User and Group Security Part 3: Administrator Roles and Security Groups
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
Welcome back, sir. Agrarians, welcome back to the M s 3. 65 Security Administration. Of course I'm your instructor, Jim Daniels.
This video we're still a module to identity and access. Lesson one user and group security, part three,
administrator roles and security groups.
In this lesson, we will go over
in mystery 65 ad minerals invest 3 65 group types and their scenarios for each group
and how to create groups in a sign and men Rolls
Administrator Roles and M s 3 65
Administrator Roles are used to assign specific administrative functions to users and groups.
Each roll mats to a common business function gives permission to do specific tasks in the admin center
as well as within power show.
You can manage roles in the M s 3 65 using the admin center or within power show
global admin is can assign admin roles
to assign admin roles in the industry. 65 Admin center. You need to log in using a global admin account.
So in the admin center you're already logged in. You click from users and then active users
on the active users page.
Choose the user who's who's an enroll. You want to assign a change.
Properties page for the user opens up
next. The roles. Quick edits
on the Edit User Roles page. You can choose the following options user, which is no admin center access.
Or you can go in and click on admin center access,
and you can choose from the pre defying add minerals.
We have core I minerals, which have beard the very beginning. We also have grain your ad minerals group category,
such as identity
billing and other.
We've all heard two is better than one. What's married into three. What's buried in three.
Anything more than three right groups are awesome.
Some of my favorite groups in the history of group Manship
Robin Hood and his band of Merry Men,
the adorable seven doors from the snow, I tell,
and then the news exiting from Anchorman
again these groups
or move powerful together
and bring more to the table as a group than they do in the visuals.
With that being said,
there are different types of groups within M s 3 65.
This table shows there's groups
and when it's recommended to use
that group and where you created from
one of the news groups within a mystery. 65 is a office 3 65 Unified Group.
It's a shared workspace for email, conversation, fouls and calendar events.
You create this in the Eman Center exchange and in Center Outlook or Web bells.
You can also horse dude in power. Shell
is the best group for teamwork across all. Invest racist e file products.
With a unified group,
you can associate a team with it.
You can't have a Group
group SharePoint site. You have all of these capabilities
that come pre built with it.
We have a destroyer wist, a district for
email sent to its end, all members of the group.
It's not retroactive. So if that means if you ask my today, they only receive
e mail center that grew from that moment forth
that's created an exchange that man
in mystery 65 admin course Power show
Mellon Able Security Girl.
This is a distribution group
also could be used for signing permissions.
So this is a hybrid between a district heard and a security, or when you need to assign permissions to an object
but also have the need to have a distribution list. That's when you use this
That one able security group without being mellow enabled is only used. Scram permissions to resource is
they use is defined recipient filters to dynamically determined membership. There is no pre defined membership list. When something is sent to it,
it performs a query, and it populates it
right in and there.
We need a flexible distribution changes automatically based on predictive and define conditions.
A lot of times within my organization, we use dynamic destro for staff emails
for all users.
Let's say you have a Department of Human Resources. You can save a dynamic destro query toe where any user object with an active mailbox that has human resource is as a department variable.
It's part of every
so in the matter who's added or removed. It goes based on those conditions. That's where dynamic destroy really comes in handy.
To create a group in the M s for 65 admin center
scared of the group tab
and then choose new group
and then choose your group type
to delete a girl
again in the admin center or exchange admin center. You pour the group up
and you just gotta do it.
Body Bouches Mother says Individual user Osama is the devil.
If you've missed that part of water boy, I advise you go back and we watch it.
It's in the movie. I guarantee you don't
make monitors say angry.
Keep naming conventions intuitive and simple.
Add users and groups to those groups for permission ing
instead of assigning direct permissions.
Let's keep your job and your management of all of this easier.
and assigned those groups permissions
maintain a well defined account in group revision. Process
those the best prices
as your 80 him. Proposal Day management enables you to manage control of monitor access within your organization.
It includes Resource is across the entire emissary. C C five Environment
as a 80 10 allows you to
see which users are assigned Privilege roles
Enable one demand just in time. Administrative access to these online services.
See a history
auto twist of administrator activation, including changes made.
You guys will get alerts about changes and the assignment of administrative roles.
You can also require approval to activate as your A D privilege. I'm enrolls,
and you can do
Cruz Obtaining Management Service introduced the concept of eligible administration instead of traditional permanent administration
eligible admissions or users that need at administrative access periodically but not 24 7.
Their role is inactive until they need the accidents.
Then they complete the innovation process, and they're elevated to be an active admin for a predetermined amount of time.
More. Organizations are choosing to use this approach,
so they eliminate permanent admin access to privileged roles.
An office 3 65 group
is a type of group breaking men for teamwork.
We had about four different groups. Five different groups. Office 3 65 Unified Group Have one specific recommendation. Do you remember? What of this?
Yes, it's for teamwork.
It's the best group you create to have teamwork that is integrated across the entire demonstrate 65 service platform.
Out of the in privileged identity management.
You can use the pin audio history to see all users honest and activation within a given period of time.
Well, look here. We're looking at the
That's kind of the tongues. What's looking had a pen panel
and we can see here. Under activity was looking out of history.
Its approval is access management
different from privilege. A Danny management.
So approvals. Identity management primarily allows managing access for 80 roles in role groups
offered was access management supplied only at that specific task.
To recap this lesson
multiple. M s 3 65 group times exists in each one serves. It's a niche
travelers. A Danny management allows you to manage, monitor and control user access within your organization.
Thank you for joining me. I hope to see one the next video. Thank you.
User and Group Security Part 4: Managing Passwords
Identity Synchronization Part 1
Identity Synchronization Part 2: Azure AD Connect
Identity Synchronization Part 3: Managing Synchronized Identities
Identity Synchronization Part 4: Federated Identities