Recommendation – Microsoft 365 authorization concepts – Part 1

16/04/2024

Active Directory, Entra ID, Microsoft 365

Microsoft 365 administrators have various roles and tasks that they need to manage to ensure that the organization runs smoothly.
Authorization concepts that are familiar from the on-premise world cannot be replicated 1:1 in the Microsoft Cloud. In order to ensure data security, several steps need to be implemented.
These are as follows:

PIM:

With the Privileged Identity Management (PIM) function, Microsoft 365 offers the option of assigning predefined administrator rights to time-limited and only explicitly authorized persons.
In order for such roles to be assigned to the corresponding users, these users must fulfil corresponding requirements. These include a multifactor authentication (MFA) obligation, authorization for the corresponding PIM role, etc.
Users who have PIM authorization should only be able to request this for higher-level, non-daily work. The aim is for the individual departments to be self-managed or managed by so-called delegates.

Administrative units:

From a technical perspective, each department of a company is assigned to so-called administrative units (AU). This action can be used to define users who explicitly have administrative authorizations for this dedicated AU only. As certain areas are not only managed by the corresponding AU, users of the Delegated Administrators can also be assigned to several AUs.
Authorizations for the respective AUs can be assigned and removed in several ways. The following options are currently available:

Direct assignment of individual users to an AU. (Not recommended)
Assignment via M365 groups (static and dynamic groups possible)
Dynamic assignment via predefined attributes.

AUs also support the following compliance solutions:

Data lifecycle management
Data loss prevention (DLP)
Communication compliance
Records management
Sensitivity labelling

SharePoint sites (through MS Teams)

Whenever possible, new SharePoint online (SPO) sites should be created by Microsoft Teams. This has several advantages, such as the optional availability of the SPO site in Microsoft Teams. Furthermore, you can decide what kind of site (In Teams: Team) should be created.

The following options are available:

Org wide (This type of Microsoft Teams team is automatically displayed in Teams for every user who has a cloud or synchronized account. Each user can also search for the corresponding site on the entire tenant and move freely, depending on their document authorization).
Public (Public sites are basically similar to Org wide sites. However, they differ in that the sites are not automatically assigned to each user in the Teams client. Nevertheless, every user can search for the site and consume content).
Private (From Microsoft Teams’ point of view, private sites offer the highest level of security. Only users who are explicitly members can have access to the corresponding site. An unauthorized user cannot search for private sites).
Shared (Shared sites were developed by Microsoft to enable cross-tenant work with partners and/or customers. Since the introduction of shared channels, employees no longer have to switch between the tenant accounts by logging in and out, but can access the shared sites directly in their own tenant. Provided they are authorized). *1

*1) In order for shared channels to be used, a two-sided trust position is required for each customer/partner, which is configured by Azure B2B.

Data Classification

Labelling is basically used to ensure that confidential documents are not leaked. This can be defined internally and externally, but also at departmental level (e.g. finance, HR, management, police, etc.). There are various application options for labels, which allow customers to design and use them individually.
As a further example, labels can also be used to ensure that documents classified with the “Internal” label in this example cannot be sent by e-mail to external recipients.

DLP

When implementing AUs, dedicated custom DLPs can be created which are focussed on the respective AU and its users.
These DLP policies can be created and applied separately for each AU or individually.

PIM roles

In the authorization concept for the Canton of Aargau, only the role of Global Administrator (GA) is to be provided via PIM. A group of administrators is defined by the customer, who can apply for the corresponding GA role. PIM also offers other administrator roles, but we recommend that these are not managed via PIM but via the AUs.
This ensures that administrators cannot assign roles to each other for no reason.

The length of GA access via PIM should be limited to a maximum of 4 hours so that administrators do not work with the highest authorization level for longer than necessary.

Azure Subscriptions

The authorization concept described is aimed at Entra ID and Microsoft 365 apps and services.
Azure services such as Azure Speech services or storage accounts are not managed by Microsoft 365. These are Azure services.
Azure Services can be managed in the following two ways:

Authorizations on the respective Azure subscription on which the services are stored
Authorizations on the respective resource group on which the services are stored.

Here too, the authorization can be defined and assigned using several levels.

Authorization matrix as a basis for decision-making

A dedicated authorization matrix makes sense, especially in connection with administrative units. Dedicated support teams can be set up depending on the area (country location, department, division, etc.). These units can then be divided more granularly and the corresponding authorizations controlled. It is recommended that there is a superordinate IT department that is responsible for the management and administration of the respective administrative units.

Location

Role

Entra ID

Purview

Defender

EXO

SPO

Power Platform

Teams

M365 Apps

Intune

Viva

PIM (Global Admin)

Department

Default End User

N/V

Environment Maker

N/V

Department

Power User

N/V

Environment Maker

N/V

Department

Guest User

N/V

Department

1^st Level Support

Message Center Reader

N/V

Environment Maker

N/V

Read only Operator

Department

2^nd Level Support

Message Center Reader

Authentication Admin (AU Level)

Cloud Device Admin (AU Level)

User Admin (AU Level)

Guest Inviter

N/V

View-Only MGMT

Mail-Forwarding (Custom RBAC Role)

N/V

Environment Admin

Teams Communication Support Specialist

Teams Administrator (AU Level)

Teams Device Administrator (AU Level)

Company-specific authorization definition

Read Only Operator

Company-specific authorization definition

Department

Application Manager

N/V

Location

Role

Entra ID

Purview

Defender

EXO

SPO

Power Platform

Teams

M365 Apps

Intune

Viva

PIM (Global Admins)

Superior IT

3^rd Level Support

Message Center Reader

Authentication Admin

Cloud Device Admin

User Admin

Guest Inviter
Helpdesk Admin

Knowledge Admin

Directory Readers

Report Readers

Application Admin

Groups Admin

License Admin

N/V

Quarantine Admin

Seurity Operator

Exchange Administrator

SharePoint Administrator

Environment Admin

Power Platform Administrator

Teams Communication Support Engineer

Teams Device Administrator

Teams Administrator

Company-specific authorization definition

Intune Administrator

Company-specific authorization definition

Superior IT

Lead Engineer

3^rd Level Supporter +

User Administrator

Global Reader

Compliance Administrator

Security Operator

Exchange Administrator

SharePoint Administrator

Power Platform Administrator

Teams Administrator

Company-specific authorization definition

Intune Administrator

Company-specific authorization definition

YES

Superior IT

Architect

Message Center Reader

License Administrator

Authentication Administrator

N/V

Security Reader

Power Platform Administrator

Security Reader

Company-specific authorization definition

Intune Administrator

Company-specific authorization definition

YES

Superior IT

CSO

N/V

Security Reader

Superior IT

Security

Authentication Administrator

Privileged Role Administrator

Global Reader

Conditional Access Administrator

Cloud Application Administrator

Identity Governance Administrator

N/V

Security Administrator

Company-specific authorization definition

Intune Administrator

Company-specific authorization definition

YES

Superior IT

Risk

Global Reader

Compliance Administrator

Insider Risk Management Administrator

Security Reader

Company-specific authorization definition

Security Reader

Company-specific authorization definition

Superior IT

Legal

Global Reader

Insights Reader

Security Reader

Company-specific authorization definition

N/V

Company-specific authorization definition

Superior IT

Compliance

Global Reader

Identity Governance Administrator

Compliance Administrator

Customer Lockbox Access Approver

Security Reader

Company-specific authorization definition

N/V

Company-specific authorization definition

YES (After approval)

Superior IT

Licence Management

Licence Administrator

Billing Administrator

Guest Inviter

N/V

Company-specific authorization definition

N/V

Company-specific authorization definition

Supplements

This matrix is intended as an illustrative example; it can of course be adapted and/or expanded depending on the requirements of your own company.

The distinction between “Default Users” and “Power Users” are the local authorisations on the user’s own device.
The power user also has the authorisation to install something on their device, whereas the default user does not have this option.

How Exchange online Custom RBAC Roles can be built and the automatic Administrative Unit on-boarding, as well as a possible training matrix, which is related to the authorisation matrix, is dealt with in a Part two of this article.

