Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Quadrotech Nova Current - User Guide

Adoption Accelerator Delegation & Policy Control Reporting Tenant Management System Settings About

Microsoft permissions for DPC

To be granted access to Nova DPC, you need to accept Microsoft permissions during the on-boarding process of connecting your tenant. The following are Microsoft's permissions:

Permission

Permission Description

Manage Exchange As Application

Allows the app to manage the organization's Exchange environment without any user interaction. This includes mailboxes, groups, and other configuration objects. To enable management actions, an admin must assign the appropriate roles directly to the app.

Use Exchange Web Services with full access to all mailboxes

Allows the app to have full access via Exchange Web Services to all mailboxes without a signed-in user.

Read all usage reports

Allows an app to read all service usage reports without a signed-in user. Services the provide usage reports include Office 365 and Azure Active Directory.

Manage apps that this app creates or owns

Allows the app to create other applications, and fully manage those applications (read, update, update application secrets and delete), without a signed-in user.  It cannot update any apps that it is not an owner of.

Read calendars in all mailboxes

Allows the app to read events of all calendars without a signed-in user.

Read and write calendars in all mailboxes

Allows the app to create, read, update, and delete events of all calendars without a signed-in user.

Read contacts in all mailboxes

Allows the app to read all contacts in all mailboxes without a signed-in user.

Read and write contacts in all mailboxes

Allows the app to create, read, update, and delete all contacts in all mailboxes without a signed-in user.

Read all devices

Allows the app to read your organization's devices' configuration information without a signed-in user.

Read and write devices

Allows the app to read and write all device properties without a signed in user. Does not allow device creation, device deletion or update of device alternative security identifiers.

Read Microsoft Intune apps

Allows the app to read the properties, group assignments and status of apps, app configurations, and app protection policies managed by Microsoft Intune, without a signed-in users.

Read and write Microsoft Intune apps

Allows the app to read and write the properties, group assignments and status of apps, app configurations and app protection policies managed by Microsoft Intune, without a signed-in user.

Read Microsoft Intune device configuration and policies

Allows the app to read properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups, without a signed-in user.

Read and write Microsoft Intune device configuration and policies

Allows the app to read and write properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups, without a signed-in user.

Perform user-impacting remote actions on Microsoft Intune devices

Allows the app to perform remote high impact actions such as wiping the device or resetting the passcode on devices managed by Microsoft Intune, without a signed-in user.

Read Microsoft Intune devices

Allows the app to read the properties of devices managed by Microsoft Intune, without a signed-in user.

Read and write Microsoft Intune devices

Allows the app to read and write the properties of devices managed by Microsoft Intune, without a signed-in user. Does not allow high impact operations such as remote wipe and password reset on the device’s owner.

Read Microsoft Intune RBAC settings

Allows the app to read the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings, without a signed-in user.

Read and write Microsoft Intune RBAC settings

Allows the app to read and write the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings, without a signed-in user.

Read Microsoft Intune configuration

Allows the app to read Microsoft Intune service properties including device enrollment and third party service connection configuration, without a signed-in user.

Read and write Microsoft Intune configuration

Allows the app to read and write Microsoft Intune service properties including device enrollment and third party service connection configuration, without a signed-in user.

Read directory data

Allows the app to read data in your organization's directory, such as users, groups and apps, without a signed-in user.

Read and write directory data

Allows the app to read and write data in your organization's directory, such as users, and groups, without a signed-in user. Does not allow user or group deletion.

Read and write domains

Allows the app to read and write all domain properties without a signed in user.  Also allows the app to add, verify and remove domains.

Read files in all site collections

Allows the app to read all files in all site collections without a signed in user.

Read and write files in all site collections

Allows the app to read, create, update and delete all files in all site collections without a signed in user.

Read all groups

Allows the app to read group properties and memberships, and read the calendar and conversations for all groups, without a signed-in user.

Read and write all groups

Allows the app to create groups, read all group properties and memberships, update group properties and memberships, and delete groups. Also allows the app to read and write group calendar and conversations. All of these operations can be performed by the app without a signed-in user.

Read all user mailbox settings

Allows the app to read user's mailbox settings without a signed-in user. Does not include permission to send mail.

Read and write all user mailbox settings

Allows the app to create, read, update, and delete user's mailbox settings without a signed-in user. Does not include permission to send mail.

Read mail in all mailboxes

Allows the app to read mail in all mailboxes without a signed-in user.

Read and write mail in all mailboxes

Allows the app to create, read, update, and delete mail in all mailboxes without a signed-in user. Does not include permission to send mail.

Send mail as any user

Allows the app to send mail as any user without a signed-in user.

Read all hidden memberships

Allows the app to read the memberships of hidden groups and administrative units without a signed-in user.

Read all OneNote notebooks

Allows the app to read all the OneNote notebooks in your organization, without a signed-in user.

Read and write all OneNote notebooks

Allows the app to read all the OneNote notebooks in your organization, without a signed-in user.

