Creating Users and Managing Passwords in Microsoft Office 365
Creating Users and Managing Passwords in Microsoft Office 365
In this Office 365 training video, instructor Spike Xavier demonstrates how to create users and manage passwords in Office 365.
In this video we’re going to cover creating users and managing passwords in Office 365.
The first thing I’m going to do is I’m going to go to the portal.office.com website, and I’m going to log in with my Office 365 credentials, if I can remember them, which I hope that I will.
I am a global administrator in this tenancy ‑‑ interfacedemo365.com. That means that I can do anything that you can do administratively in this tenancy. I’m going to go to the admin center. I’m going to click the Admin title and go to Admin Center.
I’m going to start by creating a brand new user in Office 365. I’m going to click the User’s Menu on the left‑hand side, and I’m going to click Active Users. Now, there is a shortcut to add users right on the home page in a web part, but I’m going to go ahead and go to the active user’s screen.
Here, I’m going to click Add a User. This will allow me to create a brand new user in Office 365. I’m going to go ahead and do that now. I’m going to say John Richard, and his display name’s going to be John Richard. I’m going to make his log in John R. I would use whatever my governance is for my organization. John’ll be located in the United Kingdom.
Additionally, I have the ability to add additional contact information, which is not required. I can say job title, video editor. I could put his department as creative, etc. I could add any other information that I might want to add there. In this case, that will be enough.
Down here is a very important section, the password section. Now, in this demonstration all of the accounts are cloud accounts. This is not synchronized with an On Premises Active Directory, and this is not using a third‑party federated identity provider.
This is all in Office 365 tenancy where all of my accounts are going to be controlled and managed by Azure Active Directory, which is the out‑of‑the‑box ‑‑ comes with the product ‑‑ very powerful identity management system that sits behind Office 365 managing your users, and usernames, and passwords and information about your users.
You don’t have to do any extra configuration. It just comes out‑of‑the‑box and ready to go on day one. That is the configuration here.
If your architecture uses a very common one, which is to synchronize passwords with an On Premise Active Directory, or use something like Active Directory Federated Services, your password management might be slightly different, but the concepts will still be the same.
Right when I create a user, I have the default settings, which are this ‑‑ auto‑generated passwords. In this case, I’ll create John if I choose this option, and Office 365 will automatically generate John a password.
The first time John goes to log in, he is going to be required to provide that auto‑generated password, and immediately set his own password, which will have to meet the password complexity requirements set up in Azure Active Directory for this Office 365 tenancy.
Optionally, I can say, “Let me create the password.” We’ll start with creating a user with an auto‑generated password, and then we’ll do it where we create the password. You can see that the default is, “Make this user change their password when they first sign in.” That’s the settings that we have.
As far as roles, when I click on Roles, out‑of‑the‑box the default’s going to be John’s going to be a regular user. He’s not going to have any administrative responsibilities. If I wanted to, I could assign John administrative roles.
Now, global administrator is what I am, and can do anything administratively in the context of this tenancy with Office 365. But, there are a bunch of what are called customized administrators. A customized administrator is one that has very specific administrative roles.
It’s a very good idea in an Office 365 implementation, particularly if you have 100 users or more than that, ‑‑ whatever your number is ‑‑ instead of one person doing everything, be able to take some of those tasks and assign them to a people in the organization that makes sense to you.
For example, it might be a very good idea to assign John the billing administrator role if he worked in accounting. Or, it might be a really good idea to assign John the password administrator role if John were working as a support technician.
It might also be an idea to allow John to be a SharePoint administrator, and a password administrator, and a service administrator ‑‑ that he would get the sum total of these. As you see, they allow you to select more than one.
This is something that can be done. It should be a thought‑out process where you say, “OK, this is what that role is and these are the people we’re going to have fulfill that role. Therefore, we’re going to assign them that role when we create them as users,” or you can do it after the fact as well.
Down here, I’m not going to assign John any administer roles. I’m going to make John a user who’s going to be able to use all the services that I’ve configured in my Office 365 tenancy. I don’t have to provide an alternate email address, particularly for an out‑of‑the‑box normal user.
Not a bad idea to do that, but definitely something you want to provide if somebody’s assigned an administrative role. The next is the product licenses. Now, your options here are going to depend on what your tenancy is. This is a tenancy for an E3 Office 365 tenancy, so that has certain things available with it.
Right now, I have 21 of 25 licenses available. The default is to assign John a license. I’m going to go ahead and leave that. Now, I can create a user without that license, and in that user I will have to select the second button which is, “Yes, I know I’m creating a user and not assigning him a license.”
Essentially, I’m creating a new user, providing the minimal amount of information, letting Office 365 auto‑generate a password. John’s going to have to know that password when he first signs in. I’ll go ahead and click Add. That’s adding a user basically using the defaults.
Now this screen comes up. Notice that I’ve John’s password which, in this case, is Zujo1436. That password is what John’s going to need. I’m just going to copy that password. John’s going to need that password in order to log in for the first time.
I might email that to him here. I might let him know some other way within my organization. I might not send the password in email at all and just let John know that information. That really depends on the governance of my organization.
When I’m done I’ll say, “Send email and close.” In that case, it’s sending me the email, but I copied it here. Now I’m going to go ahead and sign out as me. Then I’m going to close my browser window. I’m going to show you what the experience is going to be for John to log in for the first time.
I’m going to start a private browsing session. I’m going to go to portal.office.com and I’m going to log in as John ‑‑ firstname.lastname@example.org and then his password is going to be the one that I put into the clipboard. Hopefully, that worked and I’ll click Sign In.
This is what happens. We’re all cool. “John, we recognize you as a user, but you have to update your password because this is the first time you’re signing in and that was the setting that your administrator set.”
You need that password here. Then you need to make up your own password, which has to meet whatever the password complexity requirements are for your Azure Active Directory implementation.
Now John’s new password when he wants to log in is going to be the one he set himself, and it will have met the password requirements. That other password that was auto‑generated, it was simply there for John to go ahead and use the first time and that was it.
You can see that some of the services for John are still being set up. There may be a slight latency. It’s gotten really fast. Really important, they ask John to set his time zone. I’m going to click that, “Set your time zone and your calendar.” It’ll bug you for that until you do it.
Here, we’re going to set that to Arizona time. I’m not even sure what other time there is. Just kidding. Of course, we’re in Arizona and it immediately takes me to the inbox for John. He could start leveraging and using this service right away.
If I click the tile, you’ll see ‑‑ compared to the Global Administrator ‑‑ John has a few less links there, but John can get to work using services right away. Some of them are also going to be being set up. That’s creating a new user ‑‑ I’ll go ahead and sign out now ‑‑ using the defaults, letting Office auto‑generate the password.
Then John, the first time he logs in, has to use that auto‑generated password and then create his own password. I’ll go ahead and log back in as the Global Administrator, which is me. What I’m going to do is I’m going to show you another option for creating a user and setting a password.
This is something I like to, actually. This is, “You know what? Don’t auto‑generate my password. I’m going to generate the password and it’s going to be in compliance with my organization.” I might have an app or something that creates passwords that meet what we feel is a good password.
I’m going to click Active Users, here, and I’m going to create another new user. This will be Greg Richard, our Creative Director. His name will be Greg Richard, Greg R, and job title will be Creative Director.
You do not have to put this additional information, by the way, but it’s helpful. Of course, the more you put in there, the better. Down in Password, I’m going to change the default radio buttons and I’m going to say, “Let me create the password.”
Then what’s going to happen is you’re going to get this message that says, “You need to create a strong password 8 to 16 characters long that combines at least three of the following ‑‑ upper case letters, lower case letters, symbols, and numbers.”
That’s why it’s kind of nice, because I will already have a password configured that meets those password requirements. You’ll see it will go to strong when I’ve hit that. I will uncheck it. I don’t have to uncheck this, but I will uncheck the box to say, “Make this user change their password when they first sign in.”
There’s pros and cons to that. If I’m setting the password, it’s probably likely that the user may be less likely to remember it because they didn’t make up the password.
