Office 365 cloud-only identities

With cloud-only identity, all your users, groups, and contacts are stored in the Azure Active Directory (Azure AD) tenant of your Office 365 subscription. Here are the basic components of cloud-only identity.

Users and their user accounts in organizations can be categorized in a number of ways. For example, some are employees and have a permanent status. Some are vendors, contractors, or partners that have a temporary status. Some are external users that have no user accounts but must still be granted access to specific services and resources to support interaction and collaboration. For example:

  • Tenant accounts represent users within your organization that you license for cloud services

  • Business to Business (B2B) accounts represent users outside your organization that you invite to participate in collaboration Take stock of the types of users to your organization. What are the groupings? For example, you can group users by high-level function or purpose to your organization.

Additionally, some cloud services can be shared with users outside your organization without any user accounts. You'll need to identify these groups of users as well.

You can use groups in Azure AD for several purposes that simplify management of your cloud environment. For example, with Azure AD groups, you can:

  • Use group-based licensing to assign licenses for Office 365 to your user accounts automatically as soon as they are added.
  • Add user accounts to specific groups dynamically based on user account attributes, such as department.
  • Automatically provision users for Software as a Service (SaaS) applications and to protect access to those applications with multi-factor authentication and other conditional access rules.
  • Provision permissions and levels of access for SharePoint Online team sites.

You can create new users with:

You can create new groups with:

Next step for cloud-only identities

Assign licenses to user accounts