Read online meeting details

Allows the app to read online meeting details in your organization, without a signed-in user.

Read and create online meetings

Allows the app to read and create online meetings as an application in your organization.

Read all users' relevant people lists

Allows the app to read any user's scored list of relevant people, without a signed-in user. The list can include local contacts, contacts from social networking, your organization's directory, and people from recent communications (such as email and Skype).

Read all usage reports

Allows an app to read all service usage reports without a signed-in user. Services that provide usage reports include Office 365 and Azure Active Directory.

Have full control of all site collections

Allows the app to have full control of all site collections without a signed in user.

Create, edit, and delete items and lists in all site collections

Allows the app to create or delete document libraries and lists in all site collections without a signed in user.

Read items in all site collections

Allows the app to read documents and list items in all site collections without a signed in user.

Read and write items in all site collections

Allows the app to create, read, update, and delete documents and list items in all site collections without a signed in user.

Invite guest users to the organization

Allows the app to invite guest users to the organization, without a signed-in user.

Read all users' full profiles

Allows the app to read user profiles without a signed in user.

Read and write all users' full profiles

Allows the app to read and update user profiles without a signed in user.

Access the directory as the signed-in user

Allows the app to have the same access to information in the directory as the signed-in user.

Read directory data

Allows the app to read data in your company or school directory, such as users, groups, and apps.

Read and write directory data

Allows the app to read and write data in your company or school directory, such as users, and groups. Does not allow user or group deletion.

Read all groups

Allows the app to read basic group properties and memberships on behalf of the signed-in user.

Read and write all groups

Allows the app to create groups on behalf of the signed-in user and read all group properties and memberships. Additionally, this allows the app to update group properties and memberships for the groups the signed-in user owns.

Read hidden memberships

Allows the app to read the memberships of hidden groups and administrative units on behalf of the signed-in user, for those hidden groups and administrative units that the signed-in user has access to.

Sign in and read user profile

Allows users to sign in to the app, and allows the app to read the profile of signed-in users. It also allow the app to read basic company information of signed-in users.

Read all users' full profiles

Allows the app to read the full set of profile properties of all users in your company or school, on behalf of the signed-in user. Additionally, this allows the app to read the profiles of the signed-in user's reports and manager.

Read all users' basic profiles

Allows the app to read a basic set of profile properties of all users in your company or school on behalf of the signed-in user. Includes display name, first and last name, photo, and email address. Additionally, this allows the app to read basic info about the signed-in user's reports and manager.

Read and write all applications

Allows the app to create, read, update and delete applications and service principals without a signed-in user. Does not allow management of consent grants.

Manage apps that this app creates or owns

Allows the app to create other applications, and fully manage those applications (read, update, update application secrets and delete), without a signed-in user. It cannot update any apps that it is not an owner of.

Read and write domains

Allows the app to read and write all domain properties without a signed in user. Also allows the app to add, verify and remove domains.

Read all hidden memberships

Allows the app to read the memberships of hidden groups and administrative units without a signed-in user.

Virtual Organizational Units

A virtual organizational unit (vOU) is a manually built dynamic list of users tailored to group users by a specific attribute. For example, vOUs can be built to group users by their location, department, company or another attribute. These help administrators to group users to assign authorization, configuration and license policies to them.

If you are familiar with on-premises Active Directory, then you will already be familiar with organizational units. The problem is that Azure Active Directory and Office 365 do not have this concept. These users are stored in a flat list, which can make working with multiple geographies and multiple departments much more difficult. Nova has modified this premise, redefined as 'virtual organizational units'. You can create a hierarchy of these just like you would in an on premises Active Directory environment.

Viewing users and groups assigned to a Virtual Organizational Unit

Follow the steps below to see a list of users and groups currently assigned to a virtual organizational unit.

1.In the left menu, select Manage Administration > Tenants.

2.Expand the organizational units until you find the one whose users you want to see.

3.Click the desired organizational unit is ellipses button (...) and select Users or Groups to see a list of users or groups that were added to the group within Nova.

Creating a Virtual Organizational Unit

Follow the steps below to set up a virtual organizational unit.

info

NOTE: Any organizational units set up in Nova are not pulled into Active Directory.

1.In the left menu, select Manage Administration > Tenants.

2.Either:

oClick the ellipsis button (...) next to a tenant and select New.

oOr, create a virtual organizational unit that's nested under an existing one by expanding the tenant, finding the organizational unit you will create one under, clicking the ellipsis button (...) next to it, and selecting New.

3.Enter a name for the new organizational unit and click Save.

Adding a user or group to a Virtual Organizational Unit

Complete the steps below to add a user or group to a virtual organizational unit.

1.In the left menu, select Manage Administration > Tenants.

2.Expand the organizational units until you find the one to which you will add a new user or group.

3.Click the desired organizational unit is ellipses (...) button and select Users.

4.Select the checkbox next to the desired user or group and click Move.

5.Expand the tree until you find the desired target organizational unit, and then select it and click Save.

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation