On Demand is a cloud based management platform, providing access to multiple Quest Software Microsoft management tools through a single interface. Cloud based is a term that refers to applications, services or resources made available to users on demand via the Internet. Quest On Demand is a Software as a Service (SaaS) application where application software is hosted in the cloud and made available to users through quest-on-demand.com.
On Demand management is based on the concepts of organizations, modules, and Azure Active Directory (AD) tenants. When you sign up for the On Demand service, you create an organization. The organization can subscribe to modules. Organization administrators can use the tools provided by the modules to perform administrative actions on Azure AD tenants.
Each management tool is referred to as a module. Currently, the following modules are available:
On Demand Global Settings refers to management tools and configuration settings that apply to all On Demand modules. This includes tenant management tasks and downloading audit logs.
On Demand administration is based on organizations. When a user signs up for On Demand, an organization is created.
You can add users to an organization. To add a user, click Settings in the navigation panel on the left and then click Permissions.
Microsoft Azure also uses the concept of an organization. An Azure Active Directory (Azure AD) tenant is representative of an organization. It is a dedicated instance of the Azure AD service that an organization receive and owns when it signs up for a Microsoft cloud service such as Azure, Microsoft Intune, or Office 365. Each Azure AD tenant is distinct and separate from other Azure AD tenants.
A tenant houses the users in a company and the information about them - their passwords, user profile data, permissions, and so on. It also contains groups, applications, and other information pertaining to an organization and its security. For more information see this Microsoft help page.
On Demand Group Management controls the chaos of managing Azure Active Directory (AD), Office 365, and on-premises groups with group creation policies for naming, attestation, expiration, quantity limits, and more. The Group Management module safely empowers users with self-service group creation, management, and group membership reporting.
It is a good idea to understand the following concepts before working with Group Management:
General User is a role in Group Management. In Group Management, the General User role does not have any administrative permissions assigned.
For Azure ADs, however, a user can apply for other roles (such as HR, IT) via Self-Services to obtain corresponding permissions. A user can be assigned as a manager, and each user (except the top level ones in the organization structure) can only have one manager assigned in Group Management.
TIP: For Azure ADs, Group Management provides an organization chart based on the relationships between managers and their subordinates within a directory. Directory Administrators, and users with at least one permission assigned, can see the chart by clicking the organization-chart icon on the Users tab.