Office 365: the hidden administrative challenge

Adoption of Microsoft Office 365 is growing rapidly. The value proposition is hard to ignore, especially for companies operating in education, for whom the service is free. While Office 365 as a whole provides numerous benefits it also creates additional administrative overhead as most organizations who deploy it are already managing an Active Directory (AD) implementation.

Generally speaking, Microsoft attempts to solve this problem in primarily two ways; The implementation of federated services or dirsync. A federated service deployment is a serious IT project and for organizations seeking integration with little other than Office 365, it’s overkill. Dirsync provides an easy answer but is limiting in its own way; essentially locking itself to Active Directory, making it difficult to apply rules to the two systems independently if desired.

There is another challenge however that is quite hidden in all of this. License management. There are seven different plans, and organizations rarely assign the same plan to every type of user. The correct assignment of such licenses is not only tedious during the onboarding process but an outright burden from the upkeep perspective. In addition, assignment and removal is required with frequency due to roles and jobs changing often. This is only further compounded by the fact that Office 365 is not designed with administrative delegation in mind, and typically only a small handful of people in any organization possess the rights to make the ongoing requisite modifications.

On the surface it appears that a PowerShell script, like the one described in this article, obviates all of the aforementioned challenges. There are some circumstances when it may very well, such as if person who makes license assignment decisions is comfortable, and capable, of utilizing a scripting language. Based on feedback from both existing and prospective customers it is my firm belief that in most organizations the employee writing the scripts, and the one who needs to be in direct control of license assignment, is not one and the same.

The Office 365 connector for User Management Resource Administrator (UMRA) successfully overcomes all of the obstacles discussed. It’s a flexible solution, deployed rapidly, which streamlines activities associated with office 365 account lifecycle management, password synchronization, and license management delegation. It breaks the bondage between dirsync and Office 365 allowing customers to making distinctive account lifecycle management decisions across AD and Office 365 separately. It also replicates basic federated functionality in one day, not weeks or months. Finally, license code management is delegated to the appropriate individuals in an elegant web interface eliminating the need to share the administrative username and password for Office 365 itself.