In Nova Delegation & Policy Control you can search for users in order to perform operations on them. In some Office 365 tenants there might be guest accounts (also known as guest users, or external users).
In order to search for those users you can search for #EXT# in the User principal name field, as shown below:
Using Nova Delegation and Policy Control a delegated administrator can be given the ability to invite guest users into a tenant. Here is how that's done.
On the create users screen, there is a new button called Invite user':
When that button is clicked, a pop-up appears asking you to specify the target OU, and the email address of the person to be invited:
To enable a delegated administrator to easily see the type of user in a list of users, a new field was added:
NOTE: When inviting guests it is expected that an underscore (_) will be used instead of the at sign (@) in domain names.
A configuration policy authorizes you to add actions onto groups or virtual organizational units to allow for standardization and consistency throughout your tenant. For example, you can change a users'/groups'/vOUs' Azure Active Directory details, add managers and so on. Look here for more information on configuration policies.
The best protocol in order to apply actions to a Azure Active Directory security group is to create a configuration policy scoped to the target group and not add a filter to that group. Let us go through how to do that.
First, find the security group or groups you would like to add actions to. This can be found be going to Nova > Manage > Groups. Then select Security group from the drop down list. Make a note of this, or add these groups to a virtual organizational unit. To do that, check out this page.
Now create the configuration policy for these groups/vOU. Go to Manage Administration > Configuration policies, then click Add then add a name to your policy. Then click Add on the Policy Scope section.
Then choose Group from the select type drop down list and select the security groups from your tenant. Alternatively, choose the vOU that you may have created.
From there, choose the appropriate actions you would like to apply to your policy.
Some organization might want to use OAuth for authorization of actions performed by Nova Delegation and Policy Control, rather than service accounts. To do this, follow these steps:
1.Go to Azure Active Directory
2.Go to Roles and Administration
3.Locate the DPC application, as shown below:
4.Grant Exchange Administrator and User Administrator roles for the application.
After this, Nova DPC will use OAuth for authentication.