Azure Active Directory is a Core Part of the Office 365 “Experience”

Microsoft.com

Populate That Office 365 Directory or Else

Microsoft’s plan to auto-generate Office 365 Groups to “help” managers collaborate better with their direct reports might have run into choppy waters in March, but it delivered a useful wake-up call to people who might be neglecting their tenant directory. It is obvious that Microsoft believes that a fully-populated Active Directory is the only kind of directory to have. Shame on you if you do not share the same belief.

Complete All Fields Fully

Having a fully-populated directory is not as important in the on-premises world. Applications have their own requirements and the directory is often populated to meet those needs. SharePoint needs to authenticate users and create some groups, but when it comes to displaying employee details, some like to roll their own employee directory.  Quite why this approach should be taken forward into Office 365 is beyond me.

Exchange and Active Directory have had a tight working relationship since Exchange 2000 was the first major server application to exploit Microsoft’s new enterprise directory. This was unsurprising given that Active Directory was derived from the original Exchange Directory Store (used in Exchange 4.0 through 5.5).

Exchange still has a symbiotic relationship with Active Directory. Even so, many Exchange organizations populate just enough in Active Directory to produce a bare-bones Global Address List. Phone numbers might be there along with some address information, but reporting relationships are often missing or just plain wrong.

The lesson that we learn is that people use directories for as much as they need to make their IT work. It is a sensible and practical approach. After all, when companies invest in HR applications like Workday and Bamboo to manage employee data, why should they redo the work inside Active Directory? In fact, some companies have synchronization flows from their HR applications to Active Directory to make sure that the information seen by users in Outlook and other places is correct and up to date. But many do not.

Office 365 and the Directory

Which brings us back to Office 365 and Azure Active Directory. Office 365 is a much more integrated and cohesive environment than is usual on-premises. The assumption Microsoft makes that everyone agrees that the directory is best when it is fully populated. Indeed, if you work for Microsoft or have ever seen how Microsoft uses Azure Active Directory internally, you could not but agree that this is the way forward.

The same thinking is seen in how the Office 365 apps surface directory information. For example, the way Teams displays the reporting relationships for a team member along with their contact details (Figure 1).

Teams Org Chart
Figure 1: How Teams shows reporting relationships from AAD (image credit: Tony Redmond)

One obvious thing is that user photos are important in how these apps display information. Getting user photos into Azure Active Directory has been a challenge in the past. If you need some help to populate user accounts with photos, a new freeware app from Office 365 ISV CodeTwo might do the trick.

Delve and Other Views

Returning to those employee directories created in SharePoint, Microsoft already offers this in Delve (Figure 2), so apart from being able to customize the directory to your heart’s desire, there does not appear to be much value in creating a new app (even the SharePoint “Maven” agrees that Delve is the #1 choice).

Delve Org Chart
Figure 2: The Delve organization view (image credit: Tony Redmond)

The same view of reporting relationships and other information about an employee is available in Office 365’s People view and in Outlook’s GAL (Figure 3). It also shows up when you view details about an author of a document in a SharePoint or OneDrive for Business site.

OutlookGal
Figure 3: Reporting relationships in the Outlook GAL (image credit: Tony Redmond)

Of course, Outlook has its own unique take on organizational structures called the Hierarchical Address Book (HAB). The HAB is constructed with a bunch of distribution groups that describe the levels in an organization together with some properties set to show Exchange how to construct the hierarchy. You can use the HAB inside Office 365, but I do not know many organizations that do.

The Directory is the Key

But none of this magic can occur if Azure Active Directory is a bare-bones operation. Instead, Azure Active Directory must be fully-populated and maintained lovingly with care and attention so that it is the directory of record.

Achieving that status takes a lot of work. Making sure that every aspect of user accounts is up to date is OK when you have a demo tenant with ten accounts, gets harder with fifty accounts, becomes a pain with two hundred, and is positively tiresome with a thousand. This is the reason why synchronization processes often connect HR directories to Azure Active Directory. After all, when HR professionals look after the data, everything is bound to be right.

Seriously, you can see where this is going. Microsoft is likely to bring the plan to auto-create groups back after some tweaking. And if some more Office 365 features only work if tenants have a fully-populated Azure Active Directory, anyone with an incomplete directory is going to lose out.

Be Prepared

For this reason, it makes sense to review how you use Azure Active Directory and ask whether your directory is fit for purpose to support Office 365. Even if you decide that you need to do nothing, at least you will know what (if any) gaps exist and be better prepared if Microsoft launches a new feature that depends on some missing data in your directory.

Follow Tony on Twitter @12Knocksinna.

Want to know more about how to manage Office 365? Find what you need to know in “Office 365 for IT Pros”, the most comprehensive eBook covering all aspects of Office 365. Available in PDF and EPUB formats (suitable for iBooks) or for Amazon Kindle