While there's more than one way to perform most administrative functions in Office 365, the majority of administrators will find that most tasks can be performed conveniently and easily by using the Office 365 administration portal. In this chapter, we're going to go through the different parts of the main portal, and very briefly touch on the functions of the individual administration sites accessible from the portal, since most of those are covered in other parts of this book.
The following topics will be covered in this chapter:
- The dashboard
- The left sidebar's navigation
- Administrative portals for individual services
You can access the administration portal from any Office 365 site, including the main site at https://portal.office.com, by clicking on the apps icon in the top-left corner that looks like a tic-tac-toe board to get your list of apps, and then selecting
Admin. But if you are going to be visiting the portal a lot, which is normal for anyone who has Office 365 administration as one of their general job duties, you might want to bookmark it directly. The direct link for it is https://portal.office.com/adminportal. However you choose to get there, the first thing you're going to see is the Office 365 administration dashboard.
Clicking on the apps icon opens your list of apps and allows you to access the portal by clicking on
The Office 365 administration dashboard
You cannot access everything that you can do in the Office 365 administration portal through the dashboard. On the left-hand side, there's a side navigation bar with expandable headings that grants access to the rest of the portal's functionality. There's also a heading at the bottom of the side navigation that shows all of the main administrative centers for Office 365. Those administrative centers will be covered in their own separate chapters.
Dashboard components aren't necessarily identical between tenants. For instance, the one in the preceding example has a section for
Windows 10 Upgrade, because this particular dashboard belongs to a tenant that has purchased a Windows 10 subscription product. My company's portal doesn't have the
Videos section, but rather, a
Train yourself section that shows links for training for admins and for end users.
We'll go over the components that you'd generally expect to find in most tenant dashboards.
You'll only see this dashboard component if you're using Active Directory (AD) synchronization, either to an Azure Active Directory or on-premises. This dashboard component quickly tells you when the last directory sync was done, when the last password sync was done, and if either of them had any errors. Clicking on this component takes you to the same place you'd get to via the side navigation bar if you clicked
Directory Sync Status.
You'll probably use
Users more often than any other component. The
Users dashboard component takes you to the same place as
Active Users on the side navigation bar. There are also direct links for adding, deleting, and editing users, and resetting passwords.
We'll go into more detail on the functions available in the
Active Users area when we cover the side navigation bar, and even more in Chapter 3, Administering Azure Active Directory.
This component takes you directly to the
Subscriptions link area under
Subscriptions. It's important to note that the subscriptions you see here are the ones you've ordered directly from Microsoft. If you're purchasing Office 365 through a partner, you might not see anything here.
Some Office 365 customers purchase services through Microsoft, and others through the partnership Cloud Solution Provider (CSP) program. Some do both. If you buy any subscriptions from Microsoft, you'll see them under
Billing, but any that you buy through a reseller will only appear in
There are levels of administrator access that give you the ability to use the portal to maintain services, but not to interact with the financial end. If your level of administrator access doesn't give you billing access, you might not see this dashboard component.
It might seem strange to you that downloading Office software is an administrative component on the dashboard. Doesn't downloading your own software seem like something you do as a user, rather than as an administrator? The truth is, administrators are more likely to interact with the administration portal than they are with the Office 365 home page, where you'd normally find your software download link.
Clicking on the name of the component takes you to the my software download page, which you'd otherwise access via the Office 365 end user home page. It's not part of the administration portal at all at that point. But there are also links on the component for various administrative functions that have to do with Office software installation:
Install my software: This is, confusingly, not the link that takes you to a place to install your own software. It's actually a link for setting up manual deployment of software for the users in your company. If there are any issues with internet speed (or worse, metering) at the physical offices where your users work, we highly recommend following the instructions here to perform a manual deployment, as it lets you get away with performing the download once, rather than once per user. That's outside of the scope of this book, but Microsoft provides instructions right on the
Manually deploy user softwarepopup.
Share the download link: This opens an email in your default mail client, which has the link to the Office software download page in it.
Software download settings: Here, you can exert some control over what software your users can install for themselves. At one point, the options included Office 2013 products, but they've been discontinued for most customers as of February 2017:
- For PC, you can choose to block or allow the Office suite as a whole, the extra products that don't come with the Office suite (Project and Visio), SharePoint Designer, and standalone Skype for Business. You can also choose whether your users get upgrades to Office every month or every 6 months.
- For macOS, you can block or allow Office itself, additional Office applications that need separate downloads, and Skype for Business.
Troubleshoot installation: This opens a link on Microsoft's
Office 365 Admin Help, covering how to deal with installations gone wrong.
This component takes you to the same place as
Domains on the left-side navigation pane. The direct link options are
Add a domain,
Delete a domain,
Edit a domain, and
Check health, which checks on the DNS status of the domains you own.
It's a good idea, if you're not frequently looking at the advanced DNS options in your domain name provider, to occasionally check your DNS health. We've seen DNS entries that were placed when a domain was first migrated disappear from the clients' domain name provider, on occasion. This is particularly likely if your company has just migrated to a new provider or brought on a new website host, or has undergone other circumstances that could lead to changes to your domain. Office 365 is pretty robust, and in many cases, it will continue to work if domain name entries are wrong; but it won't necessarily work well.
More detailed information on how to configure DNS is covered in Chapter 3, Administering Azure Active Directory.
The header of this component is not a link, and it won't do anything when you click on it. The options provided are
New service request and
View service requests, both of which can be accessed from the side navigation pane, under
You'll see this component if your company has purchased any licenses for Windows 10 through the Windows 10 Enterprise E3/E5 subscription model. This is another component where the header itself doesn't go anywhere. The options within are
Share the download link,
Create installation media, and
Troubleshoot installation. Except for
Share the download link, which creates an email the same way the similar function did under
Office software, all of these link to locations on Microsoft's websites and will take you out of the administration portal.
The functions of this component can't be accessed through the side navigation pane.
This component displays quick links to Microsoft training videos for various functions in the administration portal. If your company is a Microsoft partner or has purchased training services from Microsoft, you might see this as a component that invites you to train yourself or your end users; if that's the case, the material that's normally under
Videos will be under
Train yourself. For most tenants, however, what you'll see is the
This is, sadly, more important than you might realize. Microsoft has, in recent years, been very assertive about shutting down software products, applications, and options that some businesses have come to rely on. The
Message center is where announcements of new products and downgrades or retirements of older products will appear, and if you don't stay abreast of what Microsoft is doing, you might find yourself blindsided. The
Message center is also accessible under
Message center in the side navigation pane.
When you click on this component, you'll be taken to the same place you could access from
Service health. It'll show you all of the Office 365 services and their health statuses, with incidents and advisories. The component will also allow you to jump directly to lists of incidents or advisories, with links that show how many services may be affected by either type of warning. Checking this on a regular basis is a good way to stay on top of issues with Office 365 before your users complain.
This component contains wizards, deployment advisors, and setup guides for various Office 365 products. Clicking directly on the header takes you to an overview page containing all of the wizards and guides. There's an option in the component and in the overview page called
Setup guidance, which provides even more detailed guidance on setting up your Office 365 services, and there are direct links to the various setup guides and wizards that you can scroll through from directly within the component.
You'd expect that such extensive setup guidance would be accessible from the sidebar navigation, perhaps under
Setup, but as of the time of writing, the dashboard component seems to be the only way to access this.
This shows a small version of the
Active users graph from
Usage (which is where you get to if you click on the header of this component), so you can get a sense of your company's Office 365 usage at a glance. The usage reports that you'll see upon clicking it show more detailed breakdowns of the various activities.
We've gone through the dashboard components that most administrators will see, but it's important to remember that these components change depending on what products your company has purchased, and Microsoft is also constantly changing its Office 365 offerings, expanding what's available, and occasionally pruning back older services. The dashboard I see today might not be one hundred percent identical to the dashboard you will see by the time this book reaches your hands, because this dashboard is one of the first places Microsoft will add new features to the administration portal, even before they're added to the sidebar navigation pane.
Now, let's turn our attention to the left sidebar. There's a lot of functionality in this navigation tree that can't be accessed any other way, and we'll go into a bit more detail on some of the functions we already touched on when they were also reachable from the dashboard.
