Office 365 user roles management through provisioning policy
Office 365 role assignment to Azure AD users is controlled or restricted by creating a new provisioning policy and applying the policy to the Organizational Unit.
To create and apply the new policy
- From the Active Roles Console, create a Policy Object. For instructions on creating a policy object, see the section Creating a Policy Object, in the Active Roles Administration Guide.
|NOTE: In Active Roles Console, select Office 365 Roles Management as the Policy to Configure page.|
- In the New Provisioning Policy Object Wizard, under Select the roles for policy validation, select and assign the required the Office 365 role for the user. Click Next.
- In the Enforce Policy window, add the Organizational Unit (OU) on which the policy must be enforced and click Next.
- Click Finish.
|NOTE: While creating an Azure AD user from the Active Roles Web interface, if the policy conditions are not satisfied while assigning Azure AD User roles, the following policy violation error is displayed:
Administrative Policy returned an error. Exception in Office 365 Roles Management Policy violation: The Azure user Roles(s) <roles>, can be assigned. The policy prescribes that this Azure User requires only the specified role in the policy object to be assigned.
Managing Office 365 Contacts
The Active Roles web interface enables you to perform administrative tasks such as create, read, update, and delete Office 365 contacts in Hybrid environment. You can also perform other operations such as add and remove Office 365 contacts to Groups.
Office 365 contact management tasks using UI
Office 365 contact management tasks using Web interface
Active Roles web interface enables you to perform the following management tasks for Office 365 contacts:
Create a new Office 365 contact
You can use the Active Roles Web Interface to create and enable a new Office 365 contact. .
To create a new Office 365 contact
- On the Active Roles Web interface Navigation bar, click Directory Management.
- On the Views tab in the Browse pane, click Active Directory.
The list of Active Directory domains is displayed.
- Click the domain in which you need to create a new contact.
- In the list of objects displayed, click the required Container or the Organizational Unit.
- In the Command pane, click New Contact.
- In the New Conatct in <OU name> ->General wizard, enter the contact details such as First Name, Last Name, Initials, and Display name.
- Click Next.
- In the Create Azure Account properties wizard, select Create Azure Contact option.
- In the External e-mail address field, enter the email address for the contact, and click Finish.
The Office 365 account details for the new contact are generated automatically and populated in the respective fields.
NOTE: : In Federated or Synchronized environments, Office 365 contact creation is not supported. The contact is created in Active Roles and is synchronized eventually to Office 365 using Microsoft Native tools, such as AAD Connect. To manage the Office 365 contact through Active Roles, you must perform periodic back-synchronization to on-premise AD.