(De-) provisioning

User accounts are set up and group memberships are assigned. In addition, accounts for other applications and access to them must be created - regardless of whether for Exchange, SharePoint Online, Office 365 or countless other cloud applications provided via A(zure) A(ctive) D(irectory).

This issue becomes more critical during deprovisioning. For example, new authorisations might be issued as a result of cover for people on annual leave. It is not easy to comply with and withdraw these authorisations at the appropriate time without turning to tools. Situations become completely uncontrollable when employees leave the company.

Inconsistencies

If user administration features manual processes, administrators must pay close attention to intricacies and processes - particularly in the event of a hybrid construction made from Microsoft's Active Directory (AD) and Azure Active Directory (AAD).

Careless mistakes often happen, particularly in the case of urgent enquiries. For example, the wrong group memberships could be assigned in the AD and AAD, as required for a particular function in the company to be performed.

Processes such those for as obtaining approval for authorisations from the responsible officer for the particular business area in question are not complied with. There can be no guarantee that the same procedure will be followed for recurring tasks.

Synchronisation

The two systems have different user administration systems, and administrators must work with different user interfaces.

Errors are also likely to arise during the complex process of ensuring that user information is consistent. Errors in user administration on the local side often have a direct impact on the cloud. Native resources in the Active Directory (ADUC) do not offer the functionalities required to ensure data integrity or compliance with administrative policies.

These three factors make hybrid user management a risky endeavour if additional tools are not brought into play. As a result, companies should consider making their user administration "watertight". Similarly, it is essential to restrict administrators to their area of responsibility to avoid errors and ensure compliance.

Out of the box, the O365 manager offers an identity warehouse with a comprehensive synchronisation engine. This is supplemented by workflow-based provisioning and delegated granular administration. An integrated SSO solution, including multi-factor authentication, rounds off the package. Your identity infrastructure may be complex, but the O365 manager can configure it. RBAC and ABAC are integrated as standard and make administration easier. Comprehensive monitoring mechanisms, risk management, dashboards and reports provide you with the most important information needed for each audit. Users want a quick, consistent process for requesting authorisations, including for groups, approved mailboxes and folders. Office Manager 365's IT shop provides this.

We can work with you to quickly configure your processes and workflows so that just one system is used for administration.

Summary of the benefits that IPG's Office 365 Manager offers you:

Comprehensive

• Monitoring mechanisms
• Risk assessment
• Dashboards
• Reports

Self-service

• Fast and consistent process
• For requesting authorisations, including groups, approved mailboxes, folders and pages
• Clearly regulated clearance

Single sign-on & MFA possible

Modular and expandable

• Integration of additional cloud services
• Connection to internal systems/applications
• Holistic IAM

User administration for internal employees

• Internal user authorisations and authorisations for AD and the file system can be handled with O365 Manager

„Easy to get“ / „easy to pay“

• As a managed service from IPG
• In your own data centre or in the cloud
• Financing models