Learn about cloud identities in Office 365 and compare to domain accounts.
- [Instructor] In the first section of this course, we'll take a look at passwords and properties of a user account in Office 365, so this includes a look at the rules which define how complex a password should be, when they expire, how to reset passwords for both admins and for regular user accounts, and so on, and so forth. We will start by laying a little groundwork and by answering a very central question to your understanding of this topic of password management, and that is, what is a cloud identity? Well in terms of Office 365, it can be described as an object that is stored in a directory database, and that's why I have the icon of a phone book-looking thing, or an old-fashioned Rolodex type of a thing, but that's what a cloud identity is.
It is that information that you would typically keep in an address book, it's kept in a database somewhere, and that database is referred to as a directory database. There are lots of directory databases that are in use throughout computer administration everywhere. Office 365 is no different, and in fact, you have the choice as administrator to use some of the built-in tools with Office 365, or you can sync your directory information to an on-premises Active Directory solution, but we'll flesh all of that out as we continue on.
Again, this lesson is just about laying the groundwork. So, in the case of Office 365 once again, when the exam mentions a cloud identity, what it is mostly referring to here is Active Directory objects that is stored in an Azure Active Directory solution rather than in the separate Office 365 database of users and groups, and so on. So, what is the big deal about that? Well, Azure Active Directory is Active Directory in the cloud, without the need for an on-premises Active Directory solution that uses Windows Server as the platform.
The other big deal about that, besides that your Active Directory is in the cloud, is that with Azure and Active Directory, you can manage your accounts using Group Policy, so simply stated, there are things you can do using Group Policy that you can't do with the admin center in Office 365. I'm talking about things like setting password complexity requirements, password expiration, account lockout, and so on. When it comes to preparing for the 346 exam, I would be sure to make note of the things that are configurable using Azure AD, and the things that are available only using an on-premises Active Directory solution, and the things that are configurable through the Office 365 admin center, so know these two things especially.
What is possible with the admin enter, and what is possible using Active Directory? Because you're sure to get a question or two on the exam that test you for whether you know the difference about, for example, setting password requirements. So all of that said, that's what I'm here for, to point out some of these differences, and we'll continue that discussion as we go.
- Configuring password management
- Defining password complexity and resetting options
- Importing users
- Administering groups
- Configuring multifactor authentication
- Managing cloud identities with PowerShell
- Bulk user management