Get CIPPJoin Discord

Users

Interact with Microsoft 365 users.

User management. Equal to and extending Microsoft 365 admin center > Active Users.

Overview

The main table provides an overview of information including display name, email address, licensing, enabled/disabled status, and if the account is AD synchronized. Behind the ellipsis menu user creation date, last sync date, and user GUID are also available.

Actions

Add user.

Per-User actions:

Field
Description

👁 View user details

Display advanced user account details. [More information]

✍️ Edit user

Allows editing user details, same as user edit view from Microsoft 365 admin. Additionally, you can copy group membership to the target user from another active user.

Research Compromised Account

Single pane of glass review of common indicators of compromise (IoC) [More information]

Create Temporary Access Password

Create a temporary password to allow full passwordless enrollment. [More information]

Rerequire MFA registration

Sets user legacy MFA status to Enabled

Create OneDrive ShortCut

Creates a OneDrive shortcut in the root of the users OneDrive to a SharePoint site.

Send MFA push

Sends an MFA approval prompt to a users registered devices. A simple way to verify functionality.

Convert to Shared Mailbox

Convert a mailbox to shared.

Set Out of Office

Set an out of office message for the user or shared mailbox. Note: Setting a different internal and external autoreply is currently not supported

Disable Out of Office

Disables out of office message for the user or shared mailbox.

Disable Email Forwarding

Disables all email forwaeding set both ForwardingAddress and ForwardingSMTPAddress to $null

Block Sign In

Disable account sign in.

Reset Password (Must Change)

Reset account password to a random value (Example: 2WcAu%VMy89P) and require user to set a new password on login.

Reset Password

Reset account password to a random value (Example: 2WcAu%VMy89P).

Revoke all user sessions

Revoke all sessions, requiring user to sign in again.

Delete User

Delete user account.

Note that clicking one of these actions will present a confirmation modal dialog.

View user details

Displays details about the user account.

  • Azure AD user attributes (Names, Job Title, Address, Phone)

  • Last sign in details

  • Sign in logs

  • Conditional access details

  • Email usage

  • OneDrive usage

  • Email settings

  • Devices

  • Groups

Research Compromised Account

The Business Email Compromise Overview retrieves common data used when reviewing a possibly-compromised account.

For more in-depth analysis, Hawk is well-regarded.

Data Retrieved

  • User devices (including first sync time)

  • Recently added email forwarding rules

  • Recently added users

  • User last logon details

  • Recent password changes

  • Mailbox permission changes

  • Application changes

  • Mailbox logons

If an