Introduction to Quest On Demand
Introduction to Quest On Demand
Overview
On Demand is a cloud based management platform, providing access to multiple Quest Software Microsoft management tools through a single interface. Cloud based is a term that refers to applications, services or resources made available to users on demand via the Internet. Quest On Demand is a Software as a Service (SaaS) application where application software is hosted in the cloud and made available to users through quest-on-demand.com.
On Demand management is based on the concepts of organizations, modules, and Azure Active Directory (AD) tenants. When you sign up for the On Demand service, you create an organization. The organization can subscribe to modules. Organization administrators can use the tools provided by the modules to perform administrative actions on Azure AD tenants.
Modules
Each management tool is referred to as a module. Currently, the following modules are available:
- Audit
- Group Management
- License Management
- Migration
- Recovery
Global Settings
On Demand Global Settings refers to management tools and configuration settings that apply to all On Demand modules. This includes tenant management tasks and downloading audit logs.
Organizations
On Demand administration is based on organizations. When a user signs up for On Demand, an organization is created.
You can add users to an organization. To add a user, click Settings in the navigation panel on the left and then click Permissions.
Azure Active Directory tenants
Microsoft Azure also uses the concept of an organization. An Azure Active Directory (Azure AD) tenant is representative of an organization. It is a dedicated instance of the Azure AD service that an organization receives and owns when it signs up for a Microsoft cloud service such as Azure, Microsoft Intune, or Office 365. Each Azure AD tenant is distinct and separate from other Azure AD tenants.
A tenant houses the users in a company and the information about them - their passwords, user profile data, permissions, and so on. It also contains groups, applications, and other information pertaining to an organization and its security. For more information see this Microsoft help page.
Group Management overview
Group Management overview
On Demand Group Management controls the chaos of managing Azure Active Directory (AD), Office 365, and on-premises groups with group creation policies for naming, attestation, expiration, quantity limits, and more. The Group Management module safely empowers users with self-service group creation, management, and group membership reporting.
The Group Management module is part of Quest On Demand. It consists of the following parts:
Admin portal
Group Management allows you to manage all your groups from Azure AD and connected on-premises directories in one place. The admin portal serves as a control center where the Group Management administrator can manage groups, configure group policies, define approval process for self-services, and so on. It also provides a dashboard displaying various group statistics and operational data.
For more information about working with the admin portal, see Working with the admin portal.
Group Management administrator
The Group Management administrator is an administrative role in the Group Management module with the following permissions:
- Configure and manage the Group Management module
- Approve, reject, or cancel a request
The role can be assigned to one or more users by the Access Control interface on the On Demand Home site. For more information, refer to On Demand Global Settings User Guide.
Self-service portal
Group Management enables users to manage groups on a self-service basis. Users can submit various requests in the self-service portal. This includes:
- Create, join, leave, attest, and delete groups
- Manage group owners and members
Group Management automatically completes a user request once the request is approved. The flow chart below shows the request handling process. For more information about working with the self-service portal, see Working with the self-service portal.
Figure 1: Request handling process
Concepts in Goup Management
It is a good idea to understand the following concepts before working with Group Management:
Group types
Group Management supports the following types of groups:
- Office 365 group
- Security group and mail-enabled security group in Azure AD and on-premises AD
- Distribution list in Azure AD and on-premises AD
- Mail-enabled distribution list in on-premises AD
These groups are divided into the following types by their AD Connect attribute in Group Management:
Table 1: Group types in Group Management
| Cloud Only |
Groups created in Azure tenant |
| Enabled |
Groups synced from connected directory to Azure tenant |
| Disabled |
Groups created in connected directory |
The tables below show the supported operations for each group type in Group Management:
Table 2: Supported operations for 'Cloud Only' groups
| View group |
Yes |
Yes |
Yes |
Yes |
| Create group |
Yes |
Yes |
Yes |
Yes |
| Edit general information |
Yes |
Partial [1] |
Yes |
Partial [1] |
| Edit ownership |
Yes |
Yes |
Yes |
Yes |
| Edit membership |
Yes |
Yes |
Yes |
Yes |
| Auto-attestation |
Yes |
Yes |
Yes |
Yes |
| Delete group |
Yes |
Yes |
Yes |
Yes |
[1]: Editing the Description field is not supported yet.
Table 3: Supported operations for 'Enabled' groups
| View group |
Yes |
Yes |
Yes |
Yes |
| Create group |
Yes |
Yes |
Yes |
Yes |
| Edit general information |
Partial [1] |
Partial [1] |
Partial [1] |
Partial [1] |
| Edit ownership |
Yes |
Yes |
Yes |
Yes |
| Edit membership |
Yes |
Yes |
Yes |
Yes |
| Auto-attestation |
Yes |
Yes |
Yes |
Yes |
| Delete group |
Yes |
Yes |
Yes |
Yes |
[1]: Editing the Description field is not supported yet.
Table 4: Supported operations for 'Disabled' groups
| View group |
Yes |
Yes |
Yes |
Yes |
| Create group |
Yes |
Yes |
Yes |
Yes |
| Edit general information |
Partial [1] |
Partial [1] |
Partial [1] |
Partial [1] |
| Edit ownership |
Yes |
Yes |
Yes |
Yes |
| Edit membership |
Yes |
Yes |
Yes |
Yes |
| Auto-attestation |
Yes |
Yes |
Yes |
Yes |
| Delete group |
Yes |
Yes |
Yes |
Yes |
[1]: Editing the Description field is not supported yet.
