Remove a user from your tenant
From time to time it might be necessary to remove a user from your tenant. We also call this removing the user association. It is easy to do by following these steps:
1.Login to TMS using an account with the System Administrator role.
2.Locate the tenant/container which you want to manage and select it.
3.Then click Users.
You will be shown a list of users who are already associated / invited / active in your chosen tenant.
Click on the icon to the right of the user and their roles, and it will remove their association with this tenant.
|
|
NOTE: There is no confirmation dialog and the user will be removed immediately. |
Creating a group and Team prefix
Administrators can define a prefix that is applied to the name of newly created groups and teams. The prefix can be set separately for each organizational unit in the enterprise.
Creating a new group prefix
Follow these steps to enable this functionality for newly created groups and groups associated with teams:
1.Go to Manage Administration > Tenants.
2.Find the desired root tenant or meta Organizational Unit (OU).
3.Click the ellipsis (...) and select Edit.
4.Enter a prefix that will be applied to all newly created groups.
Creating a new Team prefix
Follow these steps to enable this functionality for new teams.
1.Go to Manage > Teams.
2.Find the desired Teams OU.
3.Click the ellipsis (...) and select Edit.
4.Enter a prefix that will be applied to all groups associated with newly created teams.
Identify when jobs are not running
As a Nova administrator, it is important to quickly identify when jobs within your tenant are not running and troubleshoot these issues.
Jobs are color-coded accordingly:
·Jobs that have not been running for 0-3 days are not color-coded.
·Jobs that have not been running for 3-6 days are YELLOW.
·Jobs that have not been running for 6+ days are RED.
Here is how it looks:
What are the roles within Nova?
Users of the Nova application can be assigned one or more roles. Each role provides functionality in the Nova application itself. Roles can be combined. The following is a list of the roles, and what they give access to:
Account Administrator
This gives access to be able to create and manage policies in Delegation and Policy Control. In addition, audit logs can be viewed to see how the policies have been used by delegated administrators. There are several other administrative functions which are shown in this screenshot:
Auth Policy Admin
This gives users the ability just to manage authorization policies within Nova. The option to get into Authorization Policies will be enabled in the Manage Administration menu.
Auth Policy administrators also have the ability to delegate certain subsets of custom PowerShell commands to selected users, which can be organized in an organization unit hierarchy. It is advised that Auth Policy Admins create dedicated organizational units exclusively for PowerShell scripts.
Autopilot Classic
This role is most appropriate to assign to a delegated administrator. This gives access to be able to perform allowed actions against users, mailboxes, groups, contacts and Microsoft Teams. What the user will be able to do is governed by the policies which are applied to them and were configured by someone with at least the Account Administrator role.
Config Policy Admin
This gives users the ability just to manage configuration policies within Nova. The option to get into Configuration Policies will be enabled in the Manage Administration menu.
IT Administrators
This gives a user the ability to use Nova, but restricts them from changing the configuration or security of Nova itself.
License Admin
This gives people the ability to create and maintain License Policies. The option will be available on the Manage Administration menu.
Organizational Unit Admin
This gives users the ability to maintain virtual organizational units. The Tenants option will be available on the Manage Administration menu.
Radar Classic
This gives access to reporting data, and the Report Center.
System Administrator
This role gives access to the Tenant Management System, and does not give any direct access to the Nova application (unless it is combined with other roles).
Why do some Nova roles have Classic' suffixes?
Two parts of Nova have existed in different systems and different formats before Nova. Nova has users which are now using Nova that used to use those systems, so these roles are named as shown on this page so that those customers understand what functionality, broadly speaking, they'll be getting with those roles. These two are:
·Radar Classic: This gives users the same functionality as they would have had in our Radar product.
·Autopilot Classic: This gives users the same functionality as they would have had in our Autopilot product.
Examples of combining roles
If a user needs to be able to create authorization policies, and perform actions on customer tenants (such as password resets, maintaining groups, adding Microsoft Teams etc.), then they should be assigned these roles:
·Account Administrator
·Autopilot Classic
If someone needs to be able to access reporting data, and perform actions on customer tenants (such as password resets, maintaining groups, adding Microsoft Teams, and so on) then they should be assigned these roles:
·Autopilot Classic
·Radar Classic
Granting Account Administrator
The following should be considered when assigning roles
·The Account Administrator roles does not work on it is own. It needs to be combined with the Autopilot Classic role.