Chat now with support
Chat with Support

On Demand Group Management Current - User Guide

Introduction to Quest On Demand

Overview

On Demand is a cloud based management platform, providing access to multiple Quest Software Microsoft management tools through a single interface. Cloud based is a term that refers to applications, services or resources made available to users on demand via the Internet. Quest On Demand is a Software as a Service (SaaS) application where application software is hosted in the cloud and made available to users through quest-on-demand.com.

On Demand management is based on the concepts of organizations, modules, and Azure Active Directory (AD) tenants. When you sign up for the On Demand service, you create an organization. The organization can subscribe to modules. Organization administrators can use the tools provided by the modules to perform administrative actions on Azure AD tenants.

Modules

Each management tool is referred to as a module. Currently, the following modules are available:

  • Audit
  • Group Management
  • License Management
  • Migration
  • Recovery

Global Settings

On Demand Global Settings refers to management tools and configuration settings that apply to all On Demand modules. This includes tenant management tasks and downloading audit logs.

Organizations

On Demand administration is based on organizations. When a user signs up for On Demand, an organization is created.

You can add users to an organization. To add a user, click Settings in the navigation panel on the left and then click Permissions.

Azure Active Directory tenants

Microsoft Azure also uses the concept of an organization. An Azure Active Directory (Azure AD) tenant is representative of an organization. It is a dedicated instance of the Azure AD service that an organization receives and owns when it signs up for a Microsoft cloud service such as Azure, Microsoft Intune, or Office 365. Each Azure AD tenant is distinct and separate from other Azure AD tenants.

A tenant houses the users in a company and the information about them - their passwords, user profile data, permissions, and so on. It also contains groups, applications, and other information pertaining to an organization and its security. For more information see this Microsoft help page.

Group Management overview

On Demand Group Management controls the chaos of managing Azure Active Directory (AD), Office 365, and on-premises groups with group creation policies for naming, attestation, expiration, quantity limits, and more. The Group Management module safely empowers users with self-service group creation, management, and group membership reporting.

The Group Management module is part of Quest On Demand. It consists of the following parts:

Admin portal

Group Management allows you to manage all your groups from Azure AD and connected on-premises directories in one place. The admin portal serves as a control center where the Group Management administrator can manage groups, configure group policies, define approval process for self-services, and so on. It also provides a dashboard displaying various group statistics and operational data.

For more information about working with the admin portal, see Working with the admin portal.

Group Management administrator

The Group Management administrator is an administrative role in the Group Management module with the following permissions:

  • Configure and manage the Group Management module
  • Approve, reject, or cancel a request

The role can be assigned to one or more users by the Access Control interface on the On Demand Home site. For more information, refer to On Demand Global Settings User Guide.

Self-service portal

Group Management enables users to manage groups on a self-service basis. Users can submit various requests in the self-service portal. This includes:

  • Create, join, leave, attest, and delete groups
  • Manage group owners and members

Group Management automatically completes a user request once the request is approved. The flow chart below shows the request handling process. For more information about working with the self-service portal, see Working with the self-service portal.

Figure 1: Request handling process

Concepts in Goup Management

It is a good idea to understand the following concepts before working with Group Management:

Group types

Group Management supports the following types of groups:

  • Office 365 group
  • Security group and mail-enabled security group in Azure AD and on-premises AD
  • Distribution list in Azure AD and on-premises AD
  • Mail-enabled distribution list in on-premises AD

These groups are divided into the following types by their AD Connect attribute in Group Management:

Table 1: Group types in Group Management
AD Connect Attribute Description
Cloud Only Groups created in Azure tenant
Enabled Groups synced from connected directory to Azure tenant
Disabled Groups created in connected directory

The tables below show the supported operations for each group type in Group Management:

Table 2: Supported operations for 'Cloud Only' groups
Operation Office 365 Mail-Enabled Security Group Security Group Distribution List
View group Yes Yes Yes Yes
Create group Yes Yes Yes Yes
Edit general information Yes Partial [1] Yes Partial [1]
Edit ownership Yes Yes Yes Yes
Edit membership Yes Yes Yes Yes
Auto-attestation Yes Yes Yes Yes
Delete group Yes Yes Yes Yes

[1]: Editing the Description field is not supported yet.

Table 3: Supported operations for 'Enabled' groups
Operation Mail-Enabled Security Group Security Group Mail-Enabled Distribution List Distribution List
View group Yes Yes Yes Yes
Create group Yes Yes Yes Yes
Edit general information Partial [1] Partial [1] Partial [1] Partial [1]
Edit ownership Yes Yes Yes Yes
Edit membership Yes Yes Yes Yes
Auto-attestation Yes Yes Yes Yes
Delete group Yes Yes Yes Yes

[1]: Editing the Description field is not supported yet.

Table 4: Supported operations for 'Disabled' groups
Operation Mail-Enabled Security Group Security Group Mail-Enabled Distribution List Distribution List
View group Yes Yes Yes Yes
Create group Yes Yes Yes Yes
Edit general information Partial [1] Partial [1] Partial [1] Partial [1]
Edit ownership Yes Yes Yes Yes
Edit membership Yes Yes Yes Yes
Auto-attestation Yes Yes Yes Yes
Delete group Yes Yes Yes Yes

[1]: Editing the Description field is not supported yet.

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents