Figure 7-1: Sign in to Office 365 by using the Connect-MsolService cmdlet.
When prompted to sign in, provide credentials appropriate to the function that you want to administer. For full end-to-end administrative access, authenticate with a Global Administrator account. If sign-in is successful, your session is now connected to Office 365 Azure Active Directory in the context of your Global Administrator account. A global administrator has access to all administrative features and is the only administrator who can assign other administrative roles to users. You can have more than one global administrator in your organization. By default, the person who signs up to purchase Office 365 becomes a global administrator. Note The Global Administrator account is often referred to as just the Global Admin or sometimes as the Tenant Admin. After you are signed in as the global administrator, you can perform any function within the tenant. When you sign in for the first time, you will go through a series of steps and wizards to assist in setting up the tenant with the look and feel you want, the services you require, and any other initial tasks needed to complete the setup. After the setup tasks are done, you will be in the run, maintain, and operate phases to which you were introduced earlier in the chapter. Probably the most common activities you will undertake as a global administrator relate to the management of identities within the tenant. In the next section, we will look at some of the tasks a global administrator can accomplish with Windows PowerShell and highlight where this task would be difficult or impossible to complete in the Admin Center.
Managing identity in Office 365 and Azure Active Directory Azure Active Directory (also known as Azure AD) is Microsoft’s multitenant cloud-based directory and identity management service. SharePoint server and Office 365 take a dependency on this service to support the provision of hybrid features to subscribers of the SharePoint Online service. Hybrid features are not fully functional unless Office 365 Azure Active Directory has been populated with the user and group identities from the on-premises Windows Active Directory.
Adding a new Active Directory domain to Office 365 The global administrator is responsible for implementing the configuration of Office 365 to support populating the Azure Active Directory with the on-premises user and group accounts. Adding a domain to Office 365 would normally be part of the setup process; however, there are some 109
CHAP TER 7 | Administering Microsoft SharePoint hybrid by using Windows PowerShell