nhsmail office 365 hybrid local administrator guide · office 365 hybrid service, the local...
TRANSCRIPT
NHSmail Office 365 Hybrid Local Administrator Guide
1
NHSmail Office 365 Hybrid Local Administrator Guide
Document Version ControlDocument Information
File Name: NHSmail Office 365 Hybrid Local Administrator Guide
Author(s): Accenture
Version: 2.0
Date Published 19/11/2019
2
Table of Contents
User Policy Management
............................................................................................................................................................................................. 3
Introduction to user policy
............................................................................................................................................................................................. 3
Creating a user policy
............................................................................................................................................................................................. 3
Adding members
............................................................................................................................................................................................. 8
Adding members via Import
............................................................................................................................................................................................. 10
Editing a user policy
............................................................................................................................................................................................. 14
Add-On Licence Types
............................................................................................................................................................................................. 16
Removing a user
............................................................................................................................................................................................. 17
Deleting a user policy
............................................................................................................................................................................................. 18
Microsoft Teams Management
............................................................................................................................................................................................. 20
Creating a team
............................................................................................................................................................................................. 20
Adding owners and members to the team
............................................................................................................................................................................................. 22
Permission levels in Teams
............................................................................................................................................................................................. 24
Editing teams
............................................................................................................................................................................................. 25
Removing a user
............................................................................................................................................................................................. 27
Microsoft Stream Management
............................................................................................................................................................................................. 28
Creating a Stream group
............................................................................................................................................................................................. 28
SharePoint Collection Management
............................................................................................................................................................................................. 29
Creating a SharePoint collection
............................................................................................................................................................................................. 29
Editing a SharePoint collection
............................................................................................................................................................................................. 32
Project Web App (PWA) Management
............................................................................................................................................................................................. 34
Creating a PWA
............................................................................................................................................................................................. 34
3
Yammer Management
............................................................................................................................................................................................. 37
Creating a Yammer Connected Group
............................................................................................................................................................................................. 37
Adding owners and members to the Yammer Connected Group
............................................................................................................................................................................................. 39
Eligible Guest Inviters Management
............................................................................................................................................................................................. 41
Introduction To Guest Inviter Management
............................................................................................................................................................................................. 41
Creating an Eligible Guest Inviters Group
............................................................................................................................................................................................. 41
Adding members
............................................................................................................................................................................................. 42
Editing an Eligible Guest Inviters Group
............................................................................................................................................................................................. 44
Adding members
............................................................................................................................................................................................. 45
Removing a user
............................................................................................................................................................................................. 45
Deleting Eligible Guest Inviter Group
............................................................................................................................................................................................. 46
External Organisations Access Management
............................................................................................................................................................................................. 47
Introduction To External Organisation Access Management
............................................................................................................................................................................................. 47
Creating a request to whitelist an External Organisation
............................................................................................................................................................................................. 47
Editing details of an External Organisation
............................................................................................................................................................................................. 50
External User Guest Access Management
............................................................................................................................................................................................. 52
Introduction to external user’s guest access
............................................................................................................................................................................................. 52
Approving or rejecting extension of guest access for external users
............................................................................................................................................................................................. 52
External Federated Groups Management
............................................................................................................................................................................................. 54
Introduction to federated groups for external organisations
............................................................................................................................................................................................. 54
Creating a request for an External Federated Group
............................................................................................................................................................................................. 54
Completing the External Federated Group Setup
............................................................................................................................................................................................. 56
4
User management
............................................................................................................................................................................................. 59
Marking an NHSmail Office 365 Hybrid user as a Leaver
............................................................................................................................................................................................. 59
Deleting a user’s data from OneDrive
............................................................................................................................................................................................. 60
5
User policies allow Local Administrators to apply groups of settings to defined groups
of users. An organisation can have multiple user policies with different settings
applied to each policy (and subsequently to users who are members of that policy).
Once the organisation has procured Microsoft Office 365 licences for the NHSmail
Office 365 Hybrid Service, the Local Administrator can set up different user policies
based on a variety of user needs. For example, a Local Administrator can define a user
policy for users who need access to Microsoft Teams and OneDrive and a different
user policy for users who need access to Microsoft Delve and StaffHub.
If you are a Local Administrator, you will be able to manage user policies via the
NHSmail Portal.
Office 365 Hybrid
FunctionsUser Policy Management
Introduction to user policy
Click Add in the top left of the screen and select Create User Policy. 2
To create a user policy:
Creating a user policy
Click Admin in the navigation bar at the top of the screen and select User Policy
Management from the drop down menu. 1
6
User Policy Management Office 365 Hybrid
Functions
Select the Owning Organisation to which the new policy will apply, from the drop
down menu. 3
Type in the Name of your new policy and a brief Description. 4
Handy Hint
User policy names are automatically prefixed with the Organisational Data Service
(ODS) code of the organisation the user policy belongs to.