Post Views: 456

Deprecation of Teams live events API on Microsoft Graph

Microsoft recently announced that the Microsoft Graph API for Microsoft Teams live events will be terminated for commercial customers. The

Migrating on-premise Mailboxes to Office 365 by using Quest Tools

Bevor I start writing this Article, I want to mace clear, I don’t get paid for this Post from the

Part 7 - Enable a user for voice and voicemail services with Direct Routing

After you have assigned the correct licenses, the next step is to configure the user’s online phone settings. You’ll perform

Delete Outlook cache with Microsoft Intune

There are various reasons why the Outlook cache needs to be deleted. One of the most common reasons is after

Advanced version of the Teams Voice Admin Tool

A few weeks ago, I wrote a PowerShell script concerning the Teams Voice Admin Tool. This script received a good

How to federate multiple Azure AD instances with single ADFS

The standard setting of Azure instance with ADFS is well known, standardized and implemented in the field. We use an

Reaward as Microsoft MVP

Today is the first of July. This is a very special day for every Microsoft MVP. On this day the

Allow Exchange users to see Calendar availability on G Suite

Thanks to the globalization, companies worldwide are working closer with each other. However, not all companies are using the same

Phishing attack simulation in Exchange online - Part three

Prolog At this point I am happy to present the third part of my series “Phishing attack simulation”. In this

Automated ADFS setup - with WAP roles for Exchange and Skype

It is already some time ago that I have posted a PowerShell script to the community. So I thought why

Generate Email for default Mails over PSForm

I was asked from a small Business Company to create an easy way for the Administration, to create default Email

Modify Mailbox type using Exchange Attribute Editor

A few days ago, I had to configure a few mailboxes for enabling message copy while sending. However, this is

PowerShell commands for Exchange and Office 365 – Part 3

It look’s like I will start a series with this kind of articles. Thank you guys for your resonance and

Create DAG by PowerShell

How to create fast and clean a new Exchange DAG? – Use PowerShell! Since the last Versions of Exchange we

Anonymous E-Mail as an alternative

Have you ever thought about your email privacy? People email each other everyday for different purposes. From holiday greetings

Part 6 - Assign Teams Licenses

To use Direct Routing, you’ll first need to assign the following licenses to a user: Microsoft Teams Microsoft Teams Phone

Autodiscover and further DNS

In one of my LAST articles I have described the MX-Records and the SPF-Records, how they work and why we

Show Calendar Permission as a Report

Our 2nd level support came up to me earlier this week with a with a request about calendar permissions. He

Microsoft Teams name change on MacOS

With the recent General Available of New Teams on Mac, there are changes that impact the management of some tenants

Remove old EAS Devices

Earlier this month I had to make some cleanups in a customer’s Exchange infrastructure. On one side, I had to identify

Azure Application Proxy

What is the Azure Application Proxy? Azure AD Application Proxy is a feature of Azure AD Premium and Azure AD

Do I need an on-premise Exchange using Exchange online?

The story is often the same one: I get invited for a workshop from a customer about projects for messaging

Set automated disclaimer to all E-Mails sending out

Company e-mails have to follow some policies before they can be sent out from an organization. If these policies are

Web Application Proxy PowerShell Cheat Sheet

As Web Application Proxy is a standard Windows Server role service, you can use many Windows Server PowerShell tools to

Microsoft Teams data Location

The current COVID-19 threat forces more and more companies to use collaburation tools. There are some on the market which

Assign licenses to users in Office 365 for business

We have a new employee in our company, who starts his work as junior System Engineer. However, as a junior

Part 2 - Assign Teams Licenses

To use Teams Phone, you’ll first need to assign the following licenses to a user: Microsoft Teams Microsoft 365 Teams

Message Encryption with Office 365

At the Ignite 2017 Microsoft presented a bulk of new features which are waiting for us in 2018. One of

Finding E-Mail sender IP address

Internet emails are designed to carry the IP address of the computer from which the email was sent. This IP

Error when moving a mailbox to Exchange online

In a project I was running some time ago, one of the main Tasks was to move on-premise Mailboxes to

How to import an Outlook 2010 PST to Office365

Last month one of our Junior Engineers got a task to move some outlook information’s to the O365 Mailbox. It

Microsoft Bookings available in Office 365

At the end of April, Microsoft announced in its Message Center update that Microsoft Bookings, a self-service scheduling tool, will

Intune Deploy Win32 applications - public preview

Seems like Microsoft really cares a lot about the ideas that users post on the Intune Feedback page. 🙂

Import PST files using Exchange PowerShell

If we want to import PST files into an Exchange mailbox, we can use the PowerShell CMDlet New-MailboxImportRequest. The PST

Cloud Solution Provider (CSP) program Important Informations!!!

