Overview
Cayosoft Administrator Microsoft Office 365 extension provides provisioning, update, suspension and management of accounts and services located in Office 365. These include Azure AD, Exchange Online, SharePoint Online, and OneDrive.
To access Microsoft Office 365, Cayosoft Administrator needs connection settings to be specified. These settings are displayed in Microsoft Ofice 365 extension in the Cayosoft Administrator console. In addition to Office 365 connection settings, there are settings for the Cayosoft Administrator automation rules and Web actions.
Microsoft Office 365 extension settings
Setting name | Description |
---|---|
Extension is enabled |
Enable or disable the Office 365 extension. Please, see Select extensions article section to determine which extensions must be enabled in your environment. |
Office 365 credentials |
Specify the account to connect to Office 365. Important: If multi-factor authentication (MFA) for Office 365 connection account must is enabled or it is included in Conditional Access Policies,
Cayosoft Administrator would prompt to complete additional configuration steps.
Office 365 connection account should hold the Global Admin Role and must be cloud-only, i.e. not synchronized with on-premises Active Directory. For more information, please see System requirements, Permissions required for Office 365 management and What is baseline protection (preview) articles. |
Admin Consent
|
Cayosoft Administrator service uses the Microsoft Graph API for Office 365 analytical data and Office 365 objects management. For more information, please read Cayosoft Azure Admin Consent for Microsoft Graph API Assignment Details and How to grant admin consent to Azure APIs and connect to the Microsoft Graph API articles. To access the Microsoft Graph, the Cayosoft Administrator must be granted the Administrative Consent.
Consent Status values:
|
Office 365 name suffix
|
Change the Office 365 name suffix. The default value for the Office 365 name suffix is taken from the Office 365 connection account. Office 365 name suffix is used in AD Users | Create Office 365 Accounts (Cloud) rule during new Office 365 user accounts creation and New User web action. |
Default Usage Location |
Specify the Usage Location to set by default for any newly created Office 365 account, or when an Office 365 license is assigned for the first time. The default setting value depends on the region of the computer running the Administration Service. The value of this setting is used in the New User | Create Office 365 User rule, when creating a new Office 365 account that matches the user created in the Active Directory. |
Maximum returned results |
The maximum number of objects returned from Office 365. By default, all objects that you have provisioned in Microsoft Office 365 are returned. |
Connect to Skype Online service |
Important: Skype for Business Online Windows PowerShell Module is required to enable this feature. For more information, please see Installing components for working with Skype for Business Online article.
Connect to Skype Online service setting works as follows:
Note: If you don't plan to use Skype Online automation rules, it is recommended to keep this setting set to No for optimal performance.
|
Connect to SharePoint Online service |
Important: SharePoint Client-Side Object Model (CSOM) and SharePoint Online Management Shell are required to enable this feature. For more information, please see Installing components for working with SharePoint Online article.
Connect to SharePoint Online service setting works as follows:
Note: If you don't plan to use any of the features listed above, it is recommended to keep this setting set to No for optimal performance.
|
Advanced Settings |
|
Azure Environment
|
Select your Microsoft Azure environment from the list. For information on various Azure Environments, please see the MS Docs: https://docs.microsoft.com/en-us/office365/enterprise/office-365-endpoints. |
License Cache File |
License Cache file contains the list of all Office 365 licenses and options in your tenant. Cayosoft Administrator service updates this file automatically on service start. When new licenses or services were added or removed in your tenant, click the Update License Cache command to update the license cache file manually. For details, please see How to update license cache and rules when the Office 365 license change detected KB article. |
Enforce License Precedence (Advanced) |
This is an advanced setting in Cayosoft Administrator that helps to resolve Office 365 license plans conflicts. For details, please see KB20181026-1. |
License Add-ins Services IDs (Advanced) |
This setting is used to determine proper order in which certain license plans must be assigned or revoked in Office 365. Some Office 365 license plans are treated as add-ins to the core license plans. The add-in license plan cannot be assigned to the user without a corresponding core plan being assigned. Add-in plans must be assigned only after the core plan was assigned, and must be revoked before the core plan is revoked. Otherwise, Office 365 reports a license assignment error. If you have any custom add-ins, you should specify them in this setting. |
Microsoft Office 365 API URL (Advanced) |
This setting points to the Office 365 API endpoint and depends on the selected Azure Environment. Note: This setting was introduced for advanced troubleshooting purposes. Please contact Cayosoft if you believe this setting needs to be changed in your environment.