• Duplicate names: A single organisation cannot have 2 user policies with the same name.
However, 2 or more different organisations can use the same name for their policies.
• The Name must not be more than 35 characters and may contain letters, numbers and
spaces. Special characters are not allowed.
• The Description must not be more than 250 characters and may contain letters, numbers
and any special characters.
Additional information
7
User Policy ManagementOffice 365 Hybrid
Functions
Adding members
Select Add. 1
Once you have selected the Owning Organisation, you can add members to the user
policy. Users can be added by using the Add or Import option.
To add users by using Add :
Warning
Users can only be assigned to one policy. A user will not appear in user search
results if they belong to another policy. To check a specific user’s policy; navigate to
Admin, User Management, search for the user in question, select Permissions and
finally User Policy. Here will show what policy the user is part of (if any).
8
User Policy ManagementOffice 365 Hybrid
Functions
Use the search box or Column Picker to search for the user you would like to add to
the policy.2
Tick the box to the left of the user’s name and click Select. 3
Handy Hint
To add members, you can use the same search criteria that is used throughout the
NHSmail Portal to look up users. This includes their name or nhs.net email address.
9
User Policy ManagementOffice 365 Hybrid
Functions
First download the MembersListSample.csv file and add the email address of the users
in the Email address column before uploading the new CSV file.
To download the CSV file:
Click on Import. 1
Click on MembersListSample.csv to download the sample file. 2
Adding members via Import
10
User Policy ManagementOffice 365 Hybrid
Functions
Note: The format of the CSV file is a single column with ‘Email Address’ as the header
row.
When you have found the CSV file, select the file and click Open. 5
Click on Browse. 4
Add the email address for each user to the MembersListSample.csv and save the
file to your computer.3
Click on Upload. 6
11
User Policy ManagementOffice 365 Hybrid
Functions
A message will be displayed to notify successful upload
Select a License Type from the drop-down menu.7
Select the Applications these users will have access to. Note Office Online can only
be enabled when SharePoint online is enabled. 8
Warning
Bulk upload of users will fail if one of the users in the CSV file belongs to another
policy.
12
Additional information
• Users can only be assigned to one policy.
• If you need to add a user who is part of an existing user policy to a new one, you must first
remove them from the existing policy.
• A user will not appear in user search results if they belong to another policy.
• Users can only be added to a policy if they belong to the parent organisation (selected
from the drop-down list).
• Bulk upload of users will fail if one of the users in the CSV file belongs to another policy.
• If an organisation is already enabled on Office 365, with a licence assigned to an existing
user policy, adding new users to this policy automatically assigns the same applied licence
settings to users.
• If your user policy contains settings for Office 365, you will only be able to add members to
it if there are enough licences to assign to them. For example, if there are 20 licences you
will only be able to add 20 users.
• User policy names are automatically prefixed with the Organisational Data Service (ODS)
code of the organisation the user policy belongs to.
User Policy ManagementOffice 365 Hybrid
Functions
Once complete, select Create to finish setting up your new user policy. It will then be
added to the User Policy List. 9
Note: For any queries about licence allocation etc. please contact [email protected]
13
2Use the search box to find a user policy. The results of the search will be displayed on
the screen.
User Policy ManagementOffice 365 Hybrid
Functions
To edit a user policy:
Editing a user policy
The system will return results for any user policy which contains the text entered in the
search box.
Handy Hint
If you select the magnifying glass in the search box instead of typing in search
criteria, you will be shown all the user policies that are available to you as a Local
Administrator.
Click Admin in the navigation bar at the top of the screen and select User Policy
Management from the drop down menu. 1
14
Click on the name of the user policy you want to edit in the list.3
User Policy ManagementOffice 365 Hybrid
Functions
On the Edit User Policy screen, you can edit the specific settings associated with that
user policy such as Name, Description and Application Subscriptions the users will
have access to.
Note: You can turn on/turn off Teams Call Recording function using the toggle button
15
User Policy ManagementOffice 365 Hybrid
Functions
Additional standalone licence types are supported on the Hybrid platform and will be
available to allocate to users. If your organisation has procured additional standalone
licences, these will appear in the Office 365 Add-ons section of the same screen.
Add-On Licence Types
• User policies can include both O365 licences (F1, E1, E3 & E5) as well as additional
standalone licences as shown in the image above.
• Alternatively, user policies can be created with just standalone licence types.
• Another toggle option Teams Call Recording is available to configure from this page.
Users must have an O365 licence and both Teams/Stream enabled to turn this feature on.
• Users must accept Stream Acceptable Use Policy (AUP) to use the Team Call Recording
feature. Each user can do this by opening the Stream application (from portal.office.com),
clicking Upload a Video and then accepting the pop up message which will appear.
Additional Information
4Select the licences you would like to allocate e.g. Visio, Project, PowerApps Plan 2
etc. by turning on the toggles.
Note: You will be able to edit a user policy at any time. However, it will take 24 hours for
any changes you make to be applied.
16
User Policy ManagementOffice 365 Hybrid
Functions
Local Administrators can bulk import to add or remove members into a user policy. The
list imported will replace the current list of members. This can be done by using the
Import function. Refer to the steps in Adding members via import section for more
information.
Note: When a user policy list is imported, the members list is replaced exactly with the
contents of the uploaded file. So, to avoid losing the existing members of the user
policy, first export the members list and then add all the new members to the bottom of
the exported list. This process can also be followed to remove existing members of the
policy.
Click on red X to the left of the email address in the list of Members. 5
Click on Update. 6
To remove a user:
Removing a user
Follow the steps 1-3 in the Edit user policy section and select the users to be removed
under the Members box.
17
2Use the search box to find a user policy. The results of the search will be displayed on
the screen.
User Policy ManagementOffice 365 Hybrid
Functions
1Click Admin in the navigation bar at the top of the screen and select User Policy
Management from the drop down menu.
To delete a user policy:
Deleting a user policy
The system will return results for any user policy which contains the text entered in the
search box.
Handy Hint
If you select the magnifying glass in the search box instead of typing in search
criteria, you will be shown all the user policies that are available to you as a Local
Administrator.
18
Click the User Policy Name to open the Edit User Policy page. 3
User Policy ManagementOffice 365 Hybrid
Functions
Scroll down to the Actions section and click the Delete button. 4
This will permanently remove the user policy including all its settings.
Note: Users will be signed out of all the applications which were part of the deleted user
policy. It may take an hour for the users to lose access to the applications.
19
Click Add.2
Microsoft Teams Management
Click Admin in the navigation bar at the top of the screen and select Teams from the
drop down menu. 1
Office 365 Hybrid
Functions
Microsoft Teams is an effective way to collaborate with other team members by
communicating and sharing information, data, files etc.
Local Administrators will be able to create a Microsoft Team via the NHSmail Portal.
To create Teams:
Creating a team
20
Microsoft Teams ManagementOffice 365 Hybrid
Functions
Additional information
• The Private setting means that only team owners can add members to the team.
• The Public setting allows anyone on NHSmail to join the team.
• The Name must not be more than 100 characters and may contain letters and numbers.
Special characters are not allowed.
• The Description must not be more than 250 characters and may contain letters and
numbers. Only () are allowed as special characters in the description field.
Type in the Name and select the Organisation from the drop down menu. 3
Select the Privacy settings (i.e. Private or Public) from the drop-down and add a
brief Description. 4
21
Microsoft Teams Management
Adding owners and members to the team
Office 365 Hybrid
Functions
Click Add. 1
Type the user’s name into the search box. 2
Note: Add yourself as an owner or member by checking the box next to Add Myself.
To add owners and members:
After following the steps 1-4 in the Creating a team section, you can add owners and
members to the team.
Warning
A total of 100 owners can be added to a team (Public or Private) and a total of 999
members can be added by the owner to a team (Public or Private).
22
Microsoft Teams ManagementOffice 365 Hybrid
Functions
Additional information
• A team must have at least one owner.
• Owners from different organisations can be added as an owner.
• A maximum of 2500 members can join a Public team.
Select the tick box to the left of the user’s name. 3
Click on Select. 4
Handy Hint
Multiple owners and users can be added by selecting the tick box to the left of the
user’s name.
Handy Hint
Use the Column Picker to narrow the results by, for example, status or organisation.
23
Additional information
• Owners are able to join the team once a Local Administrator has created it.
• Once they have joined the team, owners can edit the name or description of the team and
remove members.
• The table below shows the difference in permissions between an owner and a member,
which you should use when adding users to a team via the NHSmail Portal.
Microsoft Teams ManagementOffice 365 Hybrid
Functions
*The owner has to add the team to the (client) MS Teams app once the team has been
created by the Local Administrator in the NHSmail Portal.
** These items can be turned off by an owner at a team level, in which case members
would not have access to that.
***After adding a member to a team, an owner can also promote a member to owner
status. It is also possible for an owner to demote their own status to a member.
Refer to MS Office Support for more information on teams and channels.
Permission levels in Teams
Team Owner Team Member
Add a team to the Teams app Yes* No
Leave team Yes Yes
Edit team name/description Yes No
Delete team Yes No
Add channel Yes Yes**
Edit channel name/description Yes Yes**
Delete channel Yes Yes**
Add members Yes*** No
Add tabs Yes Yes**
24
Use the search box to search for a team by typing Display Name, Organisation,
Organisation Unit or Status and search results will be displayed. 2
Office 365 Hybrid
Functions
Click Admin in the navigation bar at the top of the screen and select Teams from the
drop down menu. 1
To edit teams:
Click the team’s Display Name to open the Edit Team page. 3
Microsoft Teams ManagementOffice 365 Hybrid
Functions
Editing teams
The system will return results for any team which contains the text entered in the
search box.
Handy Hint
If you select the magnifying glass in the search box instead of typing in search
criteria, you will be shown all the teams that are available to you as a Local
Administrator.
25
Edit Name, Privacy and Description as required.4
Office 365 Hybrid
Functions
The procedure for editing a team is very similar to creating a new team. All the
information of a team can be changed from the Edit Team page.
Click Update.5
To add more members, refer to the steps in Adding members section for more
information.
Microsoft Teams Management
26
Office 365 Hybrid
Functions
Click Update to apply your new settings to the team. 2
Click on the red X next to the email address you want to remove from the team.1
To remove users from a team:
Microsoft Teams Management
Removing a user
Follow the steps 1-3 in Editing teams section and select the users to be removed under
the Members box.
Alternatively, a user can be removed from a team using the ‘Permissions’ button
available in the User Details page (via User Management). For more information about
this function, please refer to the Viewing and removing membership guide.
27
Microsoft Stream ManagementOffice 365 Hybrid
Functions
Stream is a video service made available through O365. It can be used to securely
share and interact with video content across an organisation.
Local Administrators will be able to create Stream groups via the NHSmail Portal.
To create a Stream group:
Follow the same steps that are outlined in the Creating a Team section. This process
creates an O365 group which can also be used in Stream. Once completed, ask a group
member to navigate to Stream. The group you have created for them will appear under
the Discover drop down menu. Refer to MS Office Support for more information.
Creating a Stream group
• Users of Stream will need to accept the Acceptable Use Policy when attempting to upload
a video for the first time.
• Local Administrators are responsible for the management of Stream content.
• Note: For any organisation leavers, it is important for Local Administrators to be added as
the owner of their Stream content before they leave. Further information can be found in
the Marking an NHSmail Office 365 Hybrid user as a Leaver guide.
Additional information
28
Click Add and select Create SharePoint Collection.2
SharePoint Collection Management
Click Admin in the navigation bar at the top of the screen and select SharePoint
from the drop down menu.1
Office 365 Hybrid
Functions
To create a SharePoint collection:
Creating a SharePoint collection
A SharePoint site collection is a way to hold content such as documents for a group of
users (e.g. a team, a department or project team).
29
SharePoint Collection ManagementOffice 365 Hybrid
Functions
Type in the SharePoint Collection Name, Description, SharePoint Collection
Address and select the Owning Organisation, Owner and the Quota3
Click Create.4
Refer to the steps in Adding members section for more information on how to add an
owner.
Handy Hint
There can be only one owner per SharePoint site.
Warning
An owner whose account is Locked or Disabled will not be able to carry out any work
until their account is unlocked or enabled.
30
SharePoint Collection ManagementOffice 365 Hybrid
Functions
Additional information
SharePoint owner
The owner will have full administration rights over that specific SharePoint collection site for
the owning organisation. These rights will allow the owner to manage permissions, design the
SharePoint site etc.
A user can only be added as a SharePoint owner if the following conditions are met:
- The user belongs to the owning organisation of the SharePoint collection.
- The user has been assigned an Office 365 licence.
- The user has the SharePoint application enabled.
Please note: Users whose accounts are Inactive, Disabled or Locked can still be added as a
SharePoint owner. However, they will not be able to carry out any actions on the site until
their account has been activated, enabled or unlocked
Quota
• Refer to MS Office Support for more information on Quota.
• Each organisation will have a specific amount of SharePoint storage which they can assign
to their SharePoint collections. The Max Quota will be displayed on the screen to the user.
• When the user adds the Quota into the text field they must ensure that the value entered is
less than the Max Quota value. This will be the amount of SharePoint storage that is
assigned to that collection.
31
SharePoint Collection ManagementOffice 365 Hybrid
Functions
Type the SharePoint name in the search box in the top right of the page and click the
magnifying glass2
Click Admin in the navigation bar at the top of the screen and select SharePoint
from the drop down menu1
To edit a SharePoint collection:
Editing a SharePoint collection
The system will return results for any SharePoint collection site which contains the text
entered in the search box
Handy Hint
If you select the magnifying glass in the search box instead of typing in search
criteria, you will be shown all the SharePoint collection sites that are available to you
as a Local Administrator.
32
SharePoint Collection ManagementOffice 365 Hybrid
Functions
On the Edit SharePoint Collection screen, edit the site settings as needed.4
Click the SharePoint collection’s Display Name to open the Edit SharePoint
Collection page 3
Click on Update6
To add owner, refer to the steps in Adding members section for more information
Click on Add to add an owner5
33
Click Add and select Create Project WebApp2
Project Web App (PWA) Management
Click Admin in the navigation bar at the top of the screen and select SharePoint
from the drop down menu1
Office 365 Hybrid
Functions
To create a Project Web App:
Creating a PWA
A Project Web App is an online collection that can be used to house, edit and manage
project plans.
34
Project Web App ManagementOffice 365 Hybrid
Functions
Select the Organisation, Name, Description, Owner and the Web App Quota.
Based on the information added the Web App Address will automatically populate 3
Click Create4
Refer to the steps in Adding members section for more information on how to add an
owner
Handy Hint
There can be only one owner per Project Web App.
Warning
An owner whose account is Locked or Disabled will not be able to carry out any work
until their account is unlocked or enabled.
35
Project Web App ManagementOffice 365 Hybrid
Functions
Additional information
PWA owner
The owner will have full admin rights over that specific PWA for the owning organisation.
These rights will allow the owner to manage permissions, design the PWA site, etc.
A user can only be added as a PWA owner if the following conditions are met:
- The user belongs to the owning organisation of the PWA
- The user has been assigned an Office 365 licence
- The user has the SharePoint application enabled
Please note: Users whose accounts are Inactive, Disabled or Locked can still be added as a
PWA owner. However, they will not be able to carry out any actions on the site until their
account has been activated, enabled or unlocked.
Quota
• PWAs will utilise the SharePoint storage available to each organisation.
• Each organisation will have a specific amount of SharePoint storage which they can assign
to their SharePoint collections. The Max Quota will be displayed on the screen to the user.
• When the user adds the Quota into the text field they must ensure that the value entered is
less than the Max Quota value. This will be the amount of PWA storage that is assigned to
that collection.
• Each project licence adds an additional 10GB of storage. When an organisation procures
project licences, this additional storage is automatically added into the quota.
Creating Projects
• Users must be licensed with a Project Online Professional or Project Premium licence to
create projects and access a PWA.
• Users can only create projects directly in a PWA. They will not be able to create projects
directly in portal.office.com by clicking the project tile.
• Please advise users to navigate to the PWA URL in order to create new projects.
PWA Limit
• Each organisation is limited to the creation of 25 PWA instances.
36
Click Add2
Yammer Management
Click Admin in the navigation bar at the top of the screen and select Yammer
Connected Groups from the drop down menu1
Office 365 Hybrid
Functions
Yammer is an effective way to collaborate with your team, as well as members of the
wider organisation.
Local Administrators will be able to create a Yammer Connected Group via the
NHSmail Portal.
To create a Yammer Connected Group:
Creating a Yammer Connected Group
37
Yammer ManagementOffice 365 Hybrid
Functions
Additional information
• The Private setting means that only team owners can add members to the team.
• The Public setting allows anyone on NHSmail to join the team.
• The Name must not be more than 100 characters and may contain letters and numbers.
Special characters are not allowed.
• The Description must not be more than 250 characters and may contain letters, numbers
and any special characters.
Type in the Name and select the Owning Organisation from the drop down menu.
Select the Privacy settings (i.e. Private or Public) from the drop-down and add a
brief Description3
Warning
Please note that Yammer Connected Groups will take up to 30 minutes to appear in
Yammer and the NHSmail Portal.
38
Yammer Management
Adding owners and members to the Yammer Connected Group
Office 365 Hybrid
Functions
Click Add1
Type the user’s name into the search box and select the tick box to the left of the
user’s name. 2
Note: Add yourself as an owner or member by checking the box next to Add Myself.
To add owners and members:
After following the steps 1-3 in the Creating a Yammer Connected Group section, you
can add owners and members to the team.
Warning
A total of 100 owners can be added to a team (Public or Private) and a total of 999
members can be added to a team (Public or Private).
39
Yammer ManagementOffice 365 Hybrid
Functions
Additional information
• Only Local Administrators can create Yammer Connected Groups.
• A Yammer Connected Group must have at least one owner.
• Users from different organisations can be added as an owner.
• A maximum of 2500 members can join a Public Yammer Connected Group.
Standard Yammer Groups
• Users can still create standard Yammer groups directly in the application.
• When an organisation onboards onto the O365 platform, automatically a standard Yammer
group will be created for all licensed users from that organisation.
• A regular task will run daily to automatically update the members of this group based on
the O365 licences allocated through User Policies.
Click on Select3
Handy Hint
Use the Column Picker to narrow the results by, for example status or organisation.
Note: Multiple owners and users can be added by selecting the tick box to the left of
the user’s name
40
Eligible Guest Inviter groups allow Local Administrators to apply guest inviter
permissions to a defined group of users. An organisation can only have one group.
The users that are members of these groups will be given the permissions in Azure AD
to invite external users as guests to the O365 Hybrid tenant. These users will also have
the permissions to approve guest access extensions for external users.
If you are a Local Administrator, you will be able to manage guest inviters via the
NHSmail Portal.
Office 365 Hybrid
FunctionsEligible Guest Inviters Management
Introduction To Guest Inviter Management
Click Add in the top left of the screen and select Eligible Guest Inviters2
To create a group:
Creating an Eligible Guest Inviters Group
Click Admin in the navigation bar at the top of the screen and select Manage
Eligible Guest Inviters from the drop down menu1
41
Eligible Guest Inviters ManagementOffice 365 Hybrid
Functions
Select the owning Organisation to which the new group will apply, from the drop
down menu3
Handy Hint
Eligible Guest Inviter group names are automatically prefixed with the Organisational
Data Service (ODS) code of the organisation the group belongs to.
Adding members
Once you have selected the Organisation, you can add members to the group. Users
can only be added by using the Import option at the time of creation of this group.
Follow the steps 1-6 in the Adding members via Import section for more information on
using Import function.
Select Request to finish creating your Eligible Guest Inviters group. It will then be
added to the Eligible Guest Inviters group list.7
42
Eligible Guest Inviters ManagementOffice 365 Hybrid
Functions
• Users can only be added to a policy if they belong to the parent organisation (selected
from the drop-down list) or a child organisation.
• Bulk upload of users will fail if the status of one of the users in the CSV file is not active,
inactive, disable or locked.
• The maximum number of users that can be added to a group is 100,000.
• Eligible Guest Inviter group names are automatically prefixed with the Organisational Data
Service (ODS) code of the organisation the user policy belongs to.
Additional information: Adding members
43
2Use the search box to find a user policy. The results of the search will be displayed on
the screen
Eligible Guest Inviters ManagementOffice 365 Hybrid
Functions
To edit a group:
Editing an Eligible Guest Inviters Group
The system will return results for any eligible guest inviter group which contains the
text entered in the search box
Handy Hint
If you select the magnifying glass in the search box instead of typing in search
criteria, you will be shown all the eligible guest inviter groups that are available to you
as a Local Administrator
Click the Eligible Guest Inviter Group to open the Edit Eligible Guest Inviter
Group page3
Click Admin in the navigation bar at the top of the screen and select Manage
Eligible Guest Inviters from the drop down menu1
44
Eligible Guest Inviters ManagementOffice 365 Hybrid
Functions
Adding members
You can add members to the group, either by using the Add or Import option. Follow
the steps 1-6 in the Adding members via Import section to use the Import option. To
add users individually, follow the steps 1-3 in the Adding members section.
Local Administrators can bulk import to add or remove members into / from an eligible
guest inviter group. The list imported will replace the current list of members. This can
be done by using the Import function. Refer to the steps in Adding members via Import
section for more information.
Note: When an eligible guest inviter list is imported, the members list is replaced
exactly with the contents of the uploaded file. So, to avoid losing the existing members
of the group, first export the members list and then add all the new members to the
bottom of the exported list. This process can also be followed to remove existing
members of the group.
Click on red X to the left of the email address in the list of Members1
Click on Update2
To remove a user:
Removing a user
45
Eligible Guest Inviters ManagementOffice 365 Hybrid
Functions
Deleting Eligible Guest Inviter Group
Warning
When a group is deleted, all the users will be removed as members of the group.
This means they will lose their guest inviter permissions so they will no longer be able
to invite external users as guests or approve guest access extension requests.
Click Delete1
To delete an Eligible Guest Inviter group, follow the steps 1-3 in Editing an Eligible
Guest Inviters Group section to search the group:
46
As part of the Azure B2B Guest Access service, controls have been put in place to
mitigate the risks associated with sharing data with external organisations. One of
these controls is an external organisation domain whitelisting. Essentially only
external users that are associated to external organisations which have been
whitelisted can be invited as guest users of the O365 Hybrid tenant.
If you are a Local Administrator, you will be able to request for a new external
organisation’s domain to be whitelisted via the NHSmail Portal only if the domain has
not been whitelisted already.
Office 365 Hybrid
FunctionsExternal Organisations Access
Management
Introduction To External Organisation Access Management
Click Add and select External Organisation Access Request2
To create a request:
Creating a request to whitelist an External Organisation
Click Admin in the navigation bar at the top of the screen and select Manage
External Organisation Access from the drop down menu1
47
External Organisations Access
Management
Office 365 Hybrid
Functions
3Populate the request form with the details of the External Organisation that you would
like to be whitelisted
Note: The mandatory fields are those that have an asterisk after the description, e.g.
Primary Contact Email*
Handy Hint
The NHSmail Sponsor 1 will be pre-populated with the requestor’s name, however an
additional sponsor can be added using the Add button. It's recommended to have a
second sponsor who can approve the request in the absence of the first sponsor.
48
External Organisations Access
Management
Office 365 Hybrid
Functions
4 Click Submit to send the request for approval
Once the request is submitted, an automated email will be sent to the NHSmail Live
Service team, asking them to review and approve the request. Once they have made
their decision, you’ll receive an email confirming whether the request has been
approved or rejected.
If approved, the external organisation’s domain will be whitelisted within Azure AD,
meaning NHSmail users (who are configured as eligible guest inviters) will be able to
invite users from this external organisation as guests of the O365 hybrid tenant. If
rejected, please discuss the request with the NHSmail Live Service team
49
External Organisations Access
Management
Office 365 Hybrid
Functions
Editing details of an External Organisation
2Use the search box to find a user policy. The results of the search will be displayed on
the screen
1Click Admin in the navigation bar at the top of the screen and select Manage
External Organisation Access from the drop down menu
To edit details of an external organisation:
The system will return results for any external organisation that contains the text
entered in the search box
Handy Hint
If you select the magnifying glass in the search box instead of typing in search
criteria, you will be shown all the external organisations.
1
Click the External Organisation to open the Edit External Organisation page3
50
External Organisations Access
Management
Office 365 Hybrid
Functions
Click Update to save the changes4
Warning
Only the NHSmail Sponsor or an NHSmail Global Administrator will be able to update
the details of an external organisation.
Handy Hint
You will be able to update all of the fields except for the Organisation Domain but
remember that all the mandatory fields will need to remain populated.
51
As part of the Azure B2B Guest Access service, a number of controls have been put in
place to mitigate the risks associated with sharing data with users from external
organisations. One of these controls is a guest access attestation process, whereby an
external user with a guest account requires an NHSmail user (who is set up as an
eligible guest inviter) to approve an extension to their access. External users, will
require an approval for an extension after the first 30 days of being granted access and
every subsequent 180 days. If an approval is not provided, access will be revoked.
If you are an Eligible Guest Inviter, you will be able to action a guest access extension
request via the NHSmail Portal.
1Click the secure link within the guest access extension email that the external user
has shared with you and log into the NHSmail Portal using your nhs.net account
Office 365 Hybrid
FunctionsExternal User Guest Access
Management
Introduction to external user’s guest access
Note: If you are already logged in to the NHSmail Portal, go to step 2 after clicking on
the secure link.
To approve or reject an extension request:
Approving or rejecting extension of guest access for external users
52
Click Approve or Reject3
External User Guest Access
Management
Office 365 Hybrid
Functions
2 Select the Checkbox next to the request
Guest account access extension request
Guest User 1 (ExtOrg1) [email protected]
Warning
If the external user’s guest access request is rejected, their guest account will be
removed immediately and they will lose all their permissions, i.e. they will not be able
to access documents that they had access to previously. This action cannot be
reversed, so if they need guest access again, they will need to be re-invited and data
will need to be shared again.
• If the external user is granted an extension to their access, they will retain their
permissions for 180 days. After this period, the process will be repeated and they will
require another extension.
• If an external user is a member of an external federated group, they will be exempt from
this process.
Additional information
53
External Federated Groups will allow Local Administrators to dynamically manage
guest invitations for multiple external users, mitigating the need to invite them one by
one. Once an External Federated Group is set up a monthly scheduled task will
automate the process of sending guest invitation to all new members. If the external
organisation adds or removes users from the group, then these changes will be
reflected when the scheduled task occurs.
If you are a Local Administrator, you will be able to request for a new external
federated group to be provisioned via the NHSmail Portal.
Office 365 Hybrid
FunctionsExternal Federated Groups
Management
Introduction to federated groups for external organisations
Click Add in the top left of the screen and select Add Federated Group Import for
External Users2
To create a request:
1Click Admin in the navigation bar at the top of the screen and select Manage
External Federated Groups from the drop down menu
Creating a request for an External Federated Group
54
External Federated Groups
Management
Office 365 Hybrid
Functions
3Select the External Domain from the drop down menu and then populate the
External Organisation and Supporting Information fields
4 Click Submit to send the request for approval
An automated email will be sent to the NHSmail Live Service team, asking them to
review and approve the request. Once they have made their decision, you’ll receive an
email confirming whether the request has been approved or rejected.
If approved you can proceed to the next steps of the set up process. If rejected, please
discuss the request with the NHSmail Live Service team.
The External Domain drop down menu will be pre-populated with a list of external domains
that have been whitelisted. If you cannot see the domain you require, then you’ll need to raise
a request for an External Organisation to be whitelisted. Follow the steps detailed within the
Create a request to whitelist an External Organisation section.
Additional information
55
External Federated Groups
Management
Office 365 Hybrid
Functions
Completing the External Federated Group Setup
2Use the search box to find a group. The results of the search will be displayed on the
screen
1Click Admin in the navigation bar at the top of the screen and select Manage
External Federated Groups from the drop down menu
Once you have completed the steps detailed within B2B Azure AD Federated Group set
up guide you’ll be able to update the details of an external federated group.
The system will return results for any external federated group which contains the text
entered in the search box.
Handy Hint
If you select the magnifying glass in the search box instead of typing in search
criteria, you will be shown all the external federated groups.
1
Click the External Federated Group to open the Edit Federated Group Import for
External Users page3
56
External Federated Groups
Management
Office 365 Hybrid
Functions
1Update the Azure AD Tenant Name, Group Name and Group ID fields within the
information provided by the external organisation4
5 Select 1. Initial Azure Federated Group set up completed and select Update
Note: Refer to the Azure Federated Groups Set up Guide for External Organisations for
more information about gathering the Azure Tenant and Group details.
57
External Federated Groups
Management
Office 365 Hybrid
Functions
The NHSmail helpdesk will complete the rest of group set up activities by:
• Acknowledging the B2B Portal service account invitation guest invitation
• Testing that the B2B Portal service account has the correct permissions to fetch the
members of the group
• Initiating the first group sync
You’ll receive an email notification once this completed.
Handy Hint
The colour of the Test Connection / Activate buttons will change to green in the
User Interface (UI) and the group status will change to Active, once they have been
actioned successfully.
• A task occurring on the first day of every month will be executed to fetch any new
members of the group and / or remove guest accounts for users that have been removed
as members. Please ensure any group updates are made prior to this otherwise you’ll
either need to wait for the next group sync or you can simply invite the external users as
guests via the normal method (i.e. using the native O365 guest invitation process).
• An email notification will be sent to the requesting Local Administrator each time the
monthly task completes. The last updated field within the User Interface (UI) will also be
updated to indicate when this task has been completed.
Additional information
Warning
Once the external federated group has been successfully configured, you will not be
able to edit any of the details. If the group name changes, a new request will need to
be raised.
58
Office 365 Hybrid
Functions
When a user leaves one NHS organisation to move to another NHS organisation which
is also using NHSmail, their email account can be transferred. Instructions on how to
do this can be found in the Marking a user as a leaver guide.
Where the user is also enabled for NHSmail Office 365 Hybrid services as part of an
Office 365 User Policy, additional actions will be required to remove the associated
Office 365 licences and application access permissions. This action will happen
automatically at the point the user is marked as a leaver.
Prior to marking a user as a leaver, Local Administrators will need to consider whether
the user's OneDrive data should be deleted or retained. If retained, the data will be
accessible to the user should their account be licensed for the NHSmail Office 365
Hybrid Service at their new organisation.
Additional information
• Local Administrators can view a user's Office 365 memberships within the NHSmail Portal‘s permissions page.
• Office 365 memberships can be removed via the NHSmail Portal‘s permissions page.
• A leaver’s existing Stream, Flow and PowerApps content will need to be managed manually by a Local Administrator. This can be done by asking the leaver to add a Local Administrator as an owner of any Stream content they have uploaded, as well as any Flows/PowerApps they have created. This must be done before marking the user as a leaver. Once the Local Administrator is the owner, they can determine the appropriate next steps i.e. deleting the content or transferring ownership to an appropriate colleague.
• If the leaver is the sponsor of an External Organisation, then ownership will need to be transferred manually beforehand. Follow the steps detailed within the Update details of an External Organisation section.
Marking an NHSmail Office 365 Hybrid user as a Leaver
User management
Additional information
Warning
Accounts marked as a leaver will not be removed from Office 365 groups, SharePoint
site collections or Yammer groups.
59
User managementOffice 365 Hybrid
Functions
A Local Administrator can remove OneDrive content for a user if the user has an Office
365 licence assigned to them.
Note: The following steps must be followed prior to marking a user as a leaver or
transferring them to another organisation.
Type the user’s name in the search box in the top right of the page and click the
magnifying glass to show search results2
Click Admin in the navigation bar at the top of the screen and select User
Management from the drop down menu 1
Click the user’s Display Name to open the User Details Page 3
Deleting a user’s data from OneDrive
From the User Details Page, select Delete OneDrive from the Actions box4
60
User managementOffice 365 Hybrid
Functions
Click Delete OneDrive to remove the user’s data 5
For more information on how to mark a user as a leaver, please refer to the Marking a user as a leaver guide.
For information on how to transfer a user mailbox to another organisation, please refer
to the Transferring a mailbox between organisations guide.
• If a Local Administrator decides to delete a leaver’s OneDrive for Business content, all
content will be sent to the OneDrive for Business preservation hold library. Any content
in the preservation hold library that was created or last edited more than 180 days ago will
be deleted automatically. Once deleted, content cannot be restored and organisations will
not be able to access it.
• Local Administrators should ask leavers to store any files required by other users on the
organisation's SharePoint site so that the information is still accessible following their
departure from the organisation.
• It is the responsibility of Local Administrators to refer to their internal organisation's data
retention policies.
A message will be displayed to notify successful deletion.
Additional information
A message will appear for confirmation of the action
61