Availability The Cloud Solution Provider program is available to companies with offices in the following countries/regions. These are grouped

Microsoft Ignite Splitter - Day one

Here we are, Microsoft Ignite 2019 has finally started. Yesterday on Sunday I was the whole day on a MVP

Creating a Exchange 2016 Building Block

Deploying a new Exchange Server infrastructure is never been so Standarted like today with Exchange 2016. In this Post it

Microsoft Ignite Splitter - A look back

Microsoft Ignite this year is already finished, and it was a huge event and It was an honour for me

Fixing mailbox enabled cloud-only user accounts in Office 365 for hybrid migrations

The basic scenario in hybrid Exchange environments is that we have to create an Exchange mailbox on-premise, which has to

Configure remote domain for automatic replies

Few weeks ago, I was working on a migration project between two independent domains. The project by itself was huge

Change Language settings by Office365 Mailbox

After the migration to Exchange online there are Users, which have language Issues. This kind of problem occurs mostly by

Cloud8 virtual Summit

The first Cloud8 virtual event will take place on May 22. Here in this article I describe briefly what it

Mail encryption issues with PGP and S/MIME (high importance)

PGP and S / MIME encryption is not nearly as reliable as expected. Inadequate standards, outdated technology, and malicious programs

Microsoft Teams Survival Guide

On the Microsoft Technet I found this very interesting Post about Microsoft Teams. I reposted this Article here by me

Rewarded as Microsoft MVP - Number 5

Today is the sixth of July and I am extremely pleased to have received an email from Microsoft on this

Information about "Microsoft 365"

In August 2017 Microsoft released a new Product in their Portfolio. They call it ‘Microsoft 365’. But what is ‘Microsoft

Exchange Online Limits

Customers, which are planning to migrate to Exchange online, asks mostly the same questions. How much do it costs to

Mails from external cannot be received after migration to Exchange Online

After migrating several users from Exchange 2010 to Exchange Online it can happen that some of the users are not

A short note about personal passwords

Strong passwords are an important basis for protecting your data. Unfortunately, many users still use the same passwords for all

Brief how-to: Enable MFA for Office 365

Here is another article before my Ignite journey this year. 🙂 Today I want to write about activating multi factor

Get the Exchange Virtual Directories by PowerShell

You can check in a very easy Way all of your Exchange Virtual Directories by using my Script I share

Configure and manage voice users

Ongoing management is required as new employees start, or if their needs change. Learn how to manage voice user configuration,

PowerShell Script - Setting Calling Policies for multiple users

This article serves as documentation for the script, which is stored on GitHub. The corresponding script can be downloaded from

Naming convention suggestion

Creating a standardized and consistent naming convention for IT infrastructures based on Microsoft 365 and Microsoft Azure is essential for

Try now - The "new" Microsoft Teams Client

Microsoft is currently working on a major update for the Microsoft Teams Client for Windows. Microsoft Teams is increasingly becoming

Microsoft adds support for Google Gmail IDs to Azure Active Directory

Microsoft has fulfilled the promise about enabling Gmail users to collaborate with others, using Azure Active Directory (B2B) without the

Microsoft Ignite - Review

Microsoft Ignite this year is already finished, and it was a huge event and It was an honour for me

Building a hybrid Exchange environment

This week, I was on a technical board and had to explain to customers on the level of CTO (chief

PowerShell script for Network Drive mapping

In this article I describe another small script that should simplify the daily work with Microsoft Intune. This is about

Azure Active Directory Pass-through Authentication

As far we know until today, the best solution form the Microsoft point of view is, to use ADFS to

Microsoft Teams and Telephony

Along with emailing and chatting, telephoning is one of the most important communication tools of our time. Even more, long

Another 10 useful PowerShell cmdlets for Exchange

After all the positive feedback to my article “10 Useful PowerShell cmdlets for Exchange” (thanks again to Steve Goodman), I

Engineers help Engineers | through Telegram

While I am writing articles on my Blog and surfing on different Forums and Social medias I always have two

Easy Office 365 Management -AdminDroid

Cloud services from Microsoft, Amazon, Google and other service providers have been booming not only since the Corona crisis. Of

Microsoft Kaizala will be integrated into Office 365

What has been mentioned for a long time is now becoming a fact, Microsoft Kaizala will be integrated

My PowerShell Gallery

Unfortunately Microsoft is about to retire the Technet Gallery. For me this gallery was a fantastic repository to look

Veeam Backup for Microsoft 365 v7

My daily work with Microsoft 365 includes not only Microsoft Teams Enterprise Voice (or Microsoft Teams Phone as it is

