Chatta subito con l'assistenza
Chat con il supporto

Nova Current - Getting Started Guide for Delegation and Policy Control for Delegated Administrators

Introduction to Delegation and Policy Control

Quest Nova provides granular Delegation and Policy Control for Microsoft 365, enabling you to assign pre-defined roles and responsibilities to specific users, such as help desk operators, country-level administrators, or end-users. Nova also includes policy-based automation for authorization, service configuration and license assignment.

This guide to help you get started with Delegation and Policy Control as a delegated administrator. This includes:

·overviews of the Manage and Manage Administration tabs

·examples of actions that can be completed by a delegated administrator

 

For a more in-depth guide on using Quest Nova, please click here to view the Nova technical documents. In the Quest Nova User Guide, you will see more information on:

·Custom PowerShell execution and delegation

·additional policy examples

·more actions for delegated administrators

It is recommended that you undertake Nova training before using the application to get a better understanding of the platform. To sign up to Nova learning, click here.

To access Delegation and Policy Control, you will need a subscription to Nova that includes support for management, and support will provision your organization during the on-boarding process.

Roles in Nova DPC

Users of the Nova application can be assigned one or more roles. Each role provides functionality in the Nova application itself. Roles can be combined. The following is a list of the roles, and what they give access to:

Account Administrator

This gives access to be able to create and manage policies in Delegation and Policy Control. In addition, audit logs can be viewed to see how the policies have been used by delegated administrators. There are several other administrative functions which are shown in this screenshot:

Roles-Account-Administrator

 

Auth Policy Admin

This gives users the ability just to manage authorization policies within Nova. The option to get into Authorization Policies will be enabled in the Manage Administration menu.

 

Auth Policy administrators also have the ability to delegate certain subsets of custom PowerShell commands to selected users, which can be organized in an organization unit hierarchy. It is advised that Auth Policy Admins create dedicated organizational units exclusively for PowerShell scripts.

Autopilot Classic

This role is most appropriate to assign to a delegated administrator. This gives access to be able to perform allowed actions against users, mailboxes, groups, contacts and Microsoft Teams. What the user will be able to do is governed by the policies which are applied to them and were configured by someone with at least the Account Administrator role.

 

Config Policy Admin

 

This gives users the ability just to manage configuration policies within Nova. The option to get into Configuration Policies will be enabled in the Manage Administration menu.

IT Administrators

This gives a user the ability to use Nova, but restricts them from changing the configuration or security of Nova itself.

License Admin

This gives people the ability to create and maintain License Policies. The option will be available on the Manage Administration menu.

Organizational Unit Admin

This gives users the ability to maintain virtual organizational units. The Tenants option will be available on the Manage Administration menu.

System Administrator

This role gives access to the Tenant Management System, and does not give any direct access to the Nova application (unless it is combined with other roles).

Examples of combining roles

If a user needs to be able to create authorization policies, and perform actions on customer tenants (such as password resets, maintaining groups, adding Microsoft Teams etc.), then they should be assigned these roles:

·Account Administrator

·Autopilot Classic

If someone needs to be able to access reporting data, and perform actions on customer tenants (such as password resets, maintaining groups, adding Microsoft Teams, and so on) then they should be assigned these roles:

·Autopilot Classic

·Radar Classic

Granting Account Administrator

The following should be considered when assigning roles

·The Account Administrator roles does not work on it is own. It needs to be combined with the Autopilot Classic role.

Delegated Administration

An administrator can authorize others within the organization to have specific delegated administrative rights. This section describes some ways rights might be delegated within an organization.

Managing direct reports

For example, an administrator could give sales managers the ability to manage certain attributes and/or rights of the individual sales team members without any additional rights granted either on-premises or in Microsoft 365 for those sales managers. Here is how it looks:

Managers-and-employees

Self service

An administrator might want to give certain users the ability to manage some of their own access or information. For example, some executives might be able to log in to Nova and grant themselves access to resources/information without calling the helpdesk to get access.

Similarly, you might configure a policy that enables all employees to use Nova to update some of their basic information (for example, their phone number and address). This is called the “self service” option, here is how it looks:

Self-service-1

Delegated administration within an organizational unit

Finally, an administrator might want to set up someone within an organizational unit to manage access of others within that organizational unit. For example, you might have an organizational unit containing employees who work in a certain office location. You might assign administrative rights to the site manager or administrative assistant. It could look like this:

Delegated-admin-within-OU

 

Manage

The Manage tab is accessible by administrators and delegated administrators to view and edit certain objects in their Microsoft 365 environment, including its:

·Users

·Contacts

·Mailboxes

·Groups

·Teams

·Devices

·Custom PowerShell

Strumenti self-service
Knowledge Base
Notifiche e avvisi
Supporto prodotti
Download di software
Documentazione tecnica
Forum utente
Esercitazioni video
Feed RSS
Contatti
Richiedi assistenza sulle licenze
Supporto tecnico
Visualizza tutto
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione