With so many self-service features in Microsoft Azure Active Directory (AD) Premium, I was asked by my marketing team, ‘yes, but what are the Top 5?’ So here they are, Pop Pickers:
1 Self-service security groups
How many IT managers would love to have got their AD security groups all under proper, delegated management – but found that the horses have already left the stable? Too many arbitrary groups and group assignments… and where do you start? As you move into the cloud, you can start afresh. You can build up your group structure, along with suitable ownerships for delegated authorization. As these are rolled out to provide permissions (like SharePoint online) and other capabilities (see below), your work is already done, and you can focus on more important problems.
2 Self-service application management
The best people to decide who should have access to which application are the owners of the relevant data, or those paying for the licences, like departmental managers. Users can request the application, and the designated owners can decide. You have delegated the application availability to an appropriate level, and the IT guys and girls can spend more time checking out the latest cool device. However, it’s not as far-reaching, or as security significant, as my Number One pick.
3 Self-service password reset
Surely everyone’s favourite! And the cost savings are well-documented. But it’s not so new and sparkly anymore. That’s why I’ve put this much-loved feature in at Number Three.
4 Self-service distribution lists
Creation and management of distribution groups, without having to go through IT? Ooh, yes please!
5 Self-service licensing
OK, so it’s not exactly a direct feature, but groups can be used to assign AADP and other licenses, and those groups can be put under delegated self-service management, with delegated authorization by the group owners. Make sure that licenses are assigned by those paying for them. And when this is extended to Office 365 licences, maybe this will have to move up the rankings…