In our previously written blogposts, we discussed a series of Microsoft office365 for Business setup for Cybersecurity professionals, and system administrators who use Microsoft office365 related products such as passkeys, in their various office and infrastructure.
The goal of these previously written articles was to create a deeper knowledge on passkey and passkey implementation, while walking the readers, through a step by step approach, on setting up various passkey configurations, that is inclined towards the type of Microsoft office365 service they make use of or implement in their Microsoft EMAIL facilities.
However, in this article we will describe to you the methodological approach in adding users in office365 for business. This approach includes indicating various admin roles that exist in office365 you could assign each user in your organization, which certainly would make your security event management an easy one, while reducing cost and boosting efficiency.
Office365 for Business widely known, offers a custom domain integration into the platform for subscription based licenses. It also allows the Global Administrator, to add users who work for the organization, assign various roles to these users in the admin centre, create groups, and access Entra-ID (Azure) related services and configurations.
In order to create these new users, and assign roles to them in office365 for business, here is:
HOW TO ADD USERS IN OFFICE365 FOR YOUR ORGANIZATION:
STEP-1: Accessing Admin Center.
The Office365 Global Administrator has to first, login into the Admin Center, and then select the “Admin” menu. (See Image Below).
STEP-2: Locating Admin Portal.
The administrator should then be able to view the “Admin Portal”, to access the various admin settings. While in the “Admin Portal” the administrator can choose any of the “Add User” menu located on the “Home” dashboard (See Image Below From Left to Right).
STEP-3: Adding A User in Office365.
Upon selecting the “Add User” menu, a pop-window will appear to fill in the user’s details and assign the domain you want them to be on. In this case, we want the new user to be on the domain name “fixitgearware.com”. So, we select the domain name for FixitGearWare. (See Image Below From Left to Right).
Also, in the image on the right (See Image Below on the Right), you can see we selected the “Send password to email upon completion.” Here we have to add the email address of the user we just created, so they can get their credentials delivered into the inbox.
If the administrator wishes to also have this information, they can add additional email addresses separated with a semi-colon and click “Next” button. (See image on the left). Microsoft accepts only a maximum of five (5) emails to be added in this textbox.
STEP-4: Assigning Product License.
When the button “Next” is clicked from the previous step “STEP-3”, a new pop up will appear. This pop-up, request information of the new user added, such as “Set Location” existing license, and other information as shown in the image. (See Image Below).
As the administrator, if you want this users to be able to use Microsoft office365 product or applications such as Word, PowerPoint, SharePoint etc. then you need to select the radio button “Assign user a product licence”, and then tick the check box which has the “Microsoft 365 Business Standard.” This is because we do not wish to upgrade this user to use the “Microsoft 365 Business Premium.”
In addition, the Microsoft 365 Business Standard.” licence price, doesn’t come with all applications such as (Intune), thereby saving cost. Of course, you don’t want everyone to be responsible for administering an EDR in your organization except you the Global Administrator (Only the current Administrator account runs Microsoft 365 Business Premium).
In this demo, since we just want to walk you through adding an organization user Microsoft office365, we will be selecting “create user without product licence (not recommended)”, and the click the “Next” button.
STEP-5: Accessing Optional Settings and Assigning User Roles.
By clicking the “Next” button, from the previous step “STEP4”, you should see a new form called “Optional Settings” in this new form, we can then see various “Admin Center” access we want this new user to have. Also, we can view these “Optional Settings” by “Category”, by clicking the “Show all by Category” menu (See Images Below From Left to Right).
Under this section, we can then see the following “Show all by Category” “menu” and their sub-menu such as:
- Collaboaration.
- Devices.
- Global.
- Identity.
- Other.
- Read Only.
- Security & Compliance.
To understand what each of these access and roles mean, click the “I” button next to that specific role. Although the information displayed here is short, we would advise, you read a more detailed information about them from Microsoft Blog, in other to have a deep understanding of each role.
However, for this demonstration, we do not want this user to have access to the “Admin Center”. Therefore, we would be selecting the “User (no admin center access)”, and then click on the “Profile Info” menu to fill the new user’s information. This part is very important for the administrator, as it helps you to track the staff information, team members in your organization, and their various roles.
Fill the information and details where necessary, and then click on “Next” button. The information filled in the form would appear for reviewing purposes. If all information are accurate as filled in the form, then click the “Finish Adding” button. , (See image below from left to right).
STEP-6: Completing User Registration and Creating Templates.
Upon clicking the “Finish Adding” button, as described in previous step (STEP-5), we should see a form indicating success. (See image below from left to right). Office365 would then suggest that the configuration should be saved as a template, do create a template if you have larger team members you work with. This makes it easier for you to setup a new user account, without the need to go through the rigorous steps of selecting the category and role you want them to have.
Once, you created this template, each time you create a new user you want them to have the same settings as the previous user created, you just select the template, and all settings would be integrated, saving you time and stress. Although, we did not assign an “Admin Center” role to this user created, we certainly created a template. So, let’s say the next user to be created, we do not want them to have admin access, we just select the template, and every settings would be automatically configured to that new user (See image below from left to right).
Furthermore, if there are other admins who manage users, and you want them to have access to this newly created template, we can check the box “make this template available………” , fill the information that you want the template to be identified as (See image below from left to right).
STEP-7: Saving Templates Created.
On filling the template information, the administrator is then required to click the “Save as template” button. The form will display a notification, that the template has been saved, and also if they still need to add new users, they can select the “Add another user” menu in this form. (See image below from left to right).
STEP-8: Accessing Entra-ID Admin Panel.
We want the new users who are created, be able to reset their own password by themselves, therefore the administrator needs to turn on Microsoft “Entra-ID”. This configuration would be implemented for all “Active Users (users whose account haven’t been deleted)”. Upon turning this feature on, the button should then go from blue in colour, to grey in colour and then redirect the administrator to Entra-ID dashboard. (See image below from left to right).
STEP-9: Creating Password Reset Policy for All Users.
When the administrator is redirected to “Entra-ID” dashboard, they have the choice, to either implement this password reset to a “Selected” users which is categorized in “Groups” or the administrator selects “All” menu, to enable password reset for all users in their organization.
In the Entra-ID panel, the administrator can also check other “Entra-ID” configurations and settings. (See image below from left to right).
STEP-10: Saving Password Policy on Entra-ID.
When the administrator, has selected the “All” menu, the administrator can then click the “Save” button, and a notification on the “password reset policy” should be seen onscreen by the administrator.
The administrator can then navigate back to the “Admin Portal” to verify that this new user has been created. It is important to note, that the “Admin Center or Portal” is different from “Entra-ID portal”. (See image below from left to right).
STEP-11: Resetting Newly Created User Passwords.
During the registration of the new user, the default password is provided. However, if the administrator forgets to keep the record for themselves, they can select the particular user, and reset the user’s password.
The administrator can then click on the checkbox “Email the sign-in info to me”, add their own email address, the user email address separated by a semicolon, and then click on the “Reset password” button. (See image below on the left).
When the reset has been done, the administrator should be able to see a notification, and of course view the new temporary password (See image below on the right).
STEP-12: Sending Email to Newly Created User, Requesting Password Change.
The newly created user, should be able to receive an email, indicating the necessary information they should carry out (See image below on the left).
Take notice of the “Sign in to Office 365” button in the message body. In that button, is embedded the newly created user’s ID. Once the user clicks on that button, the Microsoft login form auto-picks the email address, and just request them to enter their temporary password.
Also, in the address bar the unique ID is displayed as well. The user should then provide the temporary password received in the email, and then click the “Sign in” button (See image below on the right).
STEP-13: Newly Created User Changing Their Password.
A new form will pop-up, requesting the user to provide their “temporary password”, “New Password”, and “Confirm Password”. The user is expected to provide these information. Upon providing them, click the “Sign in” button. ”. (See image below from left to right).
IMPORTANT:
Ensure the newly created password, adheres to your organization password creation policy. If you have no idea the minimum requirements, and expected characters, contact the administrator, responsible for setting up this account.
STEP-14: Fulfilling Other Password Reset Requirements.
The use of Passkeys was enforced by Fixitgearware Security for all its users, to guarantee security. So, by default when the new user tries to sign into their account, they would be required to setup a passkey first, before being able to have access to the Microsoft office365. The user can then click the “Next” button (See image below from left to right).
STEP-15: Downloading Authentication App For Passkey Setup.
The user can then download the Microsoft Authenticator application, and then setup the passkey (See image below from left to right).
This summarizes the entire article series, and also guide you as a cybersecurity expert, or system administrator, in setting up a new user account for your organization. Microsoft Office365 for Business is quite a complex configuration to implement, and if we intend to have a full course on this in the future, we would certainly be informing you. Thanks for the read.
INTERESTED In Following The Entire ARTICLE SERIES? Click The Links Below:
- Passkeys: Microsoft and Google’s Role in Next-Gen Cybersecurity.
- Unlock Seamless Security: Setting up Passkey for Microsoft Account.
- How to sign in to your Microsoft Account Using Passkeys.
- Configuring Passkeys for your office365 Business Account.
- Office365 Domain Setup: Integrate MX and TXT Records with.
Put your comments below in the comment section on your thoughts about this.
Find this article and information helpful? Show some love and support “Click-Here”