Demo: Configuring user settings

- [Instructor] In the last and final demo of this chapter configuring user settings, we will walk through the tenant level user settings available in Azure AD and make changes that are relevant to other organization. Now let's configure user settings at the tenant level. To do that I'll click on users on the left, and then over here, click on user settings. That should bring you to this page. Let's go through these settings in order. So the first setting here says user can register applications. This setting pertains to app registrations. Right now we do not have any plans of developing custom applications in house, so I'll select the no option over here. I do not want users to be registering any applications right now. Then the next setting here says restrict access to Azure AD administration portal. You see the default setting is no, I want to enable this because right now I do not expect any users requiring access to the Azure AD admin portal. Then the next setting is for LinkedIn account connections, I'll leave that to the default yes, and then you see, there are two links below that. Before we go to them, I'll save the settings we made so far by clicking on the save button on top, great. Now I'll click on the manage external collaboration settings link over here, so all the settings you see on this page pertain to access for guest users. Out of these three here the one selected is guest users have limited access to properties and membership of directory objects. This option is kind of balanced between the most inclusive and the most restrictive one. So leave that over here as default, scroll down a little bit. Now, do I want administrators and users in the guest invited all to be able to invite guests to our tenant? Yes. Do I want other members or other standard users to be able to invite guests? That will be no. Then do I want guests to be able to invite more guests? That is again going to be no. Then the next couple of settings are in preview right now. This setting enables guests to log in using an OTP. Do I want that? No, but to select it by default and then next, do I want guests to be able to self service sign up for our tenant using user flows? That's again, going to be no, which is already by default that's great. The last setting here at the bottom of this page defines the scope of guest invitations. Do I want guests to be invited from any domain or do I want to deny specific domain guests from being invited or do I want to only allow guests from specified domains? You can configure the setting according to what your needs are. Right now I'm going to allow guests from any domain into my tenant. Once I made these changes I'll go back up and click on the save button. Now let's go back to the user settings page, here I'll click on the last link which says manage user feature preview settings. I'm going to click on that. Now here I can select which users are allowed to use preview features. Currently it's set to none, which is great. I don't want any users to be using the view features. Then next, users can use the combined security information registration experience. Now, this setting is important for users to be able to use self service password reset. So they go through a flow where they give their phone number and email addresses that can be used to reset their passwords. I'm going to enable this by switching to all, and the last setting is administrators can access my staff. I'm going to leave that setting to its default as well and then click on the save button on top. And that's it. We've configured the user settings at the tenant level which we're delivering to other organization. And with that, we've reached the end of this long, but fun chapter. Let's take a quick chapter quiz to evaluate your understanding of what we have learned so far. I'll see you after that.