We all know Office 365 is the way to go for both SMBs and Enterprises, but deciding how to manage the users and accounting for the overhead it takes, are important things to consider. Organizations will usually have an on-premise Active Directory (server) with a list of all the users, first name, last name, usernames, and most important PASSWORD.
When you create a new Office 365 account (tenant), your out of the box option is to replicate the list of users you have on-premise to the cloud, you can do this by creating one by one or by importing a list. One of the biggest headaches we face as Network Administrators is the management of these accounts, if you make one change on-premise, you have to replicate the change in Office 365, not not mention the fact that sometimes the passwords can be different from on-premise (the password you use for your computer) and for Office 365, so now users have to remember 2 passwords instead of one.
There are 3 different ways you can manage user accounts in Office 365:
- Cloud: create and manage user accounts directly from the Admin Center.
- Synchronized: Create and manage account in your on-premise Active Directory and then synchronize changes (including passwords) to the cloud.
- Federated or Single sign-on: Same concept as #2 but passwords are verified by the on-premise Active Directory.
So, which one to use?
We find that option #1 (Cloud) is the best way to do it when the company has less than 25 users and the employee turnover rate is low. Even with less than 25 users, if the company has a high turnover rate it would make sense to do option #2 (Synchronized).
Option #2 is the way to go if you have more than 25 users but more less than 250.
Option #3 if the organization has more than 250 users, this option is a little more complicated to setup.
Synchronized Directories (AD Connect)
Azure AD Connect is the tool used to integrate your on-premise directories with Azure Active Directory (Office 365). This allows administrators to use Azure AD in combination with Office 365 and your local Active Directory to create and manage user accounts.
We found that the overhead to create and manage users, even for smaller organizations, decreased tremendously when using AD Connect.
Using AD Connect to synchronize Active Directory also helps in maintaining password consistency. When users are managed in both, local active directory and Office 365 Admin center, the passwords can be different, and keeping track of these passwords for the users can be a nightmare. Who wouldn’t like to simplify the passwords to remember?