Chat now with support
Chat with Support

Welcome, erwin customers to Quest Support Portal click here for for frequently asked questions regarding servicing your supported assets.

Quadrotech Nova Current - User Guide

Overviews Adoption Accelerator Delegation & Policy Control (DPC) Reporting TMS Settings About

Examples of Authorization Policies

Below, you will find some examples of authorization policies in Nova. For more on authorization policies, click here.

Delegating password resets

In this video we see how to delegate the ability to perform password resets.

Delegating Out of Office Administration

In this video we see how to delegate the ability to manage out of office (automatic replies) messages.

Delegating Management of MFA

In this video we see how to delegate the ability to manage multi-factor authentication settings for users.

Delegating Custom PowerShell scripts

As a System or Account Administrator, you have the ability to delegate the execution of Custom PowerShell scripts to other administrators. Click here for more information on that. Follow to steps below on how to create an authorization policy to delegate custom PowerShell Scripts.

1.Go to Manage administration > Authorization Policies.

2.Click Add.

3.Enter a name for your policy.

4.On the Assignment section, on the Delegate to tab, click Add, and add the user(s) and/or OU(s) you would like to delegate the policy to.

5.Then select Managed Objects and choose which user(s) and/or OU(s) you would like the delegated administrator to perform the actions on.

6.Then select Actions and select Executes Custom PowerShell Script, and click the arrow button.

7.Under PowerShell Commands, and add the PowerShell commands that have been created. Once you have selected them, click Close.

info

NOTE: Go here to learn more about creating custom PowerShell scripts.

8.Select the properties you would like to apply to your policy, then click Close.

9.Once you are finished creating the policy, click Save.

Exporting and Importing Policies

You carefully fine-tuned an authorization policy or configuration policy. To ensure the policy does not become lost or corrupted, you might want to export/save the configuration to a safe location.

Exporting an authorization policy or configuration policy

Follow the steps below to export a policy file.

 

1.In Nova, from the left menu bar, select Manage Administration > Authorization policies or Configuration policies (depending on the type of policy you want to export).

2.Either:

oExport all policies by selecting Export > Export All.

oExport a specific policy (or policies) by selecting the check box next to any policies you want to export and selecting Export > Export Selected.

3.      Click OK.

 

A .zip file containing the policy configuration is saved to your Downloads folder.

Importing an authorization policy or configuration policy

When you are ready to restore a previously exported policy file, follow the steps below.

 

1.In Nova, from the left menu bar, select Manage Administration > Authorization policies or Configuration policies (depending on the type of policy you want to import).

2.Click Import.

3.Specify how you want duplicate policy names to be handled.

4.Browse for the policy file, select it, and click Open.

5.Click Import.

The restored/imported policy can now be found in your list of policies.

Nova Policy Properties

You can edit details related to actions added to authorization policies using the Properties tab (shown below).

PolicyProperties

After adding actions to a policy, you can select whether delegates can see or edit information related to the assigned actions.

For example, after assigning the Update Tenant User action to an authorization policy, you might edit the policy's properties so delegates (i.e. members of the help desk) cannot read and/or edit certain information.

 
Here is a video showing more about properties.

Configuration Policies

Configuration policies bring standardization to a particular tenant (organizational unit). For example, you could use a configuration policy to grant access to a certain resource for all users within a tenant.

Or, you might manage two tenants. One contains people working in the United States, and the other contains people in the United Kingdom. You can create configuration policies to give users in the United States a Country attribute of US. And, another configuration policy gives users within the United Kingdom a Country attribute of UK.

Once a configuration policy is assigned to a particular tenant (organizational unit), a job is initiated. The job updates all user objects within the tenant, as shown below.

OU-before-and-after-config-policy

After initial setup, any time a new user is added to the tenant (organizational unit), a job runs to ensure the user object matches all of the tenant's configuration policies.

For a brief overview, check out the video below:

 

Click here to watch an introductory video on configuration policies.

Creating a Configuration Policy

Complete the steps below to set up a new configuration policy.

1.In the menu on the left side of the screen, select Manage Administration > Configuration policies.

2.Click Add.

3.Enter a Name for the policy.

4.With the Policy Scope tab selected, click Add, and then select the organizational unit to which the policy will apply. This defines the users that the policy may be applied to.

5.With the User filters tab selected, click Add, and then select the groups or attributes used to filter the users. This defines the filter used to select users from the scope to apply the policy to.

6.Select the Actions tab, click Add, and then select the actions you want to include in the policy. See below for a list of available actions.

7.Click Save.

Click here to watch a video on how to create a configuration policies.

Editing or Deleting a Configuration Policy

If you want to update or delete an existing configuration policy, follow the steps below.

1.In the menu on the left side of the screen, select Manage Administration > Configuration policies.

2.Select the desired policy and either:

oClick Edit, make desired changes, and click Save.

oClick Delete and confirm the deletion.

Supported Actions

At this time, any of these actions can be added configuration policies:

·Add User to Groups: add a user to a group

·Assign User License: Manage Office 365 licenses.

·Graph Set Out of Office: Set user's out of office status.

·Set Cloud User Manager: Set a user's manager.

·Set Mailbox Primary SMTP Address: Set a user's primary email address.

·Set User Multi-factor authentication: Set a user's MFA status.

·Update Cloud User: Update Office 365 user attributes.

·Update On-Premises User: Update on-prem user attributes.

Processing Configuration Policies in an Organization

Find out about the processing of the virtual organizational unit structure here.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating