Mastering Office 365 Administration E-Book

Mastering Office 365 Administration

Copyright © 2018 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor: Vijin Boricha Acquisition Editor: Meeta RajaniContent Development Editor: Sharon RajTechnical Editor:Khushbu SutarCopy Editors:Safis Editing, Dipti Mankame Project Coordinator:Virginia DiasProofreader: Safis EditingIndexer: Pratik ShirodkarGraphics: Tom ScariaProduction Coordinator: Aparna Bhagat

First published: May 2018

Production reference: 1160518

Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK.

ISBN 978-1-78728-863-8

www.packtpub.com

Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

Why subscribe?

Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals

Improve your learning with Skill Plans built especially for you

Get a free eBook or video every month

Mapt is fully searchable

Copy and paste, print, and bookmark content

PacktPub.com

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.

Contributors

About the authors

Thomas Carpe is a founder and managing principal of Liquid Mercury Solutions, a Baltimore-based Microsoft Gold partner specializing in Azure, Office 365, and SharePoint since 2009. He's been working with SharePoint since 2001, with Microsoft technology for over 20 years. He has several Microsoft certificates, including MCPD, MCSE, and MCITP. He is an acknowledged expert in SharePoint security, and he is the author of a large open source library and several software products built on SharePoint. He resides in Baltimore with his wife, children, housemates, and a menagerie of pets.

Nikkia Carter, director of collaboration and training for C3 Integrated Solutions, a Microsoft Gold & Silver partner in VA, has a bachelor's in computer science, a master's in IT project management, and is a CompTIA Certified Technical Trainer. She is a solutions developer, strategist, trainer, and tech speaker. She is a member of the Microsoft Voices for Innovation taskforce and of the International Association of Microsoft Channel Partners DC board. She also leads the SharePoint User Group DC.

Alara Rogers, not to be confused with Buck Rogers or Mr. Rogers, is often thought to be a brain in a tank, but this is not true; she is a space alien. Alara grew up in the land of IBM near Poughkeepsie, NY, and entered IT via database marketing and analytics. She has a bachelor's in psychobiology from the University of Pennsylvania. Nowadays, her main interests are business intelligence, process management, information architecture, and SharePoint as a platform for the rest. She writes science fiction in her spare time, and has been known to reply at length when someone is wrong on the internet.

About the reviewers

Markus Darda is the owner of DaComp GmbH (Switzerland). As a senior engineer and architect, he works for enterprise customers all over Europe designing and implementing Citrix and Microsoft environments.

He also has a lot of experience in migrating customers to Office 365 and Microsoft Azure. In the past, Markus has also reviewed the following books for Packt:

Hyper-V Network Virtualization Cookbook

Citrix XenApp® 7.5 Desktop Virtualization Solutions

Getting Started with Citrix XenApp® 7.6

Citrix has named Markus as Subject Matter Expert (SME) on several products. 

Shadeed Eleazer is a navy veteran and reputation management and social selling thought leader who is an architect of the official state websites of Maryland, Pennsylvania, and Wisconsin, powered by Microsoft SharePoint technologies. He is an Amazon best selling author. He specializes in on-premises to cloud migrations, enterprise social media, instructional systems design, and training. He is the founder of Managed Path Solutions, a Microsoft partner focused on the support of Microsoft technology platforms.

Packt is searching for authors like you

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

Table of Contents

Title Page

Copyright and Credits

Mastering Office 365 Administration

Packt Upsell

Why subscribe?

PacktPub.com

Contributors

About the authors

About the reviewers

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Conventions used

Get in touch

Reviews

The Office 365 Administration Portal

The dashboard

Dashboard components

DirSync Status

Users

Billing

Office software

Domains

Support

Windows 10 Upgrade

Videos

Message center

Service health

Setup guides

Active users

Dashboard summary

The left sidebar navigation menu

Users

Active users

Adding a user

Using the user panel

Views

Import multiple users

Contacts

Guest users

Deleted users

Groups

Groups

Shared mailboxes

Resources

Rooms and equipment

Sites

Public website

Billing

Subscriptions

Bills

Licenses

Purchase services

Billing notifications

Support

Customer lockbox request

Settings

The Services & add-ins page

The Security & privacy settings

DirSync errors

Organization profile

Partner relationships

Setup

Products

Domains

Data migration

Reports

Usage

The Security & compliance option

Health

Administrative portals for individual services

Summary

Using PowerShell to Connect to Office 365 Services

Software prerequisites

Core components

Supporting modules

Other useful downloads

Connecting to your Office 365 tenant

Using predefined credentials to connect

Connecting to Exchange Online

Connecting to SharePoint Online

SharePoint Online Management Shell

Client-side object model

SharePoint REST API

Legacy SharePoint web services, WebDAV, and FrontPage Server Extensions

Other tools and frameworks

Connecting to Skype for Business

Connecting to other services

Connecting to customer tenants using delegated access

Exchange Online delegated

Skype for Business delegated

SharePoint Online delegated

Connecting to multiple services in a single session

Important security tips

Summary

Administering Azure Active Directory

Interacting with Azure AD

Office 365 portal

Azure portal

Azure AD PowerShell module

Managing Office 365 users

Finding existing users

Creating and managing custom views

Getting users information with PowerShell

Onboarding users

Adding a single User

Adding bulk users

Using PowerShell to add users

Working with user settings

Uploading a photo

Changing a user's login name or email address

Updating contact information

Enabling or disabling login

Resetting passwords

Adjusting the user's licenses

Assigning groups

Managing admin roles

Email-centric user and group features

Offboarding users

Deleting a user in the portal

The user recycle bin

Alternative strategies to deleting a user

Disabling user login

Converting to a shared mailbox

Downloading the mailbox to a PST

Switching to archive license

Acquiring a third-party backup solution

Using mailbox retention (in-place hold)

DLP

Safeguarding

Advanced topics

DNS domains

Adding and configuring a DNS domain

Authorization stage

Integration stage

Cutover Stage

Configuring DNS with PowerShell

Managing external guest users

Integrating with your on-premises user directory

Available integration options

Windows Essentials Experience

AD Connect (also known as AD Sync or Directory Sync)

AD FS

Mixed systems

Alternative options

How AD integration affects the new user creation process

AD and your DNS domains

Adding a UPN suffix to your domain

Changing the UPN for each Windows user

Summary

Administering Exchange Online – Essentials

The dashboard

Recipients

Mailboxes

Editing the user mailbox

The mailbox usage tab

The email address tab

The mailbox features tab

The mailbox delegation tab

Creating a user mailbox

Groups

Creating and editing groups

Creating a distribution Group

Editing a distribution group

Creating a dynamic distribution list

Editing a dynamic distribution group

Creating or editing a security group

Creating an Office 365 Group

Editing an Office 365 Group

Resources

Creating a resource

Contacts

Shared mailboxes

The migration tab

The permissions tab

The compliance management tab

The organization tab

The protection tab

Advanced threats

The mail flow tab

The rules tab

Creating a rule

Rule conditions

Rule actions

Other rule settings

Rules from template

The message trace tab

URL trace

The accepted domains tab

The remote domains tab

The connectors tab

The mobile tab

The public folders, unified messaging, and hybrid tabs

Summary

Administering Exchange – Advanced Topics

Mail migration

Remote move migration

Staged migration

Cutover migration

IMAP migration

Migration from Exchange Online

More details

Permissions

Admin roles

User roles

Outlook Web Access policies

Compliance management

In-place eDiscovery and Hold

Auditing

Data loss prevention

Retention policies and retention tags

Journal rules

Organization

Sharing

Add-ins

Protection

Malware filter

Connection filter 

Spam filter

Outbound spam

Quarantine

Action center 

DKIM

Advanced threats

Safe attachments

Safe links

Organization policy

Specific recipient policy

Mobile

Mobile device access

Mobile device mailbox policies

Summary

Administering SharePoint Online

General overview of SharePoint

Administering via the SharePoint admin center

Getting to the SharePoint admin center

Managing the site collections

Creating new site collections

Deleting site collections

The infopath option

The user profiles option

The sharing option

The Sharing outside your organization setting

The Who can share outside your organization setting

The Default link type setting

The Default link permission setting

The Additional settings option

The Notifications settings

The settings option

The Show or Hide Options setting

The Site Collection Storage Management setting

The OneDrive for Business experience setting

The SharePoint Lists and Libraries experience setting

The Admin Center experience setting

The Office Graph setting

The Enterprise Social Collaboration setting

The Streaming Video Service setting

The Site Pages setting

The Global Experience Version Settings setting

The Information Rights Management (IRM) setting

The Site Creation setting

The Subsite Creation setting

The Custom Script setting

The Preview Features setting

The Connected Services setting

The Access apps setting

The Mobile Push Notifications – OneDrive for Business setting

The Mobile Push Notifications – SharePoint setting

The Comment on Site Pages setting

The access control option

Administering via PowerShell

Administering SharePoint Online via SharePoint

Permission levels and groups

Roles and responsibilities

Some words of wisdom

Summary

Office 365 Groups and Microsoft Teams Administration

An overview of Microsoft Teams and Office 365 Groups

Inside Office 365 Groups

Microsoft Teams

Things to keep in mind

Administering Office 365 Groups via Office 365 Groups settings

Creating a new Office 365 group

Administering Teams via Office 365 admin center

Administering via PowerShell

Administering via PowerShell administration for Office 365 Groups

PowerShell administration for Microsoft Teams

Summary

Understanding Security and Compliance

Security & Compliance overview

Permissions

Service assurance

Configuring Security & Compliance settings

Assigning permissions to non-IT staff

Security assurance information

Alerts

Alerts dashboard

View alerts

Alert policies

Classifications

Labels

Creating a label

Auto-applying labels

Publishing labels

Label policies

Sensitive information types

Data loss prevention

DLP policy

App permissions and device management

Data governance

Dashboard

Explorer

Import

Threat management

Dashboard

Review

Policy

Data privac

GDPR dashboard

DSR cases

Search & investigation

Content search

Audit log search

eDiscovery

Creating a case

Managing cases

Core versus advanced

Search

Hold

Productivity app discovery

Security & Compliance reports

Reports dashboard

Scheduled reports

Downloadable reports

Security score card

Summary

Administering Skype for Business

Configuring organization-wide settings 

Audio conferencing

Microsoft bridge

Microsoft bridge settings  

Audio conferencing users 

Managing Skype for Business users 

General user settings

User settings for external communications 

User voice settings 

Audio conferencing user settings 

Online meetings 

Meeting invites 

Broadcast meetings 

Managing voice services and calling plans 

A word about licenses and costs

Obtaining and assigning phone numbers 

Providing emergency locations 

Configuring voice users 

Call routing 

The auto attendants service 

The general info section

The hours of operation section

Business hours and after hours call handling 

Holidays

Dial scope 

Call queues

Advanced topics for call routing

Text-to-speech

Routing calls to external phone services 

A brief word about offboarding users 

Advanced telephony services 

Number portability 

Have a copy of your old phone bill 

Know whether you need a manual port 

Be patient, very patient 

If this is a main number, be prepared to act quickly 

User numbers versus service numbers 

What if you get a user number by mistake? 

Caller ID 

The problem with caller ID 

Potential solutions for inaccurate caller ID data 

People see my desk number when I call them 

Phones and other third-party products 

Hybrid environments 

Running a call center 

Summary 

Administering Yammer

Overview

Administrating via Office 365

Getting to the Yammer admin center

Managing user licenses

Getting started

Setting a usage policy

Writing a welcome message

Network

Users

Content and Security

Administering via PowerShell

Summary

Administering OneDrive for Business

OneDrive dashboard

Sharing

Sync

Storage

The Device access page

Device access

Mobile application management

Compliance

Notifications

Accessing the files of terminated employees

Manager access

Administrator access

Summary

Power BI Administration

Administering via Office 365

Usage metrics

Users

Audit logs

Tenant settings

Capacity settings

Embed Codes

Organization visuals

Administering using PowerShell

Where to get more information

Summary

Administering PowerApps, Flow, Stream, and Forms

Defining PowerApps, Flow, Stream, and Forms

PowerApps

Flow

Stream

Forms

Administering PowerApps and Flow

Environments

The Security tab

The Resources tab

The Database tab

Data policies

Data integration

Tenant

Stream

Manage streams

Administrators

Spotlight videos

Company policies

Usage details

Groups

Support

Comments

Manage users

Content creation

Outside the Stream admin portal

View in admin mode

Forms

Summary

Usage Reporting

How useful are usage reports?

What reports are included?

The dashboard

Office 365

Activations

Active users

Office 365 Groups activity

Exchange

Email activity

Email app usage

Mailbox usage

OneDrive and SharePoint

OneDrive and SharePoint activity

OneDrive and SharePoint usage

Skype for Business

Skype for Business activity

Peer-to-peer activity, conference organized, and participant activity

Device usage

PSTN (Telephone) usage

Users blocked

Session details

Teams and Yammer

Microsoft Teams User activity

Microsoft Teams Device Usage

What the heck happened to Yammer?

Yammer activity

Yammer device usage

Yammer groups activity report

Advanced reporting topics

Anonymizing user data

Power BI Content Pack

User count by Geo

Security & Compliance

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think

Preface

Office 365 is one of Microsoft's most popular cloud offerings, a low-cost service that people subscribe to in order to access various Microsoft services and software. It is the replacement of Microsoft's Business Productivity Online Suite (BPOS), Microsoft's previous cloud offering. It is free or super-low-cost, depending on the subscription, for 501(c)3 nonprofits and accredited educational institutions.

Office 365 is securely accessible anywhere with a supported device and an internet connection, and is independently verified to comply with regulations such as FedRAMP, FISMA, HIPAA, ISO 27001, EU, and others, with over 900 controls that enable keeping compliant never-changing industry standards. Office 365 has a financially backed guarantee of 99.9% uptime.

As such, Office 365 is constantly being updated due to customer feedback and Microsoft's desire to offer evergreen and best-in-class services. Due to this, they are constantly updating and improving the service, as well as offering new services.

Who this book is for

This book is for those who are new to Office 365 administration, or may have worked with it for a while but are looking to verify their knowledge and take their skills to the next level. This book illustrates administration from the basics to more advanced topics.

What this book covers

Chapter 1, The Office 365 Administration Portal, introduces the reader to the Office 365 admin portal.

Chapter 2, Using PowerShell to Connect to Office 365 Services, enables you to connect PowerShell to various Office 365 services and perform tasks.

Chapter 3, Administering Azure Active Directory, helps you manage and administer various identities and groups.

Chapter 4, Administering Exchange Online - Essentials, covers the basics of administering Exchange Online—mailboxes and rules/message management.

Chapter 5, Administering Exchange - Advanced Topics, covers all the more advanced and/or obscure parts of Exchange Online administration.

Chapter 6, Administering SharePoint Online, introduces the reader to the SharePoint admin portal and other SharePoint administration techniques needed to manage SharePoint, including some PowerShell.

Chapter 7, Office 365 Groups and Microsoft Teams Administration, introduces the reader to administering Office 365 Groups and Microsoft Teams through the Office 365 admin portal and through PowerShell.

Chapter 8, Understanding Security and Compliance, shows how to secure Office 365 and enforce compliance, and help you manage security, create permissions, and enforce compliance.

Chapter 9, Administering Skype for Business, teaches the reader how to manage the instant messaging, voice, and video components of Skype for Business.

Chapter 10,  Administering Yammer, introduces the reader to the Yammer admin portal. Some administration through PowerShell is also included.

Chapter 11, Administering OneDrive for Business, covers everything the reader needs to manage OneDrive for Business for their users.

Chapter 12, Power BI Administration, introduces the reader to the Power BI admin portal.

Chapter 13, Administering PowerApps, Flow, Stream, and Forms, introduces the reader to various new products available in Office 365, what they are useful for, and how to administer them.

Chapter 14, Usage Reporting, shows how to get support and monitor the service health of Office 365.

To get the most out of this book

The topics in this book assume that you have some knowledge of Office 365 and have used it as an end user. We assume that you know what the main components are in Office 365. We also assume that you are not already an advanced administrator of Office 365 who is looking for a book entirely comprising master's-level topics and techniques. Although, in some chapters, some techniques are of the master's level, most range from basic to advanced skills.

In order to perform the techniques in this book, we suggest setting up an Office 365 tenant that you can play around with before applying your newly acquired skills to your actual organizational tenant.

You can sign up for a free 30-day trial tenant at https://products.office.com/en-us/business/compare-more-office-365-for-business-plans. We highly recommend signing up for the E3 or E5 subscription and making yourself the global administrator (this happens automatically if you sign up with your info). You may also want to set up multiple users at different administration levels to test them out. You get 25 user licenses with every trial. You will also need PowerShell, SharePoint Online PowerShell, and Exchange PowerShell in order to execute the scripts.

Download the example code files

You can download the example code files for this book from your account at www.packtpub.com. If you purchased this book elsewhere, you can visit www.packtpub.com/support and register to have the files emailed directly to you.

You can download the code files by following these steps:

Log in or register at

www.packtpub.com

.

Select the

SUPPORT

tab.

Click on

Code Downloads & Errata

.

Enter the name of the book in the

Search

box and follow the onscreen instructions.

Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:

WinRAR/7-Zip for Windows

Zipeg/iZip/UnRarX for Mac

7-Zip/PeaZip for Linux

The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/Mastering-Office-365-Administration. In case there's an update to the code, it will be updated on the existing GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it from https://www.packtpub.com/sites/default/files/downloads/MasteringOffice365Administration_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "Now that you're connected, you can use commands such as Get-Mailbox and Get-MailUser."

Any command-line input or output is written as follows:

Connect-MsolService -Credential $Credentials

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "You can click on the carat beside Advanced settings for shareable links to open up additional options."

Get in touch

Feedback from our readers is always welcome.

General feedback: Email [email protected] and mention the book title in the subject of your message. If you have questions about any aspect of this book, please email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Reviews

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packtpub.com.

The Office 365 Administration Portal

While there's more than one way to perform most administrative functions in Office 365, the majority of administrators will find that most tasks can be performed conveniently and easily by using the Office 365 administration portal. In this chapter, we're going to go through the different parts of the main portal, and very briefly touch on the functions of the individual administration sites accessible from the portal, since most of those are covered in other parts of this book.

The following topics will be covered in this chapter:

The dashboard

The left sidebar's navigation

Administrative portals for individual services

The dashboard

You can access the administration portal from any Office 365 site, including the main site at https://portal.office.com, by clicking on the apps icon in the top-left corner that looks like a tic-tac-toe board to get your list of apps, and then selecting Admin. But if you are going to be visiting the portal a lot, which is normal for anyone who has Office 365 administration as one of their general job duties, you might want to bookmark it directly. The direct link for it is https://portal.office.com/adminportal. However you choose to get there, the first thing you're going to see is the Office 365 administration dashboard.

Clicking on the apps icon opens your list of apps and allows you to access the portal by clicking on Admin:

You cannot access everything that you can do in the Office 365 administration portal through the dashboard. On the left-hand side, there's a side navigation bar with expandable headings that grants access to the rest of the portal's functionality. There's also a heading at the bottom of the side navigation that shows all of the main administrative centers for Office 365. Those administrative centers will be covered in their own separate chapters.

Dashboard components

Dashboard components aren't necessarily identical between tenants. For instance, the one in the preceding example has a section for Windows 10 Upgrade, because this particular dashboard belongs to a tenant that has purchased a Windows 10 subscription product. My company's portal doesn't have the Videos section, but rather, a Train yourself section that shows links for training for admins and for end users.

We'll go over the components that you'd generally expect to find in most tenant dashboards.

DirSync Status

You'll only see this dashboard component if you're using Active Directory (AD) synchronization, either to an Azure Active Directory or on-premises. This dashboard component quickly tells you when the last directory sync was done, when the last password sync was done, and if either of them had any errors. Clicking on this component takes you to the same place you'd get to via the side navigation bar if you clicked Health | Directory Sync Status.

Users

You'll probably use Users more often than any other component. The Users dashboard component takes you to the same place as Users | Active Users on the side navigation bar. There are also direct links for adding, deleting, and editing users, and resetting passwords.

We'll go into more detail on the functions available in the Active Users area when we cover the side navigation bar, and even more in Chapter 3, Administering Azure Active Directory.

Billing

This component takes you directly to the Subscriptions link area under Billing | Subscriptions. It's important to note that the subscriptions you see here are the ones you've ordered directly from Microsoft. If you're purchasing Office 365 through a partner, you might not see anything here.

Some Office 365 customers purchase services through Microsoft, and others through the partnership Cloud Solution Provider (CSP) program. Some do both. If you buy any subscriptions from Microsoft, you'll see them under Billing, but any that you buy through a reseller will only appear in Licenses.

There are levels of administrator access that give you the ability to use the portal to maintain services, but not to interact with the financial end. If your level of administrator access doesn't give you billing access, you might not see this dashboard component.

Office software

It might seem strange to you that downloading Office software is an administrative component on the dashboard. Doesn't downloading your own software seem like something you do as a user, rather than as an administrator? The truth is, administrators are more likely to interact with the administration portal than they are with the Office 365 home page, where you'd normally find your software download link.

Clicking on the name of the component takes you to the my software download page, which you'd otherwise access via the Office 365 end user home page. It's not part of the administration portal at all at that point. But there are also links on the component for various administrative functions that have to do with Office software installation:

Install my software

: This is, confusingly,

not

the link that takes you to a place to install your own software. It's actually a link for setting up manual deployment of software for the users in your company. If there are any issues with internet speed (or worse, metering) at the physical offices where your users work, we highly recommend following the instructions here to perform a manual deployment, as it lets you get away with performing the download once

, 

rather than once per user. That's outside of the scope of this book, but Microsoft provides instructions right on the

Manually deploy user software

popup.

Share the download link

: This opens an email in your default mail client, which has the link to the Office software download page in it.

Software download settings

: Here, you can exert some control over what software your users can install for themselves. At one point, the options included Office 2013 products, but they've been discontinued for most customers as of February 2017:

For PC, you can choose to block or allow the Office suite as a whole, the extra products that don't come with the Office suite (

Project and Visio)

, SharePoint Designer, and standalone Skype for Business. You can also choose whether your users get upgrades to Office every month or every 6 months.

For macOS, you can block or allow Office itself, additional Office applications that need separate downloads, and Skype for Business.

Troubleshoot installation

: This opens a link on Microsoft's

Office 365 Admin Help

, covering how to deal with installations gone wrong.

Domains

This component takes you to the same place as Setup | Domains on the left-side navigation pane. The direct link options are Add a domain, Delete a domain, Edit a domain, and Check health, which checks on the DNS status of the domains you own.

It's a good idea, if you're not frequently looking at the advanced DNS options in your domain name provider, to occasionally check your DNS health. We've seen DNS entries that were placed when a domain was first migrated disappear from the clients' domain name provider, on occasion. This is particularly likely if your company has just migrated to a new provider or brought on a new website host, or has undergone other circumstances that could lead to changes to your domain. Office 365 is pretty robust, and in many cases, it will continue to work if domain name entries are wrong; but it won't necessarily work well.