Like many modern left sidebar navigation trees, this menu will collapse down to a narrow column of icons if you click the left-pointing carat on the right side of the bar, but the default on most browsers is for it to be full-sized. On mobile, you might find that it defaults to being minimized. (It's also small enough to be almost unreadable on a phone. I'd recommend that if you're going to be using mobile devices to access administrative functions more than occasionally, you should probably get the Office 365 admin app, available for iOS, Android, and Windows mobile. But a discussion of that app is outside the scope of this book.)
The options under
Guest users, and
There's a lot you can do in
Active users, and you're going to be doing a lot of it. Interacting with your active users—adding new ones, disabling terminated ones, resetting passwords, and adding and removing licenses—is the bulk of the work that most Office 365 administrators do:
The Active users panel
The top bar for
Active users gives you the options to add a user, change which users you're viewing, search users, export your list of users to CSV, and other functions, available under the
More drop-down menu.
Again, the options you see here may vary, depending on what products you have (you won't see an option for
Directory synchronization if you're not syncing Office 365 to Active Directory, for instance).
The most common activities are adding a user and resetting passwords (particularly if you don't sync to Active Directory), but a dynamic, quickly changing company may also have a lot of setting licenses to do. We'll go over those functions and how to work with the views of your users (a vital skill, if you're a large company with a lot of users) in some detail. Most of the other functions are fairly self-explanatory.
We'll go over much of this information again in Chapter 3, Administering Azure Active Directory, drilling down into PowerShell and some of its more obscure details.
To add a user, you'll enter the user's
Last name, and this will assemble the
Display name by default. If you want the display name to be something different than the first and last names, change it after it populates by default; this won't affect the first or last names:
Add a new user
Most instances of Office 365 have more than one domain, but usually, one's the real domain, and one's
domain.onmicrosoft.com, which hardly anyone uses. In most Office 365 tenants, the default domain has been set to whatever your company usually uses for public websites and the like. However, there might be circumstances where a user needs to be assigned to a different domain name. Enter the username, and use the drop-down menu to select the correct domain name if the default isn't the right one.
It's important to select a location if it hasn't prepopulated for you. You won't be able to add licensing until the location is set.
Whether you fill out the contact information or not is probably a matter of your company's policy. It won't affect a user's capabilities if you don't do it, but if you do, that information will be carried into Exchange and SharePoint, so it won't need to be reentered in the global address list or user profiles:
Password and role options
The options for setting the password include either autogenerating it and emailing it to the email you choose upon completion of the new user task, or creating it manually by yourself. For either option, you can force the user to change it when they sign-in, or allow them to continue to use it.
Most users will be assigned
User (no administrator access), and most IT staff who need administrative access will probably be assigned
Global administrator, but in a large organization, you may well want to use the
Customized administrator setting to fine-tune which rights you grant.
Finally, you will need to set the licenses. You'll see a series of toggle switches that represent all of the licenses your company has available:
The last toggle is
Create user without product license. While Microsoft labels this as
Not recommended, it might be a perfectly reasonable thing to do if you're not the one with the authority to purchase extra licenses; get the user created without a license, and they'll be able to get into the Office 365 portal and set their new password while you're waiting for the purchasing people to acquire the license. (This is also what you're likely to do if you need to create a service account.)
You must set one of the toggle switches, or it won't allow you to create the user. So, if there are no available licenses, use the one that creates the user without a license.
After you're done, you'll get a window telling you the user's password (if it was autogenerated) and offering to email that password to the default address (usually yours, if you're the primary Office 365 administrator.)
You can reset passwords, set licenses and roles, disable or enable Office 365 sign-in, add new aliases and change which email address is primary, and perform many other functions, via the user panel.
To access the user panel, simply click on an active user, and it'll open to the right.
A lot of these functions are very similar to the equivalent that you'd perform for new users. For example, resetting a password is just like setting it for the first time for a new user:
The user panel
Assigning a license is just like assigning a license to a new user. But there are some functions that can be performed via the user panel that don't have an equivalent in the
Add a user task:
- Group memberships aren't something that you can assign in
Add a user, because the mailbox needs to be provisioned before groups can be assigned. By clicking
Group membershipsin the user panel, you can add the user to a group, see the groups they're already in, and delete them from groups they are members of.
- You can also change the sign-in settings. If you have an employee that's leaving the company at the end of the day, you can cut off their ability to sign in to Office 365 products without either deleting them or changing their password by simply setting their
locked. (There will be more on this topic in Chapter 3, Administering Azure Active Directory.) This is especially useful if they're synchronized with Active Directory and it's handled by a different department, so you don't have the rights to change their password or delete them. You should note, though, that because this disables sign-in, it won't affect a user who is already signed in until that sign in expires. So it's not the best tool to use for the person who's being frog-marched out the door by security right now and might still be signed in on their personal tablet.
- You can view the devices that a user has installed Office onto, and deactivate their installation. (Possibly a good idea to do to the home laptop of that employee in the previous example! However, you can only perform it on PC and macOS devices, not mobile ones, so you still can't get that tablet.) If an employee had a device stolen or destroyed, and they're at their five-device limit for Office installations, you can deactivate the lost device here, so that they can install it on their replacement device.
- If you click the expanding carat for
Mail Settings, you can directly work with mailbox permissions, email forwarding, litigation hold, auto replies, what apps the user is allowed to use to access email with, and whether they're in the global address list, without having to go into Exchange. (We'll go into what these options mean in more detail in Chapter 3, Administering Azure Active Directory and Chapter 4, Administering Exchange Online – Essentials.) There's also a direct link to Exchange, which will take you straight into this user's Exchange properties.
- The expanding carat for
OneDrive Settingsgives you the option to get access to the user's OneDrive, which is very helpful if they're out of the office or have left the company, and there's important business information that they are storing in there. You can also turn external sharing to the user's OneDrive (meaning that the user can share with users outside of your company) on or off.
- You can kick off a one-time sign-out event that kicks the user out of every instance of Office 365 they're signed into. This is useful if you're changing their username, or in the case of that employee being frog-marched out the door in the example. Oddly, though this has nothing to do with OneDrive; it's stored under the
- The direct links at the bottom let you edit the user's Skype for Business properties, or go directly to their multi-factor authentication settings.
Views are covered in detail in Chapter 3, Administering Azure Active Directory, so we won't delve too deeply here.
There's a default view that shows all users. If you have a small company, that might be fine. As soon as you have a large number of users (or accounts, such as service accounts that were assigned email addresses, external contacts who were invited as guest users, former employees, special-purpose administrator accounts, and so on), the list can get unwieldy. You may want to use one of the other default views, or create one of your own. See Chapter 3, Administering Azure Active Directory for more information on how to do this.
Finally, the last function of the
Active users page that we'll discuss is the
Import multiple users function. If you have a moderately large organization and you are not planning to synchronize with AD, you might want to import a large number of users at the same time:
Import multiple users
You get to this feature by clicking the
More drop-down menu at the top of
Active users. Download a CSV file to use as a template (you can choose one with just the headers, or one with sample user data, to help you understand how to format your users), enter all of your users into it, upload with the
Browse button, and then click
Verify to make sure your formatting is correct. Click
ext and follow the prompts. You'll be able to set a sign-in status and choose product licenses on the next page, and then send the results to yourself or someone else. (Note that the passwords handled this way will be in plain text, so you may want to require your users to change their passwords as soon as possible.)
Other functions of the
Active users page are fairly self-explanatory, such as
Delete a user or
Export. Let's move on.
Contacts are email addresses from outside of your organization that are recorded in Exchange so that users can find them in the global address list:
It's easier to enter a contact than it is to enter a user—there are a lot fewer fields to fill out.
Display name and
By default, contacts appear in the global address list, although you can exclude them with the
Hide from my organization address list toggle. Contacts, as a concept, come from Microsoft Exchange, and are a means to include people from outside the company in distribution lists. They can also be included in Office 365 Groups, as of May 2017.
Guest users, as a concept, are more closely related to SharePoint and OneDrive. A guest user has been granted access, via sharing, to a resource on SharePoint or OneDrive. They're only relevant if your organization allows external sharing.
A guest user will automatically be created if you create a sharing link for a specific email address within SharePoint or OneDrive. You can't create them here, but you can view and delete them.
Note that guest users don't have a presence in the global address list, and the same email address can't be both a contact and a guest user. If you have a need to give people who are frequently contacted by your users access to SharePoint and OneDrive while also having them as a global contact, and also having them on a list that automatically sends them and other people email, it might make more sense to use an Office 365 Group rather than a traditional distribution list, because members of those Groups can be both guest users and mail contacts at the same time.
Up to 30 days after you delete a user, they can be restored:
Deleted users screen to see who has been deleted, export them if you need a CSV report, and restore them.
More vital information about the user recycle bin will be covered in Chapter 3, Administering Azure Active Directory.
While there's more functionality for working with groups in the Exchange Administration Center, many of the most common functions have been made available directly in the Office 365 administration portal, under
The two headings you'll find here are
Groups (yes, really, it's the same word) and
There are four types of groups within Office 365: distribution lists, security groups, mail-enabled security groups, and Office 365 lists. There are also shared mailboxes, but they have their own heading. We'll discuss the differences in Chapter 4, Administering Exchange Online – Essentials:
The Groups page
When you click on any group, a panel will open (usually to the right) displaying its properties, and you can edit many of the properties right there.
Distribution lists and mail-enabled security groups primarily live in Exchange, so their panels offer direct links to Exchange, to do further editing there, if desired.
Office 365 Groups and regular security groups are accessible via the Exchange administration site, but the Office 365 administration portal is equally competent at handling them, so Microsoft hasn't bothered including those links on their panels.
Within Office 365, you can edit:
- The name, description, ownership, and membership of a distribution list, and whether external senders are allowed.
- The name, description, ownership, and membership of a security group.
- The name, description, ownership, and membership of a mail-enabled security group, and whether external senders are allowed.
- The name, description, ownership, and membership of an Office 365 group, whether external senders are allowed, and whether senders should be automatically subscribed. It'll display your privacy settings—that is, is the group public or private—but you can't edit them after creating a group.
For a new group, there's a lot less functionality for creation than there is for editing, and particularly for the traditional types of groups; distribution, security, and mail-enabled security groups can't have owners or members defined during creation, and Office 365 Groups can only define the owner at creation, if you're using the administration portal.
You can edit a lot of the properties of a shared mailbox by using the shared mailbox panel when you click on one of the shared mailboxes on this page:
The Shared mailboxes page
Using this panel, you can edit the name, email, email aliases, forwarding, auto-replies, litigation hold status, membership, and other settings, such as whether sent items get copied to the mailbox, whether the mailbox is in the global address list, and so on. You can also delete the mailbox, go directly to Exchange administration to work with the mailbox, or read about how to use
Shared mailboxes in Outlook:
The shared mailbox panel
Again, there's a lot less functionality for actually creating mailboxes. You can set the name and the email address, and that's all. For all other properties, you'll need to wait for it to be created, and then edit it.
The next heading on the side navigation bar is
Resources. The three subheadings are
Rooms & equipment,
In Exchange, you can assign a room or a piece of equipment (for example, a projector) to a meeting by giving it an email address:
Rooms and equipment
To enter a room or equipment, you click
Add and choose which one—
Equipment. You then fill out the name and the email address you're assigning to it (it would also be a good idea to fill in the capacity, location, and phone number).
Rooms can be abstract entities; my company, for instance, has no physical conference rooms, but we assign conferencing vendors, such as GoToMeeting and WebEx, as rooms.
The panel for editing a room allows you to edit the same things you set when you created the room, but it also allows you to set whether repeated meetings are allowed, whether automatic processing (inviting a room to a meeting automatically reserving the room without requiring human intervention) is allowed, and who's a delegate for the room (the person who receives the room's email; also, the person who can choose to reject a booking for the room). There's also a direct link to the settings in Exchange.
Sites page displays all SharePoint site collections in the tenant (excluding individual OneDrive sites), and shows what type of sharing is allowed (that is, no external sharing, new and existing external users, or anonymous guest links allowed). You can edit the type of sharing here.
If you choose
Add a site, you jump to the SharePoint management portal, to the page for creating a new site collection. That's outside the scope of this chapter, but is covered in Chapter 6, Administering SharePoint Online.
This entry seems to be purely vestigial. Office 365 hasn't allowed new public websites to be created in several years, and as of this writing, Microsoft is planning to eliminate all the existing ones at the end of March 2018. Don't be surprised if, by the time you are able to buy this book, this entry has disappeared entirely.
In many organizations, the people who handle the billing aren't the site administrators; responsibilities are often divided between finance and IT departments. If that's your position, you'll probably only ever need to touch the subheadings
Licenses; and possibly, not even
Subscriptions. Sometimes, though, particularly in small organizations, the person who manages Office 365 also manages the spending on it, so we'll cover the various parts.
This page is more to provide information than to be a place with things that you can edit or act on. It'll show your active product subscriptions (and when you click on one, it'll tell you how many licenses you have for it), expired subscriptions, disabled subscriptions, and deprovisioned subscriptions:
The Subscriptions page
Expired subscriptions will have run out 30 days ago (or less), and all of the data in them is still accessible; disabled subscriptions will have run out between 31 and 90 days ago, and the data in them can be accessed by an administrator, but not by the user. Deprovisioned subscriptions have had their data deleted. Often, a free trial your company might have used at one point will show up as a deprovisioned subscription.
You can add a subscription here. Clicking on
dd subscriptions takes you to the
Purchase services page.
If your company purchases directly from Microsoft, you'll see the invoices for your services on this page. You can use the drop-down menu to access
Last month, the
Past 3 months,
Past 6 months,
Past year, and
Specify date range quickly. If you want more detailed breakdowns or to view individual invoices prior to the last month, click on
View details. You can also view the invoices as PDFs:
If you purchase your Office 365 from a Microsoft partner through the CSP program, another reseller, or through a specialty program (for example, there is special handling for nonprofits, as well as annual purchases through MS Open), you will not see anything here. The
Bills page only shows Microsoft invoices.
If you purchase your licenses directly from Microsoft, your
Licenses page will show your products, the number of valid licenses you have for each product, the number of expired licenses (this includes disabled licenses, but not necessarily deprovisioned ones), and the number of licenses assigned, with a prompt to assign licenses if you have unassigned ones, or unassign licenses if you don't have enough. There will also be a link for each product, to allow you to buy more:
If you purchase through a CSP partner or another distribution program, you won't see the prompts to assign, unassign, or buy now. Your distributor or Microsoft partner handles that; you should contact them for more licenses. Instead, you may see a link directing you to contact information for your Microsoft partner.
Even if you generally purchase your licenses through a CSP partner or reseller, Microsoft will still offer you the chance to buy products directly from them on this site.
Believe us when we say that this creates no end of opportunities for confusion.
Avoid doing this. If your company's buying through a distributor or CSP, you are probably getting a better deal than what Microsoft offers directly. They've actually rigged the incentives so that distributors can offer a better deal than they do, because they'd rather that partners and distributors do the selling; Microsoft isn't famous for its keen interest in support and customer service for large numbers of individual consumers and small business users:
Purchase services page
Of course, if you are purchasing directly from Microsoft, there's no reason not to use this site to purchase products, as long as whoever authorizes spending in your company has given you the OK.
Each carat by a suite listing (such as
Small Business Suite,
Dynamics 365 Suite, and
Other plans) expands so that you can see the full listing of all the products for sale in that category. Most products require an annual commitment if you're buying from Microsoft, so be sure you've got funding secured for a full year.
Regardless of whether your tenant shows invoices to view (meaning that you purchase some services directly from Microsoft) or not, you'll have a list on this page of everyone that's authorized to receive billing statements. Whether the billing statements will be directly attached to the emails or not is a switch you can toggle
Billing notifications page
You cannot directly add to this list; it's a list of all global and billing administrators, and any custom administrator that contains billing administration rights. However, by clicking on a user in this list, you can change what administration rights they have, which can effectively delete them from the list if you downgrade their rights.
There are two styles of
Supportscreen that you might see, depending on if Microsoft has rolled out their newer Support UI to your company or not. In one, clicking on
New service request or
View service requests takes you to a separate page; in the other, you get a right-side pop-out panel, like all of the other pop-out panels you've encountered thus far. We'll touch on both, since how long it will take Microsoft to decommission the older version fully is not easily predictable.
Customer Lockbox feature comes with an Office 365 E5 plan automatically, and can be purchased as an add-on to any Enterprise plan. If your company has no such plans, you can safely skip this section. (However, this is one among many reasons that we recommend that every Office 365 customer purchase at least one E3 plan.)
When Microsoft support engineers answer service requests, they sometimes need to access your company's data. Without the
Customer Lockbox feature, they will access what they need as they need it, and will relinquish access after they're done; but you, the customer, will have no control of or knowledge of their access. With the lockbox feature, you receive an email telling you there's a customer lockbox request, and you log in to the page to approve or deny the request.
Customer Lockbox feature, if your tenant has a license that gives you access to it, can be turned on and off in
Security & privacy, under
Settings. More on that will follow.
Settings page covers a variety of different functions that apply to your organization and don't fit particularly well in any of the other subsections.
Services & add-ins page will show you a long, long list of various services and add-ins that an Office 365 administrator can activate or administer from this page. It's outside the scope of this chapter to go over them all; some will be covered in more detail in Chapter 13, Administering PowerApps, Flow, Stream, and Forms:
Services & add-ins
In the top-left corner, there's a button for uploading an add-in, which could be something purchased from a third party or created by developers in your company. The add-ins that you can deploy here are Office web add-ins that you can globally deploy for all users of Word, Excel, Outlook, and/or PowerPoint, in your company.
This is the page you use to set your Office 365
Password policy (options include the days before passwords expire and the number of days before a user is notified of imminent password expiration), the
Sharing settings (whether your users can add guest users—with this setting off, users cannot share with external users from OneDrive or SharePoint), and self-service password reset:
The Security & privacy settings
If your company has the
Customer Lockbox feature, this is also where you can turn it on or off.
DirSync errors report shows all objects that are experiencing a conflict in DirSync. In our experience, many of these errors are false alarms, or at least not particularly serious. However, keep in mind that all high-level admins will get emails alerting them to their (continued) existence. These issues are caused when properties that are supposed to be unique—for example, the
UserPrincipalName—are assigned to more than one record. A common cause of this would be the existence of a mail contact within a distribution group with the same email as a guest user. Clicking on the object in error will give you more details on how to resolve the error.
Here is where you keep information about your company, including the email address of the technical contact, up to date. In small companies, it's often the case that the CEO or owner of the company assigned themselves as the technical contact when the Office 365 tenant was created, and later, they ended up flooded with error messages that clogged their inbox and should have been going to IT, anyway. You can fix that issue here:
The Organization profile page
There are other settings that affect your organization here. You can decide what the release schedule for your company will be: Will you get the new Microsoft releases of Office 365 updates as soon as they come out? Will you get them when Microsoft pushes them out to everyone? Or, will you choose a few users to bravely go where no user has gone before, so that they can break what no one has broken before, and advise everyone else accordingly?
There are settings here for managing custom themes, custom tiles, and custom help desk information, as well, and you can find out what continent your data centers are on.
If you purchase Office 365 from Microsoft and you don't have any Microsoft partners that you're working with, this page will be blank. Distributors, CSPs, partners of record, and other Microsoft partners that you may have granted delegated administration privileges to, will be listed here:
The Partner relationships page
You can look up your Microsoft partner's phone number and email address. If, for some reason, you need to move on, you can remove them from delegated administration access.
There are actually many more setup-related pages available than Microsoft makes available in the
Setup heading of the sidebar navigation. It might be that Microsoft will eventually make those available in the sidebar, as well; as of right now, you can access the others through the dashboard component setup guides, discussed at the beginning of this chapter. The ones that you can access through the sidebar as of this writing are
Products page is actually very similar to the
Licenses page, but much more user-friendly and attractive. It displays the products your company is subscribed to, with icons showing what applications those products entitle you to. (Sometimes, the same application has multiple licensed products that can apply to it; for example,
Audio Conferencing and
Domestic Calling Plan both apply to Skype for Business. And many products offer multiple applications within; any Office plan that includes software will include Word, Excel, PowerPoint, and Outlook, for example.):
The Products page
As with the
Licenses page, it'll show you how many licenses you have, how many are free to be used, and what their status is, and will give you the opportunity to assign licenses if some are free, or buy more if none are. Disabled and deprovisioned products won't show in this view. Note that
Buy more just takes you to the
Subscriptions page and
Assign licenses takes you to
For most companies, you're only likely to engage with the initial setup of domains once or twice, and if you're coming on board to administer an existing Office 365 site that's already been set up with the company domain, you might never need to touch this page.
Because having a domain is very important to how your users are provisioned, we'll cover setting up a domain in detail in Chapter 3, Administering Azure Active Directory.
Data migration page shows various common email providers that you might be migrating data from, as well as giving you a convenient link for uploading a PST file.
There are also many guides of various types for onboarding onto and migrating to various Office 365 services, such as SharePoint, Teams, OneDrive, and so on, and detailed instructions for migrating from Gmail.
If this is your very first experience with Office 365, quite probably, you'll want to skip the extra helping of antacids and get the assistance of a Microsoft partner to help you make the switch. Microsoft partners will bring the experience of many different migrations for many types of organizations, and will have the tools and processes needed to make your transition to Office 365 a smooth one.
The reports that are available here are
Usage and, under the heading
Security & compliance,
DLP (DLP stands for data loss prevention) reports. The more detailed security and compliance reports, such as protection and auditing, have moved to other areas, and we'll cover them in later chapters.
Usage reports show an overview of the usage of some of the most important online components of Office 365 (such as Exchange, OneDrive, SharePoint, and so on) for
90 days, or
180 days, followed by detailed bar charts of various types of activities within those components (for example, the charts for Exchange track messages sent, received, and read, separately):
Usage reports page
These are the effective ways to track user adoption and see if there are any issues that need addressing. (If there's very little content on your company's main SharePoint team site, and yet usage and the number of files are unusually high, there may be a site collection that someone else created and is using that isn't being tracked by your centralized governance, for instance.)
The protection reports that were at one point under this heading have moved to the
Security & Compliance center, and will be discussed in Chapter 8, Understanding Security and Compliance. The auditing reports have moved to the Exchange administration center, and will be discussed in Chapter 4, Administering Exchange Online – Essentials. What's left are reports on
Rules and the
The Security & compliance page
Rules are created in Exchange, and the
DLP policies are created in the
Security & Compliance center, so they will be discussed in more detail in the future chapters mentioned in the preceding paragraph. The reports are on the number of rule and DLP policy matches that have passed through your Office 365 systems within 7, 14, or 30 days, or a custom date range.
Under all of the components within the administration portal, there are a number of additional portals for administering specific services, under the expandable heading
It's outside the scope of this chapter to go into any detail regarding those administrative centers; most are covered within their own chapters. (Note that this screenshot comes from a tenant which also has
Dynamics 365 and
Intune; neither of those are within the scope of this book, as neither are technically a part of Office 365. Intune is part of Windows Azure, and Dynamics 365 is its own separate product. Azure AD, despite the name, is part of Office 365, as well as Azure.)
In this chapter, we went over all of the components of the Office 365 administration portal, demonstrating what you can do with these components, and, in many cases, why you would want to use them. We drilled down into the detailed functionality of the most commonly used components. We also briefly touched on the various other administration centers that one can access via this portal, and listed the chapters in which you can expect to find more detailed information about those specific portals.
One thing that we have not done is discuss performing administrative tasks with PowerShell. Many of the functions that can be performed on this portal can also be done in PowerShell. A detailed description of how to use PowerShell to administer every possible Office 365 function is outside the scope of this book, but the next chapter will explain how to connect to Office 365 using PowerShell, and will give a general overview of the functionality that PowerShell covers.