Manage and automate Microsoft 365

With the help of Adaxes, you can manage Microsoft 365 accounts of your users, assign or revoke Microsoft 365 licenses, configure available services, etc.

If your Microsoft 365 plans include Exchange Online licenses, Adaxes will also enable you to manage Exchange Online mailboxes and Microsoft 365 distribution lists from Adaxes Web interface. In addition to that, you can automate routine and repetitive Microsoft 365 and Exchange Online management tasks, for example provisioning Microsoft 365 accounts for new users and assigning the correct licenses.

In this tutorial, you will learn how to:

Register Microsoft 365 tenant

To enable Microsoft 365 management in Adaxes, you need to register a Microsoft 365 tenant. You are not limited to a single Microsoft 365 tenant. If you have two or more tenants that you need to manage, Adaxes provides you with a flexible way to configure which objects in your managed domains belong to which tenant.

If you register a Microsoft Entra domain in Adaxes, you can manage its Exchange Online mailboxes without registering a Microsoft 365 tenant. However, you need to register a tenant to manage Microsoft 365 licenses.

  1. Launch Adaxes Administration console.

  2. Expand Adaxes service \ Configuration \ Cloud Services and select Microsoft 365.

  3. In the Managed Microsoft 365 Tenants section located to the right, click New.

  4. Select between Application account and User account authentication and provide the corresponding credentials. Adaxes will use the specified account to perform all operations in the tenant.

    If you already registered an application in Microsoft Entra ID for managing a Microsoft Entra domain via Adaxes, you can use the same application to manage your Microsoft 365 tenant.

    If your Microsoft 365 organization resides in a restricted environment e.g. US Government, select it in the drop-down list at the bottom.

    Click Next.

  5. Specify a display name for the tenant.

    The tenant will appear under this name when viewing or editing Microsoft 365 accounts.

     Screenshot

  6. Select which Microsoft 365 plans will be available in Adaxes. Unchecked plans will not be visible in Adaxes and users will not be able to assign them.

    Configure plans

    Each plan can provide access to one or more Microsoft 365 services. You can configure which services will be enabled by default when a Microsoft 365 plan is assigned to a user. Also, you can change the display names for Microsoft 365 plans and services.

     How
    • Click a Microsoft 365 plan.

    • To change the display name of the plan, enter a new name in the Display name field.

       Screenshot

    • In the Microsoft 365 Services section, uncheck the services that you don't want to be enabled by default.

    • To change the display name of a service, click the service and enter a new name in the dialog that opens.

       Screenshot

    Settings related to Microsoft 365 plans and services can be overridden for specific forms, views, and actions in the Web interface. For example, you can restrict available Microsoft 365 plans on the user creation form and configure whether users can enable or disable individual Microsoft 365 services. For details, see Customize forms for user creation and editing.

     Screenshot

    Configure password synchronization

    By default, when a user's password is changed in Active Directory, the new password cannot be used in Microsoft 365 right away. Even if passwords are synchronized by Microsoft Entra Connect, it takes some time before synchronization occurs.

    To let Adaxes automatically set the same password in Microsoft 365 when a new user is created, or update the password when it is changed in AD, enable the Synchronize passwords option.

    Click More options to configure settings related to temporary passwords generated by Microsoft 365.

     Details

    Temporary passwords

    If Adaxes is configured not to synchronize passwords or a password specified for a new user does not meet password policy requirements in Microsoft 365, Microsoft 365 will generate a random temporary password. In the Temporary Passwords section, you can configure how temporary passwords generated by Microsoft 365 will be communicated to users.

    Display the temporary password in the Execution Log

    Select this option to show the temporary password in the Execution Log of the operation during which a Microsoft 365 account is created.

     Screenshot

    Email the temporary password to

    Select this option to have a temporary password sent by e-mail. In the edit box, specify a list of recipients separated by semicolons. To select recipients using a directory object picker, click the button.

    You can use value references in the email addresses of recipients. When a Microsoft 365 account is created for a user, value references will be replaced with the corresponding property values of the user's account. For example, the %mail% value reference will be replaced with the user's e-mail address.

     More examples
    • %adm-ManagerEmail% – the e-mail address of the user's manager.
    • %adm-InitiatorEmail% – the e-mail address of the user who activated the Microsoft 365 account.
    • %adm-InitiatorManagerEmail% – the e-mail address of the manager of the user who activated the Microsoft 365 account.
  7. Click Next.

  8. On the Associated Directory Scope page of the wizard, click Add to associate the Microsoft 365 tenant with objects in your directory.

    If you would like to associate the tenant with a business unit, expand the Look in drop-down list and select Business Units, then select the business unit you need.

    You can exclude some parts of your directory from the scope of a tenant. For example, you might want to exclude service accounts that reside in a specific OU. To exclude an object, select the Exclude option in the Associated Scope Options dialog box.

     Step by step
    • Click the object you want to exclude.

    • In the Associated Options dialog, select the Exclude option.

    • Click OK.

    A tenant must be associated with all users whose Microsoft 365 accounts you would like to manage, and with all Active Directory groups whose Exchange Online mailboxes you would like to manage.

    In hybrid environments (synchronized via Microsoft Entra Connect), it is recommended to match the tenant scope with the Microsoft Entra Connect scope.

  9. When done, click OK and then click Finish.

Multiple tenants

You can manage multiple Microsoft 365 tenants via Adaxes. If an object falls within the scope of two or more Microsoft 365 tenants, the object is associated with the tenant of a higher precedence.

To change the precedence of a tenant, select it and use the buttons.

To find the Microsoft 365 tenant associated with a specific object, click Lookup tenant for object. To view all objects associated with a tenant, select the tenant and click Show all associated objects.

Automate Microsoft 365 license management

Adaxes allows you to automate the management of Microsoft 365 accounts. For example, when a new user is created in your directory, Adaxes can automatically assign Microsoft 365 licenses to the user based on their job title, department, location, etc.

When a user account is updated, Adaxes can adjust the licenses according to the rules you define. When a user is deprovisioned, Adaxes can revoke all licenses and block sign in to Microsoft 365 for that user.

For information on how to assign Microsoft 365 licenses automatically, see Automatically assign Microsoft 365 licenses.

Delegate Microsoft 365 tasks

Using security roles, you can delegate Microsoft 365 management tasks to users. You can allow users to manage Microsoft 365 licenses, activate and deactivate user accounts in Microsoft 365.

For information on how to delegate permissions to perform Microsoft 365 tasks, see Grant permissions to perform Microsoft 365 management tasks.

You can also delegate the management of mailboxes and distribution lists located in Microsoft 365. The permissions to manage Exchange mailboxes are also configured with the help of security roles. For more information, see Grant permissions to perform Exchange tasks.

Customize Web interface for Microsoft 365

Adaxes Web Interface allows users to view Microsoft 365 account properties, activate and deactivate Microsoft 365 accounts, assign and revoke Microsoft 365 licenses.

To enable users to view and manage Microsoft 365 accounts, you need to place the Microsoft 365 properties section on object views and forms for object creation and modification. For details, see Customize forms for user creation and editing.

The section is visible for an object only if there is a Microsoft 365 tenant associated with the object.

Additionally you can configure the Actions pane to contain a separate operation for editing Microsoft 365 properties.

For more details, see Configure Actions pane.