More detailed information on how to configure DNS is covered in Chapter 3, Administering Azure Active Directory.

Support

The header of this component is not a link, and it won't do anything when you click on it. The options provided are New service request and View service requests, both of which can be accessed from the side navigation pane, under Support.

Windows 10 Upgrade

You'll see this component if your company has purchased any licenses for Windows 10 through the Windows 10 Enterprise E3/E5 subscription model. This is another component where the header itself doesn't go anywhere. The options within are Install Upgrade, Share the download link, Create installation media, and Troubleshoot installation. Except for Share the  download link, which creates an email the same way the similar function did under Office software, all of these link to locations on Microsoft's websites and will take you out of the administration portal.

The functions of this component can't be accessed through the side navigation pane.

Videos

This component displays quick links to Microsoft training videos for various functions in the administration portal. If your company is a Microsoft partner or has purchased training services from Microsoft, you might see this as a component that invites you to train yourself or your end users; if that's the case, the material that's normally under Videos will be under Train yourself. For most tenants, however, what you'll see is the Videos component.

Message center

This is, sadly, more important than you might realize. Microsoft has, in recent years, been very assertive about shutting down software products, applications, and options that some businesses have come to rely on. The Message center is where announcements of new products and downgrades or retirements of older products will appear, and if you don't stay abreast of what Microsoft is doing, you might find yourself blindsided. The Message center is also accessible under Health | Message center in the side navigation pane.

Service health

When you click on this component, you'll be taken to the same place you could access from Health | Service health. It'll show you all of the Office 365 services and their health statuses, with incidents and advisories. The component will also allow you to jump directly to lists of incidents or advisories, with links that show how many services may be affected by either type of warning. Checking this on a regular basis is a good way to stay on top of issues with Office 365 before your users complain.

Setup guides

This component contains wizards, deployment advisors, and setup guides for various Office 365 products. Clicking directly on the header takes you to an overview page containing all of the wizards and guides. There's an option in the component and in the overview page called Setup guidance, which provides even more detailed guidance on setting up your Office 365 services, and there are direct links to the various setup guides and wizards that you can scroll through from directly within the component.

You'd expect that such extensive setup guidance would be accessible from the sidebar navigation, perhaps under Setup, but as of the time of writing, the dashboard component seems to be the only way to access this.

Active users

This shows a small version of the Active users graph from Reports | Usage (which is where you get to if you click on the header of this component), so you can get a sense of your company's Office 365 usage at a glance. The usage reports that you'll see upon clicking it show more detailed breakdowns of the various activities.

Dashboard summary

We've gone through the dashboard components that most administrators will see, but it's important to remember that these components change depending on what products your company has purchased, and Microsoft is also constantly changing its Office 365 offerings, expanding what's available, and occasionally pruning back older services. The dashboard I see today might not be one hundred percent identical to the dashboard you will see by the time this book reaches your hands, because this dashboard is one of the first places Microsoft will add new features to the administration portal, even before they're added to the sidebar navigation pane.

Now, let's turn our attention to the left sidebar. There's a lot of functionality in this navigation tree that can't be accessed any other way, and we'll go into a bit more detail on some of the functions we already touched on when they were also reachable from the dashboard.

The left sidebar navigation menu

Like many modern left sidebar navigation trees, this menu will collapse down to a narrow column of icons if you click the left-pointing carat on the right side of the bar, but the default on most browsers is for it to be full-sized. On mobile, you might find that it defaults to being minimized. (It's also small enough to be almost unreadable on a phone. I'd recommend that if you're going to be using mobile devices to access administrative functions more than occasionally, you should probably get the Office 365 admin app, available for iOS, Android, and Windows mobile. But a discussion of that app is outside the scope of this book.)

Users

The options under Users are Active users, Contacts, Guest users, and Deleted users.

Active users

There's a lot you can do in Active users, and you're going to be doing a lot of it. Interacting with your active users—adding new ones, disabling terminated ones, resetting passwords, and adding and removing licenses—is the bulk of the work that most Office 365 administrators do:

The top bar for Active users gives you the options to add a user, change which users you're viewing, search users, export your list of users to CSV, and other functions, available under the More drop-down menu.

Again, the options you see here may vary, depending on what products you have (you won't see an option for Directory synchronization if you're not syncing Office 365 to Active Directory, for instance).

The most common activities are adding a user and resetting passwords (particularly if you don't sync to Active Directory), but a dynamic, quickly changing company may also have a lot of setting licenses to do. We'll go over those functions and how to work with the views of your users (a vital skill, if you're a large company with a lot of users) in some detail. Most of the other functions are fairly self-explanatory.

We'll go over much of this information again in Chapter 3, Administering Azure Active Directory, drilling down into PowerShell and some of its more obscure details.

