The Microsoft Office 365 Connector is available in the Univention App Center
Configuring Subscriptions
Microsoft 365 Features are enabled by subscriptions and service plans. This page describes how to configure the default features for new users that are synced to the Azure AD.
Note: Service plans are only assigned when the user is initially synced to the Azure AD, as the license is applied at that point. Assigning a user to a group does not work retrospectively. In addition, changing the profile object to include or remove service plans does not update existing users!
After the Microsoft 365 Connector wizard has been run successfully, users can be activated for Microsoft 365 by activating the checkbox on the Microsoft 365 Tab of a user object, or by selecting the Office365 Account Template when creating a new user.
By default, the Office subscription and all features are enabled for a user that is synced (UCR office365/subscriptions/service_plan_names). Administrators may want to restrict which features a user can use by default.
First, sync one Microsoft 365 user, and in the Microsoft 365 Administrator Interface, disable all unwanted features.
Then, on your UCS system where the connector is installed, execute the following, to show which plans the user has activated
/usr/share/univention-office365/scripts/print_users_and_groups
root@master:~# /usr/share/univention-office365/scripts/print_users_and_groups
User | Enabled | User Principal Name | Licenses (*) | Enabled plans (*)
-------------------------------------------------------------------------------------------------------------------------
univention | x | univention@univention.de | 2 | 2, 3, 4, 5, 8, 9, 10
-------------------------------------------------------------------------------------------------------------------------
(*) 1: AAD_BASIC, 2: ENTERPRISEPACK
(**) 1: MicrosoftCommunicationsOnline, 2: MicrosoftOffice, 3: PowerAppsService, 4: ProcessSimple
5: ProjectWorkManagement, 6: RMSOnline, 7: SharePoint, 8: Sway
9: TeamspaceAPI, 10: YammerEnterprise, 11: exchange
Now, print the corresponding internal Microsoft 365 plan names:
root@master:~# /usr/share/univention-office365/scripts/print_subscriptions
Subscriptions
=====================
Subscription | Applies to | Status | Consumed | Remaining | Prepaid (*)
--------------------------------------------------------------------------
AAD_BASIC | User | Enabled | 0 | 5 | 5/0/0
ENTERPRISEPACK | User | Enabled | 3 | 2 | 5/0/0
--------------------------------------------------------------------------
(*) enabled/suspended/warning
AAD_BASIC
=================
Service plan | Applies to | Status | in UCRV (*)
--------------------------------------------------------------------
AAD_BASIC | User | Success |
--------------------------------------------------------------------
(*) office365/subscriptions/service_plan_names
ENTERPRISEPACK
======================
Service plan | Applies to | Status | in UCRV (*)
--------------------------------------------------------------------
FLOW_O365_P2 | User | Success |
POWERAPPS_O365_P2 | User | Success |
TEAMS1 | User | Success |
PROJECTWORKMANAGEMENT | User | Success |
SWAY | User | Success |
INTUNE_O365 | Company | PendingActivation |
YAMMER_ENTERPRISE | User | Success |
RMS_S_ENTERPRISE | User | Success |
OFFICESUBSCRIPTION | User | Success | x
MCOSTANDARD | User | Success |
SHAREPOINTWAC | User | Success | x
SHAREPOINTENTERPRISE | User | Success |
EXCHANGE_S_ENTERPRISE | User | Success |
--------------------------------------------------------------------
(*) office365/subscriptions/service_plan_names
Note which plans are to be activated. Now a subscription profile has to be configured. In the Univention Management Console, open the LDAP browser in the Domain section, and navigate to → office365 → profiles. Select ‘Add’ and create a new object type ‘Office 365 Profile’.
The profile name will be shown later when assigning it to a group. The subscription identifier is to be taken from the output of ‘print_subscriptions’. Now, add all services that should be deselected to ‘Service plan blacklist’ and save the profile.
To assign the profile, open a user group in the corresponding UMC module, and select the profile on the ‘Microsoft 365’ tab. Now, every user which gets activated for Microsoft 365 and is a member of the group, will get the service plans as assigned in the profile.
Note: Service plans are only assigned when the user is initially synced to the Azure AD, as the license is applied at that point. Assigning a user to a group does not work retrospectively. In addition, changing the profile object to include or remove service plans does not update existing users!
Working with users
If you want to (re-)synchronize users (e.g. to reassign service-subscriptions to users) into the Azure AD you have to resync the Univention-Directory-Listener with following command:
univention-directory-listener-ctrl resync office365-user
All users (LDAP-Attributes and service-subscriptions) will then be (re-)synchronized with the Azure AD. Note: It is necessary that at least one extra license is present during the reassignment.
Working with groups
If you want to synchronize groups into the Azure AD you have to set the variable “office365/groups/sync” to “yes” in the module “Univention Configuration Registry”. Please also restart the “univention-directory-listener” in the “System Services” module. All newly created groups and group updates will then be synchronized with the Azure AD.
If you want to synchronize existing groups, please use the following command:
univention-directory-listener-ctrl resync office365-group