Book Image

Microsoft Office 365 Administration Cookbook

By : Nate Chamberlain
Book Image

Microsoft Office 365 Administration Cookbook

By: Nate Chamberlain

Overview of this book

Organizations across the world have switched to Office 365 to boost workplace productivity. However, to maximize investment in Office 365, you need to know how to efficiently administer Office 365 solutions. Microsoft Office 365 Administration Cookbook is packed with recipes to guide you through common and not-so-common administrative tasks throughout Office 365. Whether you’re administering a single app such as SharePoint or organization-wide Security & Compliance across Office 365, this cookbook offers a variety of recipes that you’ll want to have to hand. The book begins by covering essential setup and administration tasks. You’ll learn how to manage permissions for users and user groups along with automating routine admin tasks using PowerShell. You’ll then progress through to managing core Office 365 services such as Exchange Online, OneDrive, SharePoint Online, and Azure Active Directory (AD). This book also features recipes that’ll help you to manage newer services such as Microsoft Search, Power Platform, and Microsoft Teams. In the final chapters, you’ll delve into monitoring, reporting, and securing your Office 365 services. By the end of this book, you’ll have learned about managing individual Office 365 services along with monitoring, securing, and optimizing your entire Office 365 deployment efficiently.

Related Content you might be interested in

Current Title:

Small book image
Microsoft Office 365 Administration Cookbook
Nate Chamberlain
Sep, 2020 | 442 pages
Small book image
Mastering Office 365 Administration
Alara Rogers | Nikkia Carter | Thomas Carpe
May, 2018 | 532 pages
Small book image
Managing Microsoft Teams: MS-700 Exam Guide
Peter Rising | Nate Chamberlain
Feb, 2021 | 452 pages
Small book image
Deploying Microsoft 365 Teamwork: Exam MS-300 Guide
Aaron Guilmette
Jan, 2020 | 632 pages
Table of Contents (16 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Sections
Get in touch
Reviews
1
Chapter 1: Office 365 Setup and Basic Administration
Chapter 1: Office 365 Setup and Basic Administration
Technical requirements
Accessing the admin centers
Setting up the PowerShell environment
Viewing and filtering the roadmap
Discovering upcoming changes
Opening a service request
Monitoring service request status
Adding a domain
Changing the domain for users
Assigning a license to a user
Assigning a license to a group
Customizing navigation of the admin center
Personalizing your admin center home page
Free Chapter
2
Chapter 2: Office 365 Identity and Roles
Chapter 2: Office 365 Identity and Roles
Technical requirements
Creating a new user
Importing users in bulk
Creating a new Office 365 group
Enabling Security Defaults (MFA)
Exporting users
Managing guest users
Creating a user template
Restricting users from creating new O365 groups
Assigning the User Administrator admin role in Azure AD
Managing admin roles in the Microsoft 365 admin center
3
Chapter 3: Administering Office 365 with PowerShell
Chapter 3: Administering Office 365 with PowerShell
Technical requirements
Getting a list of all available commands
Creating a user
Disabling a user
Changing user settings or profile information
Getting a list of all users with user properties
Changing a user password
Connecting via PowerShell to SharePoint Online
Creating a SharePoint site collection
Adding a new site collection admin to all SharePoint Online sites
Restoring a deleted OneDrive site
Hiding Office 365 groups from the Global Address List
Preventing external senders from emailing internal Office 365 groups
4
Chapter 4: Managing Exchange Online
Chapter 4: Managing Exchange Online
Technical requirements
Creating a user mailbox
Creating a mail-enabled security group
Creating a shared mailbox without an O365 group
Creating a distribution list
Creating a dynamic distribution list
Assigning permissions and roles
Creating an Exchange-specific retention policy
Creating a mail flow rule
Configuring spam filter policies
Creating room and equipment resources
Enabling advanced threat protection (ATP) features
5
Chapter 5: Setting Up and Configuring Microsoft Search
Chapter 5: Setting Up and Configuring Microsoft Search
Technical requirements
Creating an acronym
Creating a bookmark
Importing bookmarks in bulk from CSV
Importing SharePoint promoted results as bookmarks
Adding a location
Adding a floor plan
Adding a Q&A result
Assigning the Search Admin and Search Editor roles
Setting up the usage of Microsoft Search in Bing
Using Search Insights dashboard reports
6
Chapter 6: Administering OneDrive
Chapter 6: Administering OneDrive
Technical requirements
Enabling the local syncing of files
Restricting local syncing to PCs on specific domains
Setting up compliance safeguards
Providing manager access to a terminated employee's OneDrive
Setting the default share link type
Configuring external sharing permission levels
Restricting sharing to specific domains
Adjusting all users' default storage allocation and retention periods
Restricting OneDrive access to devices on specific IP address locations
Configuring mobile app permissions
Migrating data using the SharePoint Migration Tool
7
Chapter 7: Configuring the Power Platform
Chapter 7: Configuring the Power Platform
Technical requirements
Creating a new Power Platform environment
Restricting certain connectors in Power Apps and Power Automate from accessing business data
Installing an on-premises data gateway
Restricting users from installing on-premises data gateways
Auditing Power BI embed codes created by your organization
Restricting Power BI's Publish to Web (anonymous share) ability to specific security group members
Restricting the external sharing of Power BI reports
Configuring a default logo, cover image, and theme for Power BI
Creating a Common Data Service database
8
Chapter 8: Administering SharePoint Online
Chapter 8: Administering SharePoint Online
Technical requirements
Creating a new site collection
Deleting a site collection
Limiting external sharing abilities
Setting up stricter external sharing settings for a specific site collection
Setting up the default share link type
Configuring site collection storage
Giving someone access to another user's OneDrive site
Importing data from network locations using Migration Manager
Hiding the Subsite creation button
Designating a site collection as a hub site and associating other site collections with it
Restricting access by IP address
9
Chapter 9: Managing Microsoft Teams
Chapter 9: Managing Microsoft Teams
Technical requirements
Creating a team
Creating a Teams policy
Creating a meeting policy
Configuring meeting settings
Creating a live event policy
Configuring live event settings
Creating a messaging policy
Configuring Teams setup policies
Configuring external access
Configuring guest access
Reviewing teams and their owners
Using PowerShell to export a list of all the teams' owners and members
10
Chapter 10: Configuring and Managing Users in Azure Active Directory (Azure AD)
Chapter 10: Configuring and Managing Users in Azure Active Directory (Azure AD)
Technical requirements
Bulk create users in AAD
Adding branding to the AAD sign-in page
Adding a privacy statement to the AAD sign-in page
Installing and connecting to AAD via PowerShell
Adding/removing users via PowerShell in AAD
Creating an access review report in Azure AD
Allowing/disallowing users from connecting LinkedIn to their account
Enabling a self-service password reset
Using SSO to simplify organization-wide sign-in processes
11
Chapter 11: Understanding the Microsoft 365 Security & Compliance Center
Chapter 11: Understanding the Microsoft 365 Security & Compliance Center
Technical requirements
Viewing a report on all users who have accessed a specific SharePoint file
Using Content Search to find content containing certain keywords
Creating a retention policy based on the discovery of certain keywords
Accessing the standard Microsoft BAA
Accessing and reviewing an organization's secure score
Complying with Secure Score security configuration recommendations
Assigning permissions for non-IT users to the Security & Compliance admin center
Using Communication Compliance to identify potential policy violations in messages
12
Chapter 12: Deploying Data Loss Prevention and eDiscovery
Chapter 12: Deploying Data Loss Prevention and eDiscovery
Technical requirements
Creating a DLP policy to protect content with HIPAA-protected data detected
Using DLP to automatically report HIPAA incidents
Creating a DLP policy for content with custom keywords in the name or subject
Tuning a sensitive information type's confidence level
Creating an eDiscovery case
Managing eDiscovery cases
Creating an advanced eDiscovery case
Changing who has access to an advanced eDiscovery case
13
Chapter 13: Monitoring Office 365 Apps and Services
Chapter 13: Monitoring Office 365 Apps and Services
Technical requirements
Finding at-risk users
Creating alerts for specific activities performed by users in OneDrive
Reviewing mail handling to see spam and malware history
Identifying your least active SharePoint sites
Reviewing search activity across SharePoint site collections
Checking the service health status and known issues
Checking general usage data for Office 365 apps and services
Checking Teams usage and user activity
Monitoring Power Apps and Power Automate usage
14
Chapter 14: Appendix – Office 365 Subscriptions and Licenses
Chapter 14: Appendix – Office 365 Subscriptions and Licenses
15
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Assigning the User Administrator admin role in Azure AD