Also, if I’m making up the password, the chances that this is a password that’s also used with other accounts, not Office 365 ‑‑ maybe some users use the same password for multiple things like that ‑‑ that chances of me guessing that password and using the exact same one is reduced, so maybe that’s a benefit. I think it’s a benefit, but that’ll be up to your organization.
Then for roles, again, with Greg I’m just going to make Greg a regular user. For Product License, I’ll use the default. We’ll assign him an E3 license. That’ll depend on what your tenancy is. Then I’ll click Add.
We’ve created a user with sort of the defaults where Office 365 auto‑generates the password. Now we created a user where we assign the password. I’m not going to click Show because then you’ll see the password but, it’s saying, “Do you want to send the password to email?”
Again, it’s defaulting sending it to me. I could potentially send that to Greg. But, if he can’t access his email yet, might not be such a good idea. I need to be able to communicate with Greg what his password is.
Now I’ll sign out and I’ll sign in with Greg’s so you can contrast the experience of the auto‑generated password with a password that was set where you’re not asking the user to reset the password on their first login.
I’ll go again to portal.office.com. I’ll do Gregr@interfacedemo365.com. The password’s going to be the password I created for Greg. He’s able to log in and get right to work. There might, again, be some latency while Office 365 is getting some of his services set up.
That latency is greatly reduced, by the way. They’ve just gotten so fast with that. Then, at some point, Greg’s probably going to be asked to set his time zone. You can see it’s still setting up his email, a lot of times that’s just done right away. That’s probably when it’s going to prompt him.
In any case, I’m going to sign out as Greg. That is creating a user using the different versions ‑‑ one where you let Office 365 auto‑generate the password, the other one where I’m setting the password for him.
One of the other things I like to do ‑‑ and, again, this is an optional thing; I just find it useful ‑‑ is you can set password administrators and they can reset users passwords. That’s fantastic. Users can reset their own password if they know their current password. Password administrators can reset passwords for people who don’t know their current password.
I’m going to log in here. I’m going to log in as my account, which is a global administrator. That is the caveat, here, to keep in mind. As a global administrator, hopefully, I won’t forget my password. But, there could come a situation where I do forget my password as a global administrator.
Then what’s going to have to happen is I’m going to have to go through a series of steps to recover that. As a global administrator, those steps, they’re going to be not necessarily the most pleasant steps. I shouldn’t be losing my password as a global admin. However, I can have another global administrator reset my password for me.
You can’t reset a password for someone who has more administrative privileges than you do. A user can reset their own password if they know their current password, but they can’t go reset a password for another user unless they’ve been assigned an administrative role which includes the rights to reset someone’s password.
As a global administrator, I can certainly do that. What I like to do is, in my tenancy, I like to add a user. This’ll be Lynn ‑‑ he’s the director of our remote live training product here at Interface Technical Training ‑‑ Solace. That would be Lynnr@interfacedemo365.com.
I’ll go ahead and add a job title, Director of Remote ‑‑ I keep trying Directory ‑‑ Live Training. That’ll be enough. Now, down here under password, I’m going to say, “Let me create the password,” again.
I could go through the same thing I did with John’s account. That would be fine, but I like to do it this way and make sure that the password meets these requirements which will be in conjunction with my internal requirements. I’m not going to make the user change the password.
The role, I’m going to assign Lynn global administrator privileges. I’m going to have to give another email, so I’m going do email@example.com, which is not a real email address. Then, on product licenses, what I’m going to do in this case is…Lynn, of course, would definitely be using Office 365, but I’m just trying to paint a scenario.
I’m going to uncheck a license and then check the option that says, “Create a user without a product license.” Lynn’s whole purpose, the whole purpose of this is that, “Lynn, I forgot my password. I’m the global admin. Can you please reset my password?” Lynn is a global admin and would be able to log in and reset my password as another global admin.
I like to create an unlicensed account whose sole purpose is to be able to reset another global admin’s password that they may have forgotten. I’ll go ahead and just click Send Email. I’m not going to log in as Lynn because the experience will be the same as Greg, other than if I needed my password reset ‑‑ I would log in as Lynn, reset my password, and be able to do that.
What I want to do is I want to come down here to Settings. Under Settings, I want to click Security and Privacy. Here’s where you set the password policy for your organization. Now, on a Microsoft documentation, it says that those passwords that you create when you create users are good for 90 days.
Not going to argue with that. But, you can see that the policy here says, “Days before password expires 730,” which is 365 days times two ‑‑ two years. Then, “Days before users notified about expiration 14.”
If you happen to have an account that you need the password to never expire ‑‑ maybe it’s a service account if you’re doing some sort of directory synchronization ‑‑ then that account you would have to enable globally for the organization that people can have passwords that don’t expire.
Then you would use PowerShell as your Active Directory’s PowerShell module to do that, and you can set an account to never expire. Here, this is the most commonly changed setting, where someone will say, “Well, we don’t want passwords to last for two years.”
Here it says, “Set user passwords to never expire.” If you turn this on, passwords will never expire for any user in your organization. We don’t recommend it. You don’t have to that globally. You can just do it for a specific account, but you need to use PowerShell.
Maybe I’ll say, “Well, we want passwords to expire after, let’s say, 120 days,” and that’s probably even a little long for me but let’s say that’s the case. Then you have the number of days until it expires.
The maximum amount, by the way, you can do is 730 here. In fact, if I delete, it will say, “This number needs to be between 14 and 730,” so that’s a good information to know. Then down here, the number of days where you’re starting to notify someone, “Hey, your password’s going to expire in X amount of days.” This needs to be between 1 and 30 days.
You can’t have the number of days till the password expires. I can’t make this 15 and then down here make this one 30. This one shouldn’t let me. You can’t make this more than the number of days till it expires. Let’s say I’m going to say passwords expire in 60 days, and I will let people know at 16. That was the number in there. That actually should work.
These passwords are going to expire in 60 days, and 16 days before that they’ll start getting notifications, “Hey, your password’s going to expire. When you log in, you should probably change it.” They’ll need to know their current password and then they can change it. Password policy is going to be probably the biggest thing that you’ll actually set.
The last thing I want to demonstrate is creating something called an Office 365 Group. I’m going to go ahead and go to my admin tile. I’m a global administrator, of course. I’m going to go to the Groups section.
We have a User section, then we have this Groups section. There are several different types of groups that you can use, work with Office 365. One of them is actually called Office 365 Groups. I’m going to go ahead and click Add a Group.
Then, here, you’re going to see that it is now the actual default. The default is Office 365 Group. If I click that dropdown menu, a really, really helpful window opens up here that tells you what these different choices are. Office 365 Groups are a great way for teams to collaborate by giving them a group email, shared workspace for conversations, files, and calendar of events.
It basically creates them an email box for the group, a SharePoint team site for the group, a OneNote file for the group, and a OneDrive space where all this stuff can be saved and they can all collaborate together, and a calendar as well. Office 365 Groups really a collaborative idea.
There’s a newer thing called Office 365 Teams, very similar. Whether you use Groups or Teams, this can become an argument I don’t want to get into, but I’m just going to talk about Office 365 Groups here.
Another option you could choose in this screen ‑‑ we’re not going to now ‑‑ is security groups. They are groups that you use in an access control list. If you want to control access to OneDrive or SharePoint, you can grant access to a security group that you would create here. It also can be used in mobile device management.
A distribution list is a mailing list. That group is given a name, so you can send an email to that group name and it will go to all the members of the list. That’s something that people have been using for a long time through Exchange.
Then mail‑enabled security groups, these are a combination of these two things here. It’s a security group, so you can grant a mail‑enabled security group access or permission to use certain resources as the name of the group. Then, in addition to that, you can send an email to all the members of the group.
Those are your choices. Right now we’re focused on this Office 365 Group. I’m going to name this group Video Production. It’s going to be the Video Production Group. The group ID is going to be video production. This has to be unique. You can see it’s available, and unique within your tenancy of course.
Then the description, it’s not imperative that you print a description, but it’s a really good idea to put the description, so, “The team responsible for video editing, scheduling, and creation,” except you want to probably…Oh, look. I didn’t even know it was going to do that. It did an auto spell correct on the word creation. That’s awesome.
