Managing User Profiles in Microsoft SharePoint Online for Office 365
- Introduction to user profiles, audiences, and My Sites
- My Site settings
- OneDrive for Business
In this chapter, we’re going to dive into the management of user profiles and I’ll explain why user profiles are important to larger organizations that use Microsoft Office 365 and SharePoint Online. User profiles can be the bane of your existence or one of the big wins for your organization. Much of how you and your users experience user profiles in SharePoint Online is directly related to how well you manage this part and then present it to your organization.
As with most software platforms, it doesn’t do much good to turn on platform features if they get in the way of how people work, the processes under which they are most comfortable working, and the inputs and outputs of their daily routines. Just because SharePoint Online an do something for your organization doesn’t mean that it should.
Yet I am hard-pressed to explain, except in the smallest of environments, how a robust use of user profiles will cause damage or slow processes down. Indeed, I believe the opposite is the reality. User profiles organize expertise and experience—two elements that reside inside people and that cannot be easily codified. So making your users organize their experience such that their core value to the organization can be found, leveraged, and easily used—it seems to me—makes huge sense.
The SharePoint Online version does not include any of the synchronization administrative activities that you’ll find in an on-premises deployment. Compare Figures 2-1 and 2-2 and you’ll see that I won’t be covering any synchronization topics that you might normally expect to see in a SharePoint administration book, because those tasks have been deprecated in SharePoint Online for the Information Technology professional (IT pro).
Figure 2-1 SharePoint Online User Profiles administration interface
Figure 2-2 SharePoint On-Premises User Profile Services administrative interface
Introduction to user profiles, audiences, and My Sites
A user profile is a collection of user properties along with the policies and settings associated with each of those properties. A user profile is a description of a single user—not just that user’s account, but the user’s skills, experiences, expertise, and other metadata that can be useful in finding that user for particular purposes.
By default, the user-profile properties are populated from the Azure Active Directory service via a one-way synchronization at least once every 24 hours. If your organization manually created user accounts in the Office 365 directory service, users will receive Microsoft Azure Active Directory credentials for signing into the Azure Active Directory service. Similar to SharePoint 2013, Office 365 performs only authorization. It leaves authentication to the Azure Active Directory. These credentials are separate from other desktop or corporate credentials, although in hybrid implementations, there will be a synchronization with your on-premises Active Directory using the Azure Active Directory Connect tool. You’ll use the Office 365 Admin Center to make changes to these user accounts.
If your organization is synchronizing Azure Active Directory with an on-premises Active Directory, your user profiles are being synchronized with the Azure Active Directory, which is then synched with SharePoint Online user profiles. Active Directory information goes in only one direction—from the on-premises Active Directory server to Azure Active Directory, which is then synchronized with SharePoint Online. This ensures that user information in SharePoint Online reflects the most current and accurate state of your user data in Active Directory.
Not all profile information is synchronized from a directory service. Each profile property can be sourced from a different location, such as direct user input, HR systems, directory services, or all of these. New profile properties created within SharePoint Online can pull from various systems, but these custom properties cannot write back to those systems.
Somewhat similar to profiles are audiences. Audiences enable organizations to target content to users based on who they are when they come to the page. Audiences are built at the profile layer but applied at the site and web-part layers, depending on how the audience is used. Audiences can be defined by one of the following elements or a combination of them:
- Membership in a distribution list
- Membership in a Microsoft Windows security group
- Location in organizational reporting structure
- Public user-profile properties
Audiences are not a security feature. For example, even if a person is not a member of an audience, if she has permissions to a web part and has the URL of that web part, she will be able to access the content within the web part. So think of audiences as a view-crafting feature—you get to select what people see when they come to the page based on a set of predefined characteristics that are defined within a set of audience rules.
My Site settings and experiences are also affected by user profiles. My Sites are essentially personal portals that give individual users the ability to have a one-to-many collaboration path with the enterprise. My Sites are where the social features of SharePoint Online are consumed (for the most part) and represent a type of personal space that can be individualized directly by the user.