Split the Admin Load

Duplicate systems, fewer tickets

Employees generate twice the work for administration if they have accounts in two systems. In a hybrid Microsoft environment, these are user accounts in Active Directory and Azure AD (Microsoft 365). Employees don’t know about this, but IT specialists do. Some only want to use services, others receive tickets.

The idea: It doesn’t matter how employees use the services, they should just use them. For IT and the helpdesk, however, there are not twice as many tickets.

Services on-premises and from the M365 cloud

Services such as mail via Exchange Online, SharePoint, OneNote and FileServices on on-prem servers or OneDrive create a lot of work. Synchronization from Active Directory to Azure AD (AAD Connect) does little to change this. It ensures that a user account is only created once and that the identity exists on-premises and in the M365 cloud.

Keeping track of all systems and using the right admin console is also increasingly difficult. Some on-prem data is synchronized, while others are maintained in an M365 admin center. Some of these functions, in turn, are spread across several admin centers. Some are missing altogether and are only accessible via PowerShell.

IAM Delegation in Active Directory and Azure AD

Split the admin load means less pressure on IT specialists. With more and more systems in place, IT and the helpdesk have to deal with ever more administrative tasks. Our idea is to use IDM-Portal to manage user accounts in at least two systems (AD, M365) instead of duplicating efforts. What sets this apart is that these can be hybrid, on-premise and cloud-based. In the Microsoft world, these are often Exchange, FileServices and Teams. The goal is to actually minimize the overall administration effort.