The privacy is going to be very simple. Private means only members can see the group content. Public means anyone can see the group content. You cannot change the privacy setting after the group’s created. You’re going to want to really think about this setting. I’m going to say, in this case, that only members can see the group content, so it’s a private collaborative experience.
Maybe, if this was a group on the company picnic, I would say public and then people could have meetings every once in a while and say, “Yeah, I saw you guys were working on the balloon arrangement and I think we should use purple,” whatever that might be.
I’m going to say private, use the language. Then, down here, you could say, “Select an owner” ‑‑ I almost skipped over this one ‑‑ “and send copies of group conversations and events to group members’ inboxes.” I like to do that. Some people say, “No, I’m a member of too many groups and it’s starting to become overwhelming.”
I just try and teach them about folders and things like that. In any case, that’s optional. The default is on selecting an owner. I’m just going to select myself as the owner. You can see that adds me as the owner and I’m going to click Add.
The group owner does things that you might think that the owner might do of a group. They’re responsible for settings about the group, and they can add members, and things like that. Once I hit close, you’ll see that the group is now listed. I already have an existing Office 365 Group called IT Admins but, actually, I’m not seeing it listed.
It’s not that unusual that you won’t immediately see a group listed. Sometimes it’s just a matter of refreshing the browser. I can refresh the browser and see if it will show up there. Sometimes there’s a little bit of latency as all of the objects for the group are being created. It’s not that unusual to not immediately see it, but I do see it here, my Video Production Group.
If I click on it, you’ll see that I’ve got all of the settings that are involved in this group and I can edit some of those settings as a group owner. I am a group owner. I can add that. I can close this here and I can say, “Click on here,” and I can say, “Members,” down here. You could see that, on the owners, right now I’m the owner and I’m the only one. I can say, “Add owners.”
I’m going to add Mike Phifer as an owner, too. Mike’s an amazing instructor that teaches here at Interface Technical Training quite often, and he’s a good friend of mine. Now you can see, if I scroll back to my Group Settings, then, again, I’m just going to hit Refresh up here on the screen and I go back to my Video Production Settings, I’m going to go ahead and see that I added Mike as an owner.
Now I accidently added John as well. I have three owners. You can add more than one owner to the group after it’s been created. Members, it says is one, so I’m going to go ahead and add members as well. I’m going to click Add Members.
It’s going to search through and I’m going to add John, and Greg, and Mark, and Mike. I’m going to add all those as members. Technically, the owners would be able to be members, but they make a designation there between owners and members. I could remove members from the group. There’s several things that I can do as well.
Now I’ve got this group. Where do you see this? As a member of the group, if I go into my mail, my Office 365 clientoutlook.com, you’ll see that down here there’s a section in my menu that says, “Group.” That’s the place I most commonly go to.
I just go to my Outlook Client, find the groups. I’ll click on Video Production and you’ll see that it will basically open up the dashboarded page in the inbox for that Video Production Group. Then it’s also going to open a section where I have shortcuts to get to the content of that Office 365 Group.
I’m going to give this a moment to load and we’ll see that there’s an inbox here where I can see any mail. That’s down here. Then, over here, I have a whole bunch of information. Here’s where I can get to the SharePoint site for the group. I can start a conversation for the group. Up here, this menuing system is awesome. This is where I can get the conversations about the group.
There’s the group calendar. Here’s the files which will take me to the shortcut. This will take me to the OneNote for the book. I’ve even got this thing called Connectors. Connectors are integration with other apps. Watch, I’ll click Connectors and you’ll see what I mean. They’ve really expanded this idea of collaboration, and I can connect.
If I had a Twitter account for this group, I could connect it. If I had an RSS feed to some data feed for this account, there’s a bunch of stuff I don’t know. If I had a GitHub I could connect it to this. Microsoft has really worked hard to make the collaborative experience, just expanded beyond just even things that you get with Office 365, which is just awesome.
If I click Calendar, again, that will take me to the calendar for the group, so I can create and schedule appointments specifically for individuals, everybody in the group. If I click Files, it’s going to take me to the ability to actually upload files here. It says, “One place for all your files.”
