Cloud identities & Managing Users and roles Flashcards
How do you set password complexity requirements in O365?
Set using PowerShell cmdlet • Must meet three of four complexity requirements ○ Lowercase characters. (a-z) ○ Uppercase characters. (A-Z) ○ Numbers (0-9) Symbols
What length should a password be?
8-16 characters
How do you set password expiration policies?
Through the O365 admin centre
By default what password configurations are set to off?
Configuration options (default)
○ Password never expires (off)
○ Password expiration timeframe (90 days)
○ Password expiration notification (14 days)
How do you reset password in O365?
- Reset through O365 Admin Center
- Can send new password to external email
- Require use to reset password on first login
What is a soft delete?
Accounts deleted remain in recycle bin for 30 days during this period the account can be reactivated.
What is a UPN?
User principle name is the name of a systems user in an E-mail address format.
What can an ObjectID be used for?
Used to manage group membership in PowerShell.
Used to add users to security groups.
Can’t use display or UPN.
How do you configure MFA in O365?
○ Enable a user level or bulk enable in Active Users
○ Configured by end-user next login after enabled
○ Even if you enable MFA its not enforced until the user has gone through the full set up process.
How do you retrieve all licenses types?
○ Get MsolAccountSku (For list of license types)
§ This will present a list of license types and the exact wording you will need to apply licenses to users
How do you add licenses to bulk imported users?
○ Add user licenses (UsageLocation must have value)
§ Set-MsolUserLicense -UserPrincipalName -AddLicenses
§ Get-MSolUser -UnLicensedUsersOnly | Set-MsolUserLicense-AddLicenses
How do you hard delete an account?
Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force
How do you retrieve soft deleted users?
Get-MsolUser -ReturnDeletedusers
Alternatively can be done through azure admin centre.
What is directory synchronisation?
- Directory synchronisation is the identity provisioning choice for enterprise customer moving to O365. Directory Synchronisation allows identities to be managed in on-premise AD and all updates to that identity are synchronised too O365.
- Azure AD connect is a solution to sync the On-premise objects to azure AD
What need to be prepared for Directory synchronisation?
• Attribute updates – Know the attributes that are going to Sync to Azure AD. It is recommended to leave the default selection when configuring the Azure AD Connect for Directory Synchronization. You should know how to stop a Sync of on
• Domain controller placement – It is obvious to keep the Directory Sync server on the site which has the DC. Determining the permissions required – Azure AD Connect requirement the below accounts
Determining the permissions required - Azure AD Connect requirement the below account:
• Planning for multi-forest/directory scenarios – Microsoft recommends to consolidate the multi forest into single forest before migrating Office 365.
• Capacity planning for Directory Sync – We need a server with decent configuration for directory Synchronization and normal hardware for SQL installation.
• Two-way synchronization – You to understand the write back options available and required for your organization.
By default, Hybrid exchange will write back below attributes from Azure AD to On-Premise AD