Microsoft 365 Admin Center Video Overview
In this quick walkthrough, I guide you through the essentials of the Microsoft 365 Admin Center—perfect for nonprofit tech leads and new admins. Whether you're adding users, or managing licenses, this video simplifies the admin experience to help you get started with confidence.Management Made Simple with Administrative Units - Microsoft Entra ID
Microsoft Entra ID, formerly known as Azure Active Directory, is a part of Microsoft Entra that manages both internal and external resources for your organization. These resources can reside in your Azure subscription or within your Microsoft 365 Tenant. Consequently, Entra ID assists IT administrators in managing who requires access to these resources. Organizations have the option to choose from three plans: Free, Microsoft Entra ID Plan 1, and Microsoft Entra ID Plan 2. Microsoft Entra ID is accessible through the Azure portal and the Microsoft Entra Admin Center, respectively. Additionally, within the Microsoft Entra Admin Center under Identity, you can manage devices, create lifecycle workflows, handle app resignations, and much more. In this lesson, we will learn about Administrative Units and how they can be utilized to manage your administrative staff within your organization. For license information please see a brief description on the different plans. However, you can learn more about the features here: Microsoft Entra Plans and Pricing | Microsoft Security. License Information: Microsoft Entra ID Free: Provides user and group management. Offers on-premises directory synchronization. Includes basic reports. Allows self-service password change for cloud users. Supports single sign-on across Azure, Microsoft 365, and many popular SaaS apps. Microsoft Entra ID Plan 1: Includes all features of the Free plan. Allows hybrid users to access both on-premises and cloud resources. Supports advanced administration, such as dynamic groups, self-service group management, Microsoft Identity Manager, and cloud write-back capabilities for self-service password reset for on-premises users. Microsoft Entra ID Plan 2: Includes all features of the Free and Plan 1. Offers Microsoft Entra ID Protection for risk-based Conditional Access to apps and critical company data. Provides Privileged Identity Management to discover, restrict, and monitor administrators and their access to resources, and to provide just-in-time access when needed. Microsoft Entra Role Based Access Control (RBAC) Microsoft Entra ID allows for access control to be limited for Administrators if you do not need them to have tenant level administrative access. Restricting access to only what is necessary is crucial to abide the least privilege principle. This principle ensures that administrators have only the permissions necessary to perform their tasks, minimizing the risk of unauthorized access. For example, if you have external collaborations from a consultant who performs helpdesk tasks for only certain permissions to perform their duties. If needed, you can also build custom roles. However, most built-in roles can cover most use cases. Auditing administrative units involves monitoring and reviewing the activities within these units to ensure compliance with organizational policies and security standards. External Partner Delegation You can also delegate external partner to provision and deploy services on your behalf. Organizational Global and Billing Administrators can agree to external partnership agreements for Microsoft Partners. Microsoft Solution Partners (MSP) can provide a wide variety of services. You will have to sign partner agreement authorizing the partner to provide services on your behalf. Depending on the partner will on the scope of work. You can find a Microsoft Certified Solutions Partner here: Find the right app | Microsoft AppSource. Partners will send an email that will establishes a connection to your accounts. You can find this agreement in Microsoft Entra Admin Center & Microsoft Entra Admin Center. To see your partnership relationship follow the instructions below: Microsoft 365 Admin Center - Partnership Relationship Navigate to Microsoft 365 Admin Center: https://admin.microsoft.com/. Login with your Administrative Username and Password. Authenticate with the Microsoft Authentication App when prompted. In the left-hand menu locate and click on the Show all tab. Select the Settings tab, then click on Partnership relationships. Microsoft Entra Admin Center - Delegated Admin Partners Navigate to Microsoft Entra Admin Center: https://entra.microsoft.com/. Login with your Administrative Username and Password. Authenticate with the Microsoft Authentication App when prompted. In the home directory, in the left-hand menu click on the Identity tab. Next, select Roles & Admins, then click on Delegated admin partners. In both areas, you will be able to view the active relationship with your partner, including the specific type of partnership they have with your organization. It is advisable to consult your partner for detailed information regarding your partnership agreement before making any decisions to cancel or delete the partnership. Additionally, it is common practice to create an administrative unit for managing external partners, guests, and similar entities. This ensures that all external relationships are organized and managed efficiently. What is Administrative Units? Microsoft Entra ID Administrative Units are specialized containers within the Microsoft Entra ID environment designed to help you efficiently organize and manage users, groups, and devices. These units enable you to delegate administrative tasks to specific segments of your organization, ensuring that permissions are confined to a well-defined scope. This functionality is particularly beneficial for IT professionals, as it provides numerous use cases for delegating tasks, thereby enhancing operational efficiency and security. Administrative Units Use Cases To learn how implementation works within Microsoft Entra. An understanding of common scenarios for using administrative units below: Delegating Administrative Tasks: Administrative units allow you to delegate administrative tasks to specific segments of your organization. For example, you can delegate the Helpdesk Administrator role to regional support specialists, enabling them to manage users only in the region they support. Restricting Permissions: Administrative units help in restricting permissions to a defined scope. This is particularly useful in large organizations where different