|
Microsoft Graph Reporting API URL (Advanced) |
This setting points to the Microsoft Graph API endpoint. Note: This setting was introduced for advanced troubleshooting purposes. Please contact Cayosoft if you believe this setting needs to be changed in your environment.
|
Enable Modern Authentication (Advanced) |
Use this setting to enable modern authentication for Exchange online. For details please see this article: https://support.cayosoft.com/hc/en-us/articles/360040408252#ModernAuthentication |
Dynamic Group target exclusions |
Use this setting to prevent selecting specific groups as Dynamic Group targets to prevent escalation. You can set multiple values separated by ";", each value is a mask for the target group name. Example: *Global Admins*;*Helpdesk Admins* |
Apply fix for Get-FormatData error |
Contact Cayosoft support if you receive the error connecting to Office 365: Data returned by the remote Get-FormatData command is not in the expected format. |
Azure AD Administrative Units |
|
Azure AD Administrative Units |
You can limit the scope of Microsoft 365 web queries to the members of the specified Azure AD Administrative Unit. Click Configure to see the list of all Azure AD Administrative Units in your tenant and check which of them are set to treat as containers. In this case, selected Azure AD Administrative Units behaves like Active Directory Organizational Unit: when a new member is added to this Azure AD Administrative Unit, Cayosoft Administrator removes this member from all other Azure AD Administrative Units marked as containers. You can check\uncheck Treat as container setting for each Azure AD Administrative Unit. |
User Name Generation Rules (Web Interface) |
|
Display Name generation rule User Name prefix generation rule
|
Cayosoft Administrator can automatically generate user DisplayName and User Name during user creation. Select a generation rule from the list or create your own generation rule to satisfy your organization's requirements and policies. These rules are applied to the New User and Rename User web actions. |
User Name conflict resolution
|
Naming attributes should be unique in Microsoft Office 365. Cayosoft Administrator provides automatic name uniqueness check and conflict resolution. A unique name can be generated with alternative generation rules and applying unique counters. Select the desired behavior when a name conflict is identified:
For more information, please see Name conflict resolution and alternative names generation section. |
Alternate Name Generation Rules (Web Interface) |
|
Alternative User Name prefix generation rule
|
If Name conflict resolution option is set to Try alternative generation rule, and if fail-stop and notify a user or Try alternative generation rule, and if fail - continue and suffix the user name with a numeric counter, Cayosoft Administrator will use Alternate Name Generation Rules to generate user name during user creation. Select generation rule from the list or create your own generation rule to satisfy your organization's requirements and policies. |
Counter format
|
If Name conflict resolution option is set to Continue and suffix the user name with a numeric counter or Try alternative generation rule, and if fail - continue and suffix the user name with a numeric counter, the next available numeric counter will be added to the generated string. By default, the counter starts with 1. If you want to customize the counter format, use this setting to define the new format. For example, if you need to use two digits in the counter, you should enter 00 in the Counter format field. |
Other User Provisioning Settings (Web Interface) |
|
Default User Language Time Zone |
The values of Default User Language and Time zone settings will be used by default in the New User | Office 365 Mailbox post-creation tasks rule. |
Customer Prices for Office 365 Licenses |
|
License prices |
Specify prices for Office 365 licenses, available in your tenant. You should input monthly cost - user/month. These prices are used in:
Note: Prices for Office 365 license quotas need to be specified on each web query separately.
|
Actions
Command name | Description |
---|---|
Check settings |
This command validates the specified settings and verifies that the account credentials are correct. |
Run components check | This command runs the Cayosoft Administrator System Check tool that verifies what required components are installed. |
Update license cache | This command updates the list of Office 365 License plans and options that are present in your Office 365 tenant. For details please see this KB article: https://support.cayosoft.com/hc/en-us/articles/360018057292 |
Notify Cayosoft | This command sends to Cayosoft the list of Office 365 licenses from the License cache file. |
Troubleshooting Office 365 connection issues
How to grant admin consent to Azure APIs and connect to the Microsoft Graph API
Cayosoft Azure Admin Consent for Microsoft Graph API Assignment Details
KB20180503-1 Troubleshooting connection to Office 365
KB20180823-1 Troubleshooting Cayosoft Administrator Grant Consent
Change History
Version | Notes |
---|---|
8.0.0 | Azure AD Administrative Units section is added. |
7.3.0 | Dynamic Group target exclusions, Apply fix for Get-FormatData error settings are added. |
7.1.0 |
|
7.0.0 |
Update License command is renamed to Update License Cache. |
6.2.0 |
Azure Admin consent status values added. |
Comments
0 comments
Please sign in to leave a comment.