Enable UM for multiple Exchange Mailboxes

Background Some time ago I was on a very interesting project about on-premise infrastructure, Exchange online and 3rd party player

.NET Assemblies In PowerShell - Part 1: Manage Active Directory groups

The most popular way to manage Active Directory with PowerShell is to use the cmdlets provided by the PowerShell module

Block inbound calls

As Microsoft Teams continues to replace conventional telephony systems, there are more and more tasks to be done in this

Enable Sent Item Copy for shared Mailboxes in Exchange online

Time by time customers are asking me if it is possible, to move sent mails from shared mailboxes, to the

Meltdown/Spectre Powershell Module

Meltdown is currently thought to primarily affect Intel processors manufactured since 1995, excluding the company’s Itanium server chips and Atom

Create an Exchange federation between Exchange and Office 365 Organization

Prolog Recently I had a small project by one of my customers. This customer company has bought another company and

Microsoft To-Do is released

Today I received a Email from Microsoft that they began with the Rollout of Microsoft To-Do. But what is Microsoft

Choosing the right .NET version for your exchange environment

Before you install Exchange 2016, you need to review the topic to ensure that your network, hardware, software, clients, and

Deploying Intune Applications

This article is a follow-up article based on my article “Microsoft Intune Automatization Script“. In this article, I introduce you

Planning an Office 365 migration

Many articles were written in the past about migrating environment to Office 365. In this article I don’t want to

Finding out the own Tenant ID

Recently I was asked for one of my customers how he can find out his Tenant ID. The Office 365

Microsoft Ignite Splitter | Day 3

Day tree is just over and the halftime of the Ignite 2018 is already reached. Walking around the convention centre

Download and install the OMS Agent by PowerShell

I had to install on several servers the OMS Agent to manage the Systems in our Workspace. To go forward

The Rising Cybercrime Threat and the Imperative of Robust Password Policies

In today’s digital landscape, businesses are increasingly grappling with the repercussions of cybercrime. Cyberattacks are escalating in frequency, and the

The future of Messaging - a personal view

I am working many years in IT, most ot the time with the messaging and emailing. My first steps I

Ransomware Strain Encripts Cloud Email

A new ransomware strain dubbed as “ransomcloud” has been developed and it can encrypt online email accounts like Office 365

Microsoft has finally released a new Teams PowerShell Module

On March 14th 2017 in New York, Microsoft has announced that MS Teams will be released worldwide. Not sure if

Microsoft Ignite Splitter | Day 2

Day one has already passed, and I am looking forward for day two… My second day on the Ignite stated

What is end-to-end encryption and how does it work?

End-to-end encryption is the most secure way to communicate privately and securely online. By encrypting messages at both ends of

DNS settings for mail flow in Office 365

If we want to use cloud services it is necessary to understand how DNS works. In this specific article I

Add Email Address Policies by PowerShell

To create Mail Address Policies on Exchange I prefer to use PowerShell. If you go this Way, there are some

PowerShell Tool - Teams Voice - BULK handling Voice policies

I was looking for an easy way to distribute Teams Voice policies for several users. I came up with the

Part one - How to secure the number one hacking Target - Email...

Working in IT shows us that one of the main things we must think about is to defend our organization

Microsoft Ignite Splitter | Day 5

Last day at Microsoft Ignite 2018, for me personally there are two sessions waiting for me. The Expo has already

Customize Password Expiration in Office 365

Having password policies in a company is good! Very good! And important! Using on-premises active directory and GPO’s makes it

PowerShell Script for creating License Groups including assignments

Since I rely heavily on standardization for my clients, I have created a new script that I would like to

Good to know - Email encryption

In this article, I describe the most important points about email encryption in a kind of FAQ. We have all

Exchange 2016 CU8 Issue Occurs in Hybrid Mode

On December 19th Microsoft has announced thr Cumulative Update 8 (CU8) for Exchange server 2016. With the CU8 Microsoft fixed

Office 365 Portal gets a Facelift

Microsoft has announced that the Office 365 Portal will introduced in the new Microsoft 365 admin center. The new admin

Orphaned Exchange Online External Contacts preventing users account to sync to Exchange Online

I recently had a problem with an Exchange Online tenant. There was an external mail contact which was previously synchronised from Active

Re award as a Microsoft MVP - 2022

It is the first of July 2022 and, just like a year ago, it is with great pleasure that I

Identity model for Office 365 - 3 ways...

By most of the companies I know or I was working with, there are two scenarios when I was speaking

Merge Exchange online Mailbox with on-premise AD account

One of my customer runs a hybrid exchange environment. By the onboarding process of new employees he needs to create

Understanding S/MIME

Time by time I am getting the same questions from customers, which I try to explai them. Lately one of

MFA with Microsoft Authenticator App for OWA

In one of my last articles, I wrote about installing, customizing and about the functionality of the ADFS servers. Today

10 Useful PowerShell cmdlets for Exchange

On the Ignite 2017 Steve Goodman held a very good session about 10 useful PowerShell commands, which are important to know

Powershell function for Exchange online

Working as a consultant for multiple customers forces us to connect multiple times a day to different Exchange Online management

Note for the Ignite first timer

In a few days the Microsoft Ignite 2019 in Orlando will start. I am super exited about it and can’t

Microsoft 365 networking - Proxy Endpoints

For larger environments and/or infrastructures that have more complex network architectures, it can be important to split up the topic-related

Transfer FSMO Roles by PowerShell

If FSMO role holder DC goes under upgradation process or down, we think about FSMO roles as its important and

Extended support for Exchange 2010

Last week Microsoft has announced surprisal, that the support of Exchange 2010 will be extended for few more months

Exchange PowerShell Suite - by MSB365

In the company I am working for, we have some multiple Exchange projects. To set them up in a standardized

Adding a Domain to Office 365 with PowerShell

One of my customers has bought another company, so they needed to add the new company domain to their environment.

Add, remove and manage email alias using Powershell

This short article is about a returning question about how to add or remove smtp alias addresses using the Exchange

Configure a dial plan

Since more and more companies are replacing their conventional telephony infrastructure with Microsoft Teams Enterprise Voice, telephony behaviour is also

Announcement Cloud8 Summit - 5th Edition

It’s almost time for the 5th edition of the Cloud8 Summit. As things stand, it seems that the COVID pandemic

Add BULK Users from CSV to Azure AD Group

This script is for the following use case: An administrator needs to add multiple users from an organisation to an

Microsoft Ignite Splitter | Day 1

First day on Ignite is over, and here we go with Ignite Splitter for the first day… When I was

Migrate Fileserver to SharePoint online with Microsoft Teams - and make it accessible in the File Explorer

Microsoft Temas is becoming more and more the central working point where, regardless of the industry, companies are focusing more

Microsoft Teams phone meets Copilot

Since its launch in 2017, Microsoft Teams has stood by a unique perspective: integrating communication and collaboration seamlessly into a

Installation documentation with Powershell

By setting up or configuring software it is always necessary to make documentations. To document the installation or configuration steps

Logon problems Session Broker - CAA50021

Some time ago, one of my customers had the problem that after his environment was migrated to the cloud (hybrid

Microsoft Teams calling ID policies (plus Script documentation - How to)

An extremely important element in the field of telephony, apart from incoming calls and their management, is the element of

Microsoft Ignite Splitter | Day 4

Day four has just ended, it was a long one. I look back to the Universal Studios party back as

Fix: Teams Phone Device Rollout

Depending on the tenant configuration, there may be problems with the rollout of Team Certified phones. Here is a solution:

Office 365 Multi-Geo

In the last general availability Microsoft has finally launched the Multi-Geo option for Exchange online. So, what that means for

Cleaning up Mailbox Folder Permissions

I guess many of you who are reading my blog are also working in the Messaging and/or Cloud area. That

Install Exchange Management Shell on your Computer

If you’re administrating an Exchange organisation there are different ways to do it. The simple way is to use the

Microsoft Ignite Splitter - Day three

Day three at the Microsoft Ignite 2019, it is unbelievable how fast the time flies. It is halftime again and

All about Exchange 2019

Many companies are still using the on-premise version of Exchange Server. And the IT departments have faced the decision of

Exchange 2016 CU9 Released!