Adding a user

To add a user, you'll enter the user's First name and Last name, and this will assemble the Display name by default. If you want the display name to be something different than the first and last names, change it after it populates by default; this won't affect the first or last names:

Most instances of Office 365 have more than one domain, but usually, one's the real domain, and one's domain.onmicrosoft.com, which hardly anyone uses. In most Office 365 tenants, the default domain has been set to whatever your company usually uses for public websites and the like. However, there might be circumstances where a user needs to be assigned to a different domain name. Enter the username, and use the drop-down menu to select the correct domain name if the default isn't the right one.

It's important to select a location if it hasn't prepopulated for you. You won't be able to add licensing until the location is set.

Whether you fill out the contact information or not is probably a matter of your company's policy. It won't affect a user's capabilities if you don't do it, but if you do, that information will be carried into Exchange and SharePoint, so it won't need to be reentered in the global address list or user profiles:

The options for setting the password include either autogenerating it and emailing it to the email you choose upon completion of the new user task, or creating it manually by yourself. For either option, you can force the user to change it when they sign-in, or allow them to continue to use it.

Most users will be assigned User (no administrator access), and most IT staff who need administrative access will probably be assigned Global administrator, but in a large organization, you may well want to use the Customized administrator setting to fine-tune which rights you grant.

Finally, you will need to set the licenses. You'll see a series of toggle switches that represent all of the licenses your company has available:

The last toggle is Create user without product license. While Microsoft labels this as Not recommended, it might be a perfectly reasonable thing to do if you're not the one with the authority to purchase extra licenses; get the user created without a license, and they'll be able to get into the Office 365 portal and set their new password while you're waiting for the purchasing people to acquire the license. (This is also what you're likely to do if you need to create a service account.)

You must set one of the toggle switches, or it won't allow you to create the user. So, if there are no available licenses, use the one that creates the user without a license.

After you're done, you'll get a window telling you the user's password (if it was autogenerated) and offering to email that password to the default address (usually yours, if you're the primary Office 365 administrator.)

Using the user panel

You can reset passwords, set licenses and roles, disable or enable Office 365 sign-in, add new aliases and change which email address is primary, and perform many other functions, via the user panel.

To access the user panel, simply click on an active user, and it'll open to the right.

A lot of these functions are very similar to the equivalent that you'd perform for new users. For example, resetting a password is just like setting it for the first time for a new user:

Assigning a license is just like assigning a license to a new user. But there are some functions that can be performed via the user panel that don't have an equivalent in the Add a user task:

Group memberships aren't something that you can assign in

Add a user

, because the mailbox needs to be provisioned before groups can be assigned. By clicking

Edit

under

Group memberships

in the user panel, you can add the user to a group, see the groups they're already in, and delete them from groups they are members of.

You can also change the sign-in settings. If you have an employee that's leaving the company at the end of the day, you can cut off their ability to sign in to Office 365 products without either deleting them or changing their password by simply setting their

Sign-in status

to

Sign-in b

locked

. (There will be more on this topic in 

Chapter 3

, 

Administering Azure Active Directory

.) This is especially useful if they're synchronized with Active Directory and it's handled by a different department, so you don't have the rights to change their password or delete them. You should note, though, that because this disables sign-in, it won't affect a user who is already signed in until that sign in expires. So it's not the best tool to use for the person who's being frog-marched out the door by security right now and might still be signed in on their personal tablet.

You can view the devices that a user has installed Office onto, and deactivate their installation. (Possibly a good idea to do to the home laptop of that employee in the previous example! However, you can only perform it on PC and macOS devices, not mobile ones, so you still can't get that tablet.) If an employee had a device stolen or destroyed, and they're at their five-device limit for Office installations, you can deactivate the lost device here, so that they can install it on their replacement device.

If you click the expanding carat for

Mail Settings

, you can directly work with mailbox permissions, email forwarding, litigation hold, auto replies, what apps the user is allowed to use to access email with, and whether they're in the global address list, without having to go into Exchange. (We'll go into what these options mean in more detail in 

Chapter 3

, 

Administering Azure Active Directory

and

Chapter 4

,

Administering Exchange Online – Essentials

.) There's also a direct link to Exchange, which will take you straight into this user's Exchange properties.

The expanding carat for

OneDrive Settings

gives you the option to get access to the user's OneDrive, which is very helpful if they're out of the office or have left the company, and there's important business information that they are storing in there. You can also turn external sharing to the user's OneDrive (meaning that the user can share with users outside of your company) on or off.

You can kick off a one-time sign-out event that kicks the user out of every instance of Office 365 they're signed into. This is useful if you're changing their username, or in the case of that employee being frog-marched out the door in the example. Oddly, though this has nothing to do with OneDrive; it's stored under the

OneDrive Settings

carat.

