Difference between revisions of "Microsoft Office 365 Connector"
From Univention Wiki
| Line 80: | Line 80: | ||
Note: Service plans are only assigned when the user is initially synced to the Azure AD, as the license is applied at that point. Assigning a user to a group does not work retrospectively. In addition, changing the profile object to include or remove service plans does not update existing users! | Note: Service plans are only assigned when the user is initially synced to the Azure AD, as the license is applied at that point. Assigning a user to a group does not work retrospectively. In addition, changing the profile object to include or remove service plans does not update existing users! | ||
| + | |||
| + | = Working with groups = | ||
| + | |||
| + | If you want to synchronize groups into the Azure AD you have to set the variable "office365/groups/sync" to "yes" in the module "Univention Configuration Registry". Please also restart the "univention-directory-listener" in the "System Services" module. | ||
| + | All newly created groups and group updates will then be synchronized with the Azure AD. | ||
| + | |||
| + | If you want to synchronize existing groups, please use the following command: | ||
| + | # univention-directory-listener-ctrl resync office365-group | ||
Revision as of 15:16, 21 December 2018
The Microsoft Office 365 Connector is available in the Univention App Center
Configuring Subscriptions
Office 365 Features are enabled by subscriptions and service plans. This page describes how to configure the default features for new users that are synced to the Azure AD.
Note: Service plans are only assigned when the user is initially synced to the Azure AD, as the license is applied at that point. Assigning a user to a group does not work retrospectively. In addition, changing the profile object to include or remove service plans does not update existing users!
After the Office 365 Connector wizard has been run successfully, users can be activated for Office 365 by activating the checkbox on the Office 365 Tab of a user object, or by selecting the Office365 Account Template when creating a new user.
By default, the Office subscription and all features are enabled for a user that is synced (UCR office365/subscriptions/service_plan_names). Administrators may want to restrict which features a user can use by default.
First, sync one Office 365 user, and in the Office 365 Administrator Interface, disable all unwanted features.
Then, on your UCS system where the connector is installed, execute the following, to show which plans the user has activated
/usr/share/univention-office365/scripts/print_users_and_groups
root@master:~# /usr/share/univention-office365/scripts/print_users_and_groups
User | Enabled | User Principal Name | Licenses (*) | Enabled plans (*)
-------------------------------------------------------------------------------------------------------------------------
univention | x | univention@univention.de | 2 | 2, 3, 4, 5, 8, 9, 10
-------------------------------------------------------------------------------------------------------------------------
(*) 1: AAD_BASIC, 2: ENTERPRISEPACK
(**) 1: MicrosoftCommunicationsOnline, 2: MicrosoftOffice, 3: PowerAppsService, 4: ProcessSimple
5: ProjectWorkManagement, 6: RMSOnline, 7: SharePoint, 8: Sway
9: TeamspaceAPI, 10: YammerEnterprise, 11: exchange
Now, print the corresponding internal Office 365 plan names:
root@master:~# /usr/share/univention-office365/scripts/print_subscriptions
Subscriptions
=====================
Subscription | Applies to | Status | Consumed | Remaining | Prepaid (*)
--------------------------------------------------------------------------
AAD_BASIC | User | Enabled | 0 | 5 | 5/0/0
ENTERPRISEPACK | User | Enabled | 3 | 2 | 5/0/0
--------------------------------------------------------------------------
(*) enabled/suspended/warning
AAD_BASIC
=================
Service plan | Applies to | Status | in UCRV (*)
--------------------------------------------------------------------
AAD_BASIC | User | Success |
--------------------------------------------------------------------
(*) office365/subscriptions/service_plan_names
ENTERPRISEPACK
======================
Service plan | Applies to | Status | in UCRV (*)
--------------------------------------------------------------------
FLOW_O365_P2 | User | Success |
POWERAPPS_O365_P2 | User | Success |
TEAMS1 | User | Success |
PROJECTWORKMANAGEMENT | User | Success |
SWAY | User | Success |
INTUNE_O365 | Company | PendingActivation |
YAMMER_ENTERPRISE | User | Success |
RMS_S_ENTERPRISE | User | Success |
OFFICESUBSCRIPTION | User | Success | x
MCOSTANDARD | User | Success |
SHAREPOINTWAC | User | Success | x
SHAREPOINTENTERPRISE | User | Success |
EXCHANGE_S_ENTERPRISE | User | Success |
--------------------------------------------------------------------
(*) office365/subscriptions/service_plan_names
Note which plans are to be activated. Now a subscription profile has to be configured. In the Univention Management Console, open the LDAP browser in the Domain section, and navigate to <BASE> -> office365 -> profiles. Select 'Add' and create a new object type 'Office 365 Profile'.
The profile name will be shown later when assigning it to a group. The subscription identifier is to be taken from the output of 'print_subscriptions'. Now, add all services that should be deselected to 'Service plan blacklist' and save the profile.
To assign the profile, open a user group in the corresponding UMC module, and select the profile on the 'Office 365' tab. Now, every user which gets activated for Office 365 and is a member of the group, will get the service plans as assigned in the profile.
Note: Service plans are only assigned when the user is initially synced to the Azure AD, as the license is applied at that point. Assigning a user to a group does not work retrospectively. In addition, changing the profile object to include or remove service plans does not update existing users!
Working with groups
If you want to synchronize groups into the Azure AD you have to set the variable "office365/groups/sync" to "yes" in the module "Univention Configuration Registry". Please also restart the "univention-directory-listener" in the "System Services" module. All newly created groups and group updates will then be synchronized with the Azure AD.
If you want to synchronize existing groups, please use the following command:
# univention-directory-listener-ctrl resync office365-group
