Difference between revisions of "Microsoft Office 365 Connector"

From Univention Wiki

Jump to: navigation, search
Line 80: Line 80:
  
 
Note: Service plans are only assigned when the user is initially synced to the Azure AD, as the license is applied at that point. Assigning a user to a group does not work retrospectively. In addition, changing the profile object to include or remove service plans does not update existing users!
 
Note: Service plans are only assigned when the user is initially synced to the Azure AD, as the license is applied at that point. Assigning a user to a group does not work retrospectively. In addition, changing the profile object to include or remove service plans does not update existing users!
 +
 +
= Working with users =
 +
 +
If you want to (re-)synchronize users (e.g. to reassign service-subscriptions to users) into the Azure AD you have to resync the Univention-Directory-Listener with following command:
 +
# univention-directory-listener-ctrl resync office365-user
 +
 +
All users (LDAP-Attributes and service-subscriptions) will then be (re-)synchronized with the Azure AD.
 +
'''Note:''' It is necessary that at least one extra license is present during the reassignment.
  
 
= Working with groups =
 
= Working with groups =

Revision as of 10:29, 18 January 2019

The Microsoft Office 365 Connector is available in the Univention App Center

Configuring Subscriptions

Configure service plans for example user

Office 365 Features are enabled by subscriptions and service plans. This page describes how to configure the default features for new users that are synced to the Azure AD.

Note: Service plans are only assigned when the user is initially synced to the Azure AD, as the license is applied at that point. Assigning a user to a group does not work retrospectively. In addition, changing the profile object to include or remove service plans does not update existing users!

After the Office 365 Connector wizard has been run successfully, users can be activated for Office 365 by activating the checkbox on the Office 365 Tab of a user object, or by selecting the Office365 Account Template when creating a new user.

By default, the Office subscription and all features are enabled for a user that is synced (UCR office365/subscriptions/service_plan_names). Administrators may want to restrict which features a user can use by default.

First, sync one Office 365 user, and in the Office 365 Administrator Interface, disable all unwanted features.


Then, on your UCS system where the connector is installed, execute the following, to show which plans the user has activated

/usr/share/univention-office365/scripts/print_users_and_groups
root@master:~# /usr/share/univention-office365/scripts/print_users_and_groups 
    User      | Enabled |             User Principal Name             | Licenses (*) |         Enabled plans (*)        
-------------------------------------------------------------------------------------------------------------------------
univention     | x       | univention@univention.de                | 2            | 2, 3, 4, 5, 8, 9, 10             
-------------------------------------------------------------------------------------------------------------------------
(*)  1: AAD_BASIC, 2: ENTERPRISEPACK
(**) 1: MicrosoftCommunicationsOnline, 2: MicrosoftOffice, 3: PowerAppsService, 4: ProcessSimple
    5: ProjectWorkManagement, 6: RMSOnline, 7: SharePoint, 8: Sway
    9: TeamspaceAPI, 10: YammerEnterprise, 11: exchange

Now, print the corresponding internal Office 365 plan names:

root@master:~# /usr/share/univention-office365/scripts/print_subscriptions
                             Subscriptions                            
                         =====================                        
 Subscription  | Applies to | Status  | Consumed | Remaining | Prepaid (*)
--------------------------------------------------------------------------
AAD_BASIC      | User       | Enabled |        0 |         5 |       5/0/0
ENTERPRISEPACK | User       | Enabled |        3 |         2 |       5/0/0
--------------------------------------------------------------------------
(*) enabled/suspended/warning
                   AAD_BASIC                   
               =================               
    Service plan      | Applies to |      Status       | in UCRV (*)
--------------------------------------------------------------------
AAD_BASIC             | User       | Success           |           
--------------------------------------------------------------------
(*) office365/subscriptions/service_plan_names
                 ENTERPRISEPACK                
             ======================            
    Service plan      | Applies to |      Status       | in UCRV (*)
--------------------------------------------------------------------
FLOW_O365_P2          | User       | Success           |           
POWERAPPS_O365_P2     | User       | Success           |           
TEAMS1                | User       | Success           |           
PROJECTWORKMANAGEMENT | User       | Success           |           
SWAY                  | User       | Success           |           
INTUNE_O365           | Company    | PendingActivation |           
YAMMER_ENTERPRISE     | User       | Success           |           
RMS_S_ENTERPRISE      | User       | Success           |           
OFFICESUBSCRIPTION    | User       | Success           | x         
MCOSTANDARD           | User       | Success           |           
SHAREPOINTWAC         | User       | Success           | x         
SHAREPOINTENTERPRISE  | User       | Success           |           
EXCHANGE_S_ENTERPRISE | User       | Success           |           
--------------------------------------------------------------------
(*) office365/subscriptions/service_plan_names
Profiles in UCS Ldap

Note which plans are to be activated. Now a subscription profile has to be configured. In the Univention Management Console, open the LDAP browser in the Domain section, and navigate to <BASE> -> office365 -> profiles. Select 'Add' and create a new object type 'Office 365 Profile'.

The profile name will be shown later when assigning it to a group. The subscription identifier is to be taken from the output of 'print_subscriptions'. Now, add all services that should be deselected to 'Service plan blacklist' and save the profile.

Adding a new profile

To assign the profile, open a user group in the corresponding UMC module, and select the profile on the 'Office 365' tab. Now, every user which gets activated for Office 365 and is a member of the group, will get the service plans as assigned in the profile.

Assign a profile to a group

Note: Service plans are only assigned when the user is initially synced to the Azure AD, as the license is applied at that point. Assigning a user to a group does not work retrospectively. In addition, changing the profile object to include or remove service plans does not update existing users!

Working with users

If you want to (re-)synchronize users (e.g. to reassign service-subscriptions to users) into the Azure AD you have to resync the Univention-Directory-Listener with following command:

# univention-directory-listener-ctrl resync office365-user

All users (LDAP-Attributes and service-subscriptions) will then be (re-)synchronized with the Azure AD. Note: It is necessary that at least one extra license is present during the reassignment.

Working with groups

If you want to synchronize groups into the Azure AD you have to set the variable "office365/groups/sync" to "yes" in the module "Univention Configuration Registry". Please also restart the "univention-directory-listener" in the "System Services" module. All newly created groups and group updates will then be synchronized with the Azure AD.

If you want to synchronize existing groups, please use the following command:

# univention-directory-listener-ctrl resync office365-group
Personal tools