or move powerful together
02:30
and bring more to the table as a group than they do in the visuals.
02:35
With that being said,
02:36
there are different types of groups within M s 3 65.
02:39
This table shows there's groups
02:43
a description,
02:45
and when it's recommended to use
02:46
that group and where you created from
02:50
one of the news groups within a mystery. 65 is a office 3 65 Unified Group.
02:55
It's a shared workspace for email, conversation, fouls and calendar events.
03:00
You create this in the Eman Center exchange and in Center Outlook or Web bells.
03:07
You can also horse dude in power. Shell
03:08
is the best group for teamwork across all. Invest racist e file products.
03:15
With a unified group,
03:17
you can associate a team with it.
03:20
You can't have a Group
03:23
One draws
03:23
group SharePoint site. You have all of these capabilities
03:27
that come pre built with it.
03:30
We have a destroyer wist, a district for
03:31
email sent to its end, all members of the group.
03:35
It's not retroactive. So if that means if you ask my today, they only receive
03:40
e mail center that grew from that moment forth
03:44
that's created an exchange that man
03:46
in mystery 65 admin course Power show
03:50
Mellon Able Security Girl.
03:52
This is a distribution group
03:53
also could be used for signing permissions.
03:57
So this is a hybrid between a district heard and a security, or when you need to assign permissions to an object
04:02
but also have the need to have a distribution list. That's when you use this
04:08
security group.
04:10
That one able security group without being mellow enabled is only used. Scram permissions to resource is
04:16
dynamic district
04:18
they use is defined recipient filters to dynamically determined membership. There is no pre defined membership list. When something is sent to it,
04:28
it performs a query, and it populates it
04:30
right in and there.
04:32
We need a flexible distribution changes automatically based on predictive and define conditions.
04:40
A lot of times within my organization, we use dynamic destro for staff emails
04:46
for all users.
04:47
Let's say you have a Department of Human Resources. You can save a dynamic destro query toe where any user object with an active mailbox that has human resource is as a department variable.
05:00
It's part of every
05:02
so in the matter who's added or removed. It goes based on those conditions. That's where dynamic destroy really comes in handy.
05:12
To create a group in the M s for 65 admin center
05:16
scared of the group tab
05:17
and then choose new group
05:19
and then choose your group type
05:23
to delete a girl
05:24
again in the admin center or exchange admin center. You pour the group up
05:28
and you just gotta do it.
05:30
Body Bouches Mother says Individual user Osama is the devil.
05:35
If you've missed that part of water boy, I advise you go back and we watch it.
05:41
It's in the movie. I guarantee you don't
05:44
make monitors say angry.
05:46
Keep naming conventions intuitive and simple.
05:50
Add users and groups to those groups for permission ing
05:55
instead of assigning direct permissions.
05:59
Let's keep your job and your management of all of this easier.
06:02
Long term
06:04
groups
06:06
and assigned those groups permissions
06:10
maintain a well defined account in group revision. Process
06:14
those the best prices
06:15
as your 80 him. Proposal Day management enables you to manage control of monitor access within your organization.
06:24
It includes Resource is across the entire emissary. C C five Environment
06:29
as a 80 10 allows you to
06:31
see which users are assigned Privilege roles
06:35
Enable one demand just in time. Administrative access to these online services.
06:41
See a history
06:43
auto twist of administrator activation, including changes made.
06:46
You guys will get alerts about changes and the assignment of administrative roles.
06:53
You can also require approval to activate as your A D privilege. I'm enrolls,
06:57
and you can do
06:59
membership
07:00
review all
07:02
Cruz Obtaining Management Service introduced the concept of eligible administration instead of traditional permanent administration
07:10
eligible admissions or users that need at administrative access periodically but not 24 7.
07:16
Their role is inactive until they need the accidents.
07:20
Then they complete the innovation process, and they're elevated to be an active admin for a predetermined amount of time.
07:29
You have
07:30
More. Organizations are choosing to use this approach,
07:33
so they eliminate permanent admin access to privileged roles.
07:39
Quiz.
07:40
An office 3 65 group
07:43
is a type of group breaking men for teamwork.
07:46
We had about four different groups. Five different groups. Office 3 65 Unified Group Have one specific recommendation. Do you remember? What of this?
07:56
Yes, it's for teamwork.
07:58
It's the best group you create to have teamwork that is integrated across the entire demonstrate 65 service platform.
08:05
Out of the in privileged identity management.
08:07
You can use the pin audio history to see all users honest and activation within a given period of time.
08:16
Well, look here. We're looking at the
08:18
Pantanal.
08:20
That's kind of the tongues. What's looking had a pen panel
08:24
and we can see here. Under activity was looking out of history.
08:28
Its approval is access management
08:30
different from privilege. A Danny management.
08:33
So approvals. Identity management primarily allows managing access for 80 roles in role groups
08:39
offered was access management supplied only at that specific task.
08:43
To recap this lesson
08:46
multiple. M s 3 65 group times exists in each one serves. It's a niche
08:52
travelers. A Danny management allows you to manage, monitor and control user access within your organization.
08:58
Thank you for joining me. I hope to see one the next video. Thank you.

Up Next

MS-500: Microsoft 365 Security Administration

The Microsoft 365 Security Administration course is designed to prepare students to take and pass the MS-500 certification exam. The course covers the four domains of the exam, providing students with the knowledge and skills they need to earn their credential.

Instructed By

Instructor Profile Image
Jim Daniels
IT Architect
Instructor