User management is usually assigned to helpdesk resources, and not a global admin. This recipe outlines the steps to assigning user management admin roles to users. This role provides its members an appropriate level of permission to manage users, but not all the access and abilities granted to the global admin role. Let's assign the User Administrator admin role to a user.

Getting ready

You'll need access to Azure AD and the Global administrator or Privileged Role administrator role to assign other admin roles.

How to do it…

  1. Go to Azure AD at https://aad.portal.azure.com.
  2. Select Azure Active Directory from the left navigation menu:
    Figure 2.35 – Azure Active Directory highlighted in the left-hand navigation menu in the Azure AD admin center

    Figure 2.35 – Azure Active Directory highlighted in the left-hand navigation menu in the Azure AD admin center

  3. Select Roles and administrators from beneath the Manage header:
    Figure 2.36 – Roles and administrators highlighted in the Manage section

    Figure 2.36 – Roles and administrators highlighted in the Manage section

  4. Search or scroll the list until you locate User administrator, then select it:
    Figure 2.37 – User administrator role highlighted in Administrative roles search results

    Figure 2.37 – User administrator role highlighted in Administrative roles search results

  5. Select Add assignments:
    Figure 2.38 – Add assignments option in the Assignments screen of the User administrator role details

    Figure 2.38 – Add assignments option in the Assignments screen of the User administrator role details

  6. Select each shared service account or individual user you want added to this role group. The search bar can help find specific accounts more quickly. When finished, select Add:
    Figure 2.39 – Selected users being added to an admin role in Azure AD

    Figure 2.39 – Selected users being added to an admin role in Azure AD

  7. You may now exit Azure AD:
Figure 2.40 – The confirmation notification that appears once users are successfully assigned

Figure 2.40 – The confirmation notification that appears once users are successfully assigned

How it works…

You've just used Azure AD to assign the User Administrator admin role. Users and accounts assigned to the user management role can reset passwords, create and manage users and groups, filter and manage service requests, and monitor service health. Azure AD is the preferred method of assigning roles because you can assign to multiple accounts at once. As you'll see in the next recipe, the Microsoft 365 Admin Center only allows one account to be assigned at a time.

Tip

Use shared service accounts (for example, [email protected]) to minimize the administrative tasks involved during employee turnover and onboarding.

See also

Previous Section
End of Section 11
Next Section