departments or regions need to manage their own resources without affecting others. Managing Users, Groups, and Devices: Administrative units can contain users, groups, or devices, making it easier to manage these resources within a specific scope. For instance, you can create an administrative unit for a particular department and manage all users, groups, and devices within that department. Implementing Least Privilege Access: By using administrative units, you can implement least privilege access, ensuring that administrators have only the permissions necessary to perform their tasks. This enhances security by minimizing the risk of unauthorized access. Organizing by Geography or Division: Administrative units can be used to organize resources by geography or division. For example, you might add users to administrative units based on their location (e.g., "Seattle") or department (e.g., "Marketing"), allowing for more granular management. Managing Properties of Groups: Adding a group to an administrative unit brings the group itself into the management scope of the administrative unit. This allows administrators to manage properties of the group, such as group name or membership, without affecting the individual members of the group. Setting Policies at a Granular Level: Administrative units enable central administrators to set policies at a granular level. For example, in a large university with multiple autonomous schools, each school can have its own administrative unit with specific policies tailored to its needs. Conclusion In conclusion, Microsoft Entra ID Administrative Units offer a robust framework for managing user access and permissions within your organization. By leveraging these units, you can enhance security, improve efficiency, and maintain flexibility in your administrative tasks. Additionally, you have also learned how Administrative Units can be leveraged to manage external partners. Explore the possibilities and unlock the full potential of Microsoft Entra ID today! Hyperlink Administrative units in Microsoft Entra ID - Microsoft Entra ID | Microsoft Learn Overview of Microsoft Entra role-based access control (RBAC) - Microsoft Entra ID | Microsoft Learn Manage Microsoft-certified solution provider partner relationships | Microsoft Learn Find the right app | Microsoft AppSourceResetting Passwords in Microsoft 365 Admin Center
As an administrator, you have multiple responsibilities of managing resources. Depending upon your scope of work you may need to manage sites, create mailboxes, and create Microsoft groups, etc. As an administrator, you have the capability to reset user passwords directly through the Microsoft 365 Admin Center. Additionally, enabling self-service password reset empowers users to manage their own passwords, reducing administrative overhead. This guide provides a comprehensive walkthrough on one of those methods, ensuring a secure and user-friendly experience. However, we will cover enabling the self-service password reset in another article where we will take a closer look into Microsoft Entra Admin Center. Accessing the Microsoft 365 Admin Center Before you begin. You will need to have access to Microsoft 365 Admin Center. Additionally, you will need to be a Global administrator, User Administrator, Password Administrator, or Helpdesk Administrator. Global administrators have full access to reset passwords for everyone. Password, User, and Helpdesk admins can reset non-admin users. However, these roles can reset certain admin user passwords. You can learn more about administrative roles and capabilities here: About admin roles in the Microsoft 365 admin center - Microsoft 365 admin | Microsoft Learn. There are multiple ways to reset a password for a user, so I will showcase the most common. Resetting Passwords - Scenario 1 Sign into Microsoft 365 admin center using your administrator credentials. Navigate to "Users." In the left-hand navigation pane, select Users > Active users. Under the "Home" tab of the Active Users window, select the checkbox next to the user you would like to reset the password. You may also hover over the user account. Next, select the Key icon, which will appear next to the selected user. A new pane will appear on the right side of the screen. By default, both checkboxes are selected for "Automatically reset password" and "Require this user to change their password on first sign in." You can opt to auto-generate a new password or create one manually. Ensure the option Require this user to change their password when they first sign in is selected to maintain security. Communicate the New Password Securely As of August 30, 2024, Microsoft has removed the ability to send user account details and passwords via email from within the admin center. It is recommended to print the account details to a PDF file and share it with the user through a secure method. Resetting Passwords - Scenario 2 Navigate to Microsoft 365 Admin Center with administrator credentials. Navigate to "Users." In the left-hand navigation pane, select Users > Active users. Under the "Home" tab of the Active Users window, select the name of the user you would like to reset the password. On the user's details pane, select "Reset password". It should be located underneath the name of the individual's name. A new pane will appear on the right side of the screen. By default, both checkboxes are selected for "Automatically reset password" and "Require this user to change their password on first sign in." You can opt to auto-generate a new password or create one manually. Ensure the option Require this user to change their password when they first sign in is selected to maintain security. Important Considerations Encourage users to create strong, unique passwords and to update them regularly. Regularly review and update your organization's password policies to align with the latest security recommendations. In Conclusion By following these steps, you can efficiently manage user passwords within your organization, enhancing both security and user autonomy. Administrators have a variety of tools at their disposal to easily manage user passwords, ensuring a seamless and secure experience for all users. In our next blog, we will cover how to enable password reset for users utilizing Microsoft Entra ID, providing further insights into optimizing your organization's password management processes. Hyperlinks About admin roles in the Microsoft 365 admin center - Microsoft 365 admin | Microsoft Learn Reset passwords - Microsoft 365 admin | Microsoft Learn
