Manage user account settings in Microsoft 365
As soon as an organization purchases Microsoft 365, it can use the Microsoft 365 admin center and PowerShell to manage its user accounts. When an organization manages its cloud identities, every person in the company has a separate user account name and password. If you want to integrate with your on-premises infrastructure and have user accounts synchronized with Microsoft 365, you can use Microsoft Entra Connect Sync or Microsoft Entra Cloud Sync. These tools provide synchronization of identities and passwords for single sign-on (SSO) functionality.
Where and how you manage your user accounts depends on the identity model you want to use for your Microsoft 365 deployment. The two overall models are cloud-only and hybrid.
- Cloud-only. You create and manage users in the Microsoft 365 admin center. You can also use PowerShell or the Microsoft Entra admin center.
- Hybrid. Microsoft 365 synchronizes user accounts from AD DS. As such, you must use on-premises AD DS tools to manage user accounts.
The following table lists the different account management tools.
| Tool | Notes |
|---|---|
| Microsoft 365 admin center |
- Add users individually or in bulk - Provides a simple web interface to add and change user accounts. - You can't use the admin center to modify user accounts if the organization enables directory synchronization. However, you can use the admin center to set the location and license assignment. - You can't use the admin center with SSO options. |
| Windows PowerShell |
- Create user accounts with PowerShell. - Allows you to add users in bulk users by using a Windows PowerShell script. - You can use PowerShell to assign location and licenses to accounts, regardless of how you create the accounts. |
| Bulk import |
- Add several users at the same time - Allows you to import a CSV file to add a group of users to Microsoft 365. - You can't use bulk import with SSO options. |
| Microsoft Entra ID | - You get a free edition of Microsoft Entra ID with your Microsoft 365 subscription. You can perform functions like self-service password reset for cloud users, and customization of the Sign-in and Access Panel pages by using the free edition. To get enhanced functionality, you can upgrade to the basic edition, Microsoft Entra Premium P1, or Microsoft Entra Premium P2. See Microsoft Entra ID editions for the list of supported features. |
| Directory synchronization |
- Integrating your on-premises identities with Microsoft Entra ID - For directory synchronization with or without password synchronization, see Microsoft Entra Connect Sync with express settings. - For multiple forests and SSO options, see Custom Installation of Microsoft Entra Connect Sync. - Provides the infrastructure that's necessary to enable SSO. - Required for many hybrid scenarios such as staged migration and hybrid Exchange - Synchronizes security and mail-enabled groups from your AD DS. - You must install the directory synchronization software on servers within your on-premises environment. This software connects the identities between Microsoft 365 and your AD DS. - Any directory synchronization option, including SSO options, requires that your AD DS attributes meet standards. A later Learning Path titled Implement identity synchronization explores the specifics of what attributes you must use in your directory and what maintenance (if any) you must perform. |
Regardless of how you intend to add the user accounts to Microsoft 365, you must manage several account features, such as assigning licenses, specifying location, and so on. You can manage these features long-term from the Microsoft 365 admin center, or you can also use PowerShell (see the earlier link in the table).
Important
If you create accounts in Microsoft 365 without assigning a license (to SharePoint Online, for example), the account owner can view the Microsoft 365 admin center but can't access any of the services within your company's subscription. After you assign a location and license, the system replicates the account to the service or services that you assigned. The user can then sign-in to their account and use the services that you assigned to them.
Manage user accounts in the Microsoft 365 admin center
If you choose to add and manage all your users through the admin center, you can specify the location and assign licenses at the same time as creating the Microsoft 365 account. Managing user accounts involves managing several account settings, such as:
- Assigning administrator roles
- Setting users’ sign-in status
- Specifying user location settings
- Assigning licenses
To maintain this information, you don't have to use the same method that you used to originally provision the user accounts. You can manage these user settings through the Microsoft 365 admin center or by using Windows PowerShell. Given the simplicity of managing user accounts through the admin center, this approach is the area of focus in this training.
You can use the Microsoft 365 admin center to edit single or multiple users. Complete the following steps to edit a user account:
- On the Microsoft 365 admin center, in the left-hand navigation pane, select Users and then select Active Users.
- In the list of active user accounts, select the user that you want to edit to open the user's account pane. The user's account pane separates the user's account information into the following tabs:
- Account. This tab enables you to modify the username and aliases, email addresses, group membership, roles, priority monitoring, and account contact information. You can also manage multifactor authentication for this user and force a sign out from all Microsoft 365 sessions. The tab also displays the user's sign-in history for the past 30 days, and the user's Microsoft 365 activations.
- Devices. This tab displays the devices the user enrolled in Intune.
- Licenses and Apps. This tab enables you to modify the licenses assigned to the user. You can also set the user location. Microsoft needs to know the location of each user who uses its Microsoft 365 services so that it only offers permitted services to that user. Finally, you can customize the list of apps available to the user.
- Mail. This tab enables you to modify mailbox permissions, email forwarding, automatic replies, global address list visibility, litigation hold, Exchange properties, and email apps.
- OneDrive. This tab enables you to obtain access to the user’s files, view the storage quota, and manage external sharing. It also provides links to the SharePoint admin center to manage your organization settings for data retention and default storage space.