Over here, I don’t know if you could see that too good, it’s basically a document library in SharePoint. They’ve been actually given a team site here that they can get to. If I click Notebook, it will take me to the group’s OneNote file, which I’ll be able to access and update with information.
If you’ve never had a chance to work with OneNote, man, it is seriously an unbelievably powerful program. It’s mind‑blowing. It’s like you could have your own little private Internet in a OneNote folder. I use it quite a bit.
As a Microsoft certified trainer, I have to prepare for exams several times ‑‑ more often than I would if I wasn’t a certified trainer ‑‑ and I use OneNote for my exam preparation. I find it extremely helpful to use. I can get right to that for the group. Then, if I click More, I’ve even got a planner.
If I click Planner, the planner is the idea that you have a planner for the group where people can be given things to do. There can be different deadlines that can be set together. It’s like a little mini project management type of thing here.
You could see, “Set due date; Here’s a task; Assign a task; Add a new bucket.” This is just totally awesome. Then here you have shortcuts to everybody who’s a member of the group. You can quickly get involved with them on that level.
Then, finally, the site. As I said, every group gets a team site. I don’t know if you can see that right now, but it’s created me a site at sharepoint.com/sites/videoproduction. That’s the URL that puts that. This is a SharePoint team site, complete with document libraries. It’s got a site settings menu. I could go to the site contents. This is the new look of SharePoint.
Down here I could click “Return to classic SharePoint.” A lot of people will be more familiar with this, at least for right now. You could click “New sub site,” and you could even create a whole site hierarchy here for the team.
A ton of stuff with Office 365 Groups. Really a really, really fantastic way to collaborate. You don’t have to go into each individual service and create a mailbox, and then go to SharePoint and create a site, and then create a OneNote and a OneDrive.
You just create an Office 365 Group, add your members and your owners. It creates all of those collaborative tools for you, and associates them, and informs all the members. Everything’s put in one place. Totally awesome, Office 365 Groups are awesome.
We covered a lot of information about creating users and managing passwords in Office 365. We talked about creating that emergency global admin. We saw the default settings, which is to auto‑generate a password where they have to enter that and then set their password the first time they log in.
We saw that you can actually take control over that as an administrator and create the password for them, and then give that to them somehow where they’ll use that to log in. We saw the strategy ‑‑ that’s not a requirement ‑‑ of creating a secondary global admin, unlicensed whose only job is to be able to reset passwords for the other global administrators.
We saw this password policy and looked at some of the number of options. A lot of options. There’s other stuff that we can do. We even talked about setting passwords never to expire for certain accounts using Windows PowerShell.
We could do it globally but it’s not a good idea to set globally that passwords never expire. A lot, a lot of controls that you can do within Office 365. Of course, all of these that I’ve done here are cloud only accounts.
They’re not using directory synchronization or Active Directory Federation Services. This is 100 percent in Office 365. Tons of information available to you in the Help. Tons of information available to you in the Office 365 blogs that they provide. Some great information for you. Hopefully, that covers creating users and managing passwords in Office 365.
For instructor-led Office 365 training classes, see our course schedulle:
You May Also Like
In this SharePoint training video, we’re going to cover creating Lists and Libraries. Wherever you create your List or Library, wherever you want to create it, you want to be there. You want to be in a particular Site that’s in a Site Collection. If I wanted to add a List or Library to this … Continue reading Creating Lists and Libraries in SharePoint
In this SharePoint training video, I want to talk about the Navigation Controls in SharePoint. They tend to fall into two kind of different categories; one with the navigation controls in a typical Collaboration Site such as a Team Site or a Project Site. These are Sites that are based on the Team Site Template … Continue reading Using Navigation Controls in a Collaboration Site in SharePoint
In this SharePoint training video, we’re going to cover creating Lists and Libraries. Now, we want to go back to our hierarchy of objects. We’re going to start at the Site Collection level. That’s where we want to make sure we’re in the right Site Collections. For Instructor-Led SharePoint Training, see our SharePoint Course Schedule Spike … Continue reading Creating Lists and Libraries in SharePoint