The direct links at the bottom let you edit the user's Skype for Business properties, or go directly to their multi-factor authentication settings.

Views

Views are covered in detail in Chapter 3, Administering Azure Active Directory, so we won't delve too deeply here. 

There's a default view that shows all users. If you have a small company, that might be fine. As soon as you have a large number of users (or accounts, such as service accounts that were assigned email addresses, external contacts who were invited as guest users, former employees, special-purpose administrator accounts, and so on), the list can get unwieldy. You may want to use one of the other default views, or create one of your own. See Chapter 3, Administering Azure Active Directory for more information on how to do this.

Import multiple users

Finally, the last function of the Active users page that we'll discuss is the Import multiple users function. If you have a moderately large organization and you are not planning to synchronize with AD, you might want to import a large number of users at the same time:

You get to this feature by clicking the More drop-down menu at the top of Active users. Download a CSV file to use as a template (you can choose one with just the headers, or one with sample user data, to help you understand how to format your users), enter all of your users into it, upload with the Browse button, and then click Verify to make sure your formatting is correct. Click Next and follow the prompts. You'll be able to set a sign-in status and choose product licenses on the next page, and then send the results to yourself or someone else. (Note that the passwords handled this way will be in plain text, so you may want to require your users to change their passwords as soon as possible.)

Other functions of the Active users page are fairly self-explanatory, such as Delete a user or Export. Let's move on.

Contacts

Contacts are email addresses from outside of your organization that are recorded in Exchange so that users can find them in the global address list:

It's easier to enter a contact than it is to enter a user—there are a lot fewer fields to fill out.

Display name and Email are the only required fields, although if you are going to use contacts heavily and need to be able to search for them with multiple criteria, you might want to fill in the other fields.

By default, contacts appear in the global address list, although you can exclude them with the Hide from my organization address list toggle. Contacts, as a concept, come from Microsoft Exchange, and are a means to include people from outside the company in distribution lists. They can also be included in Office 365 Groups, as of May 2017.

Guest users

Guest users, as a concept, are more closely related to SharePoint and OneDrive. A guest user has been granted access, via sharing, to a resource on SharePoint or OneDrive. They're only relevant if your organization allows external sharing.

A guest user will automatically be created if you create a sharing link for a specific email address within SharePoint or OneDrive. You can't create them here, but you can view and delete them.

Note that guest users don't have a presence in the global address list, and the same email address can't be both a contact and a guest user. If you have a need to give people who are frequently contacted by your users access to SharePoint and OneDrive while also having them as a global contact, and also having them on a list that automatically sends them and other people email, it might make more sense to use an Office 365 Group rather than a traditional distribution list, because members of those Groups can be both guest users and mail contacts at the same time.

Deleted users

Up to 30 days after you delete a user, they can be restored:

Use the Deleted users screen to see who has been deleted, export them if you need a CSV report, and restore them.

More vital information about the user recycle bin will be covered in Chapter 3, Administering Azure Active Directory. 

Groups

While there's more functionality for working with groups in the Exchange Administration Center, many of the most common functions have been made available directly in the Office 365 administration portal, under Groups.

The two headings you'll find here are Groups (yes, really, it's the same word) and Shared mailboxes.

Groups

There are four types of groups within Office 365: distribution lists, security groups, mail-enabled security groups, and Office 365 lists. There are also shared mailboxes, but they have their own heading. We'll discuss the differences in Chapter 4, Administering Exchange Online – Essentials:

When you click on any group, a panel will open (usually to the right) displaying its properties, and you can edit many of the properties right there.

Distribution lists and mail-enabled security groups primarily live in Exchange, so their panels offer direct links to Exchange, to do further editing there, if desired.

Office 365 Groups and regular security groups are accessible via the Exchange administration site, but the Office 365 administration portal is equally competent at handling them, so Microsoft hasn't bothered including those links on their panels.

Within Office 365, you can edit:

The name, description, ownership, and membership of a distribution list, and whether external senders are allowed.

The name, description, ownership, and membership of a security group.

The name, description, ownership, and membership of a mail-enabled security group, and whether external senders are allowed.

The name, description, ownership, and membership of an Office 365 group, whether external senders are allowed, and whether senders should be automatically subscribed. It'll display your privacy settings—that is, is the group public or private—but you can't edit them after creating a group.

For a new group, there's a lot less functionality for creation than there is for editing, and particularly for the traditional types of groups; distribution, security, and mail-enabled security groups can't have owners or members defined during creation, and Office 365 Groups can only define the owner at creation, if you're using the administration portal.

Shared mailboxes

You can edit a lot of the properties of a shared mailbox by using the shared mailbox panel when you click on one of the shared mailboxes on this page: