You’ve made it to the final admin lesson of this course! You may be thinking Azure? I thought this was Office 365. As you may have surmised, every Office 365 environment has an Azure AD environment as well. Just like on-premises, this is where all your users, security groups, conditional access and that “under the covers” security is.

So, let’s jump into today’s lesson.

Azure AD

This link takes you to to the Azure portal as you might suspect. And more specifically displays the following three services: Azure Active Directory, Users, and Enterprise applications. There are a lot of options in Azure AD and the whole navigation is configured differently than in the standard Office 365 admin portals. This is something I will definitely provide a video for in the future, but for now, you’re going to have to deal with some text. Think of this as everything related to identity and management of users and devices within Office 365. What you have available to you also varies based on your Azure AD license; the default Office 365 license, Azure AD Premium Plan 1, or Azure AD Premium Plan 2.

In Azure AD, you can (but aren’t required to) manage users, passwords, and licenses. However, this is also where you can configure additional settings such as conditional access and MFA. It also has audit logs, reports on risky sign-ins and users flagged for risk. Additional you can do some configuration of Mobility (MDM and MAM), company branding of your Office 365 sign in page and even Application Proxies to on-premises applications.

Azure AD is one of those places that you’ll definitely want to venture into for doing more advanced management of Security, Users, Devices, and Applications. However, if you are a small company and just doing basic Office 365 Administration, you’ll rarely, if ever, have to even deal with Azure AD. In fact, there are companies that are still surprised when they find out they have Azure AD automatically as a part of their Office 365 environment.

Role-based administration

So…you’ve seen all the admin centers, what if you don’t want people to have access to all of them? You want your Exchange Admin to only have access to Exchange. And same with your SharePoint Admin and Skype for Business Admin? Fortunately, Microsoft has role-based administration in Office 365. If you select a user in your environment and click on Edit next to Roles you have an option for a Customized administrator. As you can see in the screenshot, that option gives you several options for various admin roles you can grant a user. This limits not only what they can do in the Office 365 Admin center (and the other admin centers we just covered), but also limits what admin centers they can even see. So, as you have users with various admin roles within your organization, PLEASE, don’t make them all global admins. Leverage these admin roles to let them perform only the tasks they need to.


Wow! You made it! We do have one more lesson to go, but it won’t be nearly as intense as the last 12 have been. The final lesson will be focused on where to go from here and other resources that will help you continue learning all about Office 365.