365tips.be

The best Microsoft 365 tips on the web

Manage users and groups in (Azure) Active Directory? - mailbox - create

Manage users and groups in (Azure) Active Directory? - mailbox - create
Jasper Azure Active Directory Microsoft 365 general Microsoft Azure

Users and groups can be managed in Active Directory or in Azure Directory. In this blog, I'll explain some basic principles. Then I'll explain how you can get started with groups and users yourself.

What is Azure Active Directory?

They have a similar name, but Azure AD is not a cloud-based version of Windows Server Active Directory. It's also not intended to be a complete replacement for an on-premises Active Directory. If you're already using a Windows AD server, you can connect it to Microsoft Azure Active Directory to extend your directory to Azure. This approach allows users to use the same credentials (username and password) to access on-premises and cloud resources.

A user can Azure AD independently of Windows AD. Smaller companies can Azure AD as their only directory service and use it to manage access to their apps and SaaS products, such as Microsoft 365, Salesforce, and Dropbox. Source.

Azure Active Directory (AAD)

Azure Active Directory creates a connection between on-premises Active Directory and Azure Active Directory. This is a practical way to keep users in sync from the on-premises environment.

Making

Pros: Same password on-premises and in the cloud. Most of the management is in Active Directory.
Disadvantages: Complexity, some things you have to do on-premise, some in the cloud, you have a lot of dependencies in the 'old' environment. In Azure AD it is often easier to implement new things.

You can activate Active Directory synchronization via these instructions or via the video below.

Groups management in Azure Active Directory

Once you've set up the synchronization, you can create and manage users and groups in both on-premises Active Directory and Cloud Active Directory.

Conceptual illustration with users, directories, and subscriptions in Azure

With a Azure ADgroup, users can be organized to make managing permissions easier. Groups allow the resource owner (or the Azure ADdirectory owner) assign a set of access permissions to all members of the group.

Groups can define a policy and then add and remove specific users. Thus, access can be granted or denied with minimal effort.

Even better is that Azure AD provides the ability to define membership based on rules, such as the department where a user works or the position they hold.

In Azure AD you can define two different types of groups:

  • Security groups. These are the most common security groups, and they are used to manage member and computer access to shared resources for a group of users. For example, you can create a security group for a specific security policy. This way, you can give a set of permissions to all members at once instead of adding permissions individually for each member. For this option, a Azure ADadmin required.
  • Microsoft 365 Groups. These groups provide opportunities for collaboration by giving members access to a shared mailbox, calendar, files, SharePointsite and more. This option also gives you the ability to give people outside your organization access to the group. This option is available to both users and administrators.

Navigate to Azure AD through this portal. Then press groups.

Press: "New group"

Then choose which group you want to create.

Create a security group as a test.

Create a dynamic group in Azure AD

Create a security group through https://portal.azure.com. Click on: New group

Choose user dynamically

The group is created in this example

You can work with a rule policy like the one below. This means that anyone with the domain described below will become a member.(user.userPrincipalName -contains "@jedomein.be")

Create a group in the on-premises Active Directory

Open Active Directory Users and Computers on the Active Directory Server.

Create a group in Active Directory using the indicated icon in this screenshot above.

Start a sync via Azure AD Connect to make it visible in Azure AD. (tip)

Advantages of Azure AD groups

Open Azure AD to view the groups. You can see on the right that the member management group is coming from the Windows Server AD and the other group is coming directly into the Azure AD has been created.

In terms of management, it really looks the same. When are Azure AD groups are more convenient than groups from your Windows Server AD.

  • Group management and delegation: If you do group management in the cloud, i.e. in Azure AD can more easily give you rights to delegate management to those responsible. (owners) Users are able to add people in groups themselves. More about this in this blog.
  • Exchange management and dynamic groups: It is also possible to create dynamic groups via Exchange Online. Again here the groups are best via Azure AD under management.
  • Naming policy and expiration policies: It is more convenient to activate automatic policies in Azure AD than in Active Directory. A screenshot below. Practical guide, here.

User management in Active Directory or Azure Active Directory?

From Office 365 Create a new user?

Create a mailbox for a new user. A mailbox,Teams, OneDrive and all other features included in the license can be activated automatically after a user is created in Office 365.

If your users useAzure ADConnect are provided for in Office 365 then it is not possible to change properties of the AD object. Email addresses and all other properties must be done on-premises. Rights and settings of everything except the user and mail settings must be via Azure AD happen. If you have your user in the cloud, you can manage all properties there as well.

Manage group membership: Through https://admin.microsoft.com/AdminPortal/Home#/users it is possible to search for your user and click on Groups. Use this menu to add users to the AD groups.

It is also possible to from Azure AD create a user.

Create a user from on-premises Active Directory?

Create a new user via Active Directory Users and Computers and do a Manual Azure AD synchronization.

The use comes after the synchronization in Azure AD at. There you can assign a license.

The result

Users can be created in 2 places.

  • Either via Azure AD – Test User AAD@365tips.be
  • Either via Active Directory test user@365tips.be

Conclusions

Cloud management is on the rise. An organization can Azure AD independently of Windows AD.

Smaller companies can Azure AD as their only directory service and use it to manage access to their apps and SaaS products, such as Microsoft 365, Salesforce, and Dropbox. But even if your focus is on the Cloud shift, you can move your printers, documents and applications so that you can disable your on-premises Active Directory.

Users can be created and managed on-premises and in the cloud. In Azure AD there are some advantages over Active Directory. If you are looking for a Cloud workshop , be sure to read: 15 steps to a digital workshop!

Also read

Create Guest Team and Restrict the General Channel in Use
Adding Devices in Endpoint Manager – Azure AD or Hybrid Join?
Office 365 in Education – Setting Up a Classroom – Starter's Guide
How to share files in Office 365 – 8 scenarios

Tagged: , ,

Related tips

Microsoft 365 general

Apple allows alternative browsers such as Edge in iOS 17.4

Microsoft 365 general

Outlook Tip: Show declined invitations in your calendar anyway

Microsoft 365 general

How to delete a page in Microsoft Word?

Microsoft 365 general

How can you use Loop components in a Teams meeting or in a post?

Microsoft 365 general

Meet Microsoft Designer, the new app for creating designs with AI

Azure Active Directory Microsoft 365 general Office 365 Admin

📘 Tutorial: How to create your own Microsoft Office 365 tenant ?

0 0 vote
Article review
Subscribe
Please let us know if there are
guest

0 Comments
Inline feedbacks
See all comments

Subscribe via email

Enter your email address to subscribe to this blog and receive email notifications of new posts.

0
Would love to know your thoughts, please leave a comment.x