The Exchange Team released the March updates for Exchange Server 2013 and 2016, and these Cumulative Updates contain a ton

Automatisation Office 365 Language Settings

By using Office 365 you are syncing your local Active Directory with Azure AD which is comming together on Office

Bye bye Skype

Microsoft has announced that Skype for Business will be retired on July 31st, 2021. At the Ignite 2019 in

Bulk import pictures in Office 365 users

A few days ago I got a customer request about User photos. The company had just migrated from Exchange 2010

Teams is now also available without Office 365 subscription

Microsoft make teams available as a free version, regardless of an Office 365 subscription. Free version is offered in 40

How to handle domains during a Tenant migration

It’s now already some years I am supporting companies with their journey to the cloud. Having read the Microsoft announcment

Error by installing Exchange CU (Event 1002)

Today I had to install new Exchange 2016 CU on a customer’s exchange environment. Normally that is an easy going

Microsoft Teams add-on licenses - Overview

After we have dealt with the various roles and capabilities of Microsoft Teams in the article Designate Teams admin roles,

Not able to send Message - User not found

One of my customers is running an exchange environment with multiple Accepted Domains. The reason for that is that this

Multi ADFS Forrest

About the way how you can deploy an ADFS Infrastructure I have already described here and more about ADFS you

Issue deleting Mailbox - Active directory response: 00000005: SecErr: DSID-03152612, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

Recently, one of my customers reported a problem that he was unable to delete a mailbox of a former employee.

Recommendation – Microsoft 365 authorization concepts – Part 1

PIM:

Administrative units:

SharePoint sites (through MS Teams)

Data Classification

DLP

PIM roles

Azure Subscriptions

Authorization matrix as a basis for decision-making

Supplements

SHARE THIS

Related Posts

Deprecation of Teams live events API on Microsoft Graph

Migrating on-premise Mailboxes to Office 365 by using Quest Tools

Part 7 - Enable a user for voice and voicemail services with Direct Routing

Delete Outlook cache with Microsoft Intune

Advanced version of the Teams Voice Admin Tool

How to federate multiple Azure AD instances with single ADFS

Reaward as Microsoft MVP

Allow Exchange users to see Calendar availability on G Suite

Phishing attack simulation in Exchange online - Part three

Automated ADFS setup - with WAP roles for Exchange and Skype

Generate Email for default Mails over PSForm

Modify Mailbox type using Exchange Attribute Editor

PowerShell commands for Exchange and Office 365 – Part 3

Create DAG by PowerShell

Anonymous E-Mail as an alternative

Part 6 - Assign Teams Licenses

Autodiscover and further DNS

Show Calendar Permission as a Report

Microsoft Teams name change on MacOS

Remove old EAS Devices

Azure Application Proxy

Do I need an on-premise Exchange using Exchange online?

Set automated disclaimer to all E-Mails sending out

Web Application Proxy PowerShell Cheat Sheet

Microsoft Teams data Location

Assign licenses to users in Office 365 for business

Part 2 - Assign Teams Licenses

Message Encryption with Office 365

Finding E-Mail sender IP address

Error when moving a mailbox to Exchange online

How to import an Outlook 2010 PST to Office365

Microsoft Bookings available in Office 365

Intune Deploy Win32 applications - public preview

Import PST files using Exchange PowerShell

Cloud Solution Provider (CSP) program Important Informations!!!

Microsoft Ignite Splitter - Day one

Creating a Exchange 2016 Building Block

Microsoft Ignite Splitter - A look back

Fixing mailbox enabled cloud-only user accounts in Office 365 for hybrid migrations

Configure remote domain for automatic replies

Change Language settings by Office365 Mailbox

Cloud8 virtual Summit

Mail encryption issues with PGP and S/MIME (high importance)

Microsoft Teams Survival Guide

Rewarded as Microsoft MVP - Number 5

Information about "Microsoft 365"

Exchange Online Limits

Mails from external cannot be received after migration to Exchange Online

A short note about personal passwords

Brief how-to: Enable MFA for Office 365

Get the Exchange Virtual Directories by PowerShell

Configure and manage voice users

PowerShell Script - Setting Calling Policies for multiple users

Naming convention suggestion

Try now - The "new" Microsoft Teams Client

Microsoft adds support for Google Gmail IDs to Azure Active Directory

Microsoft Ignite - Review

Building a hybrid Exchange environment

PowerShell script for Network Drive mapping

Azure Active Directory Pass-through Authentication

Microsoft Teams and Telephony

Another 10 useful PowerShell cmdlets for Exchange

Engineers help Engineers | through Telegram

Easy Office 365 Management -AdminDroid

Microsoft Kaizala will be integrated into Office 365

My PowerShell Gallery

Veeam Backup for Microsoft 365 v7

Enable UM for multiple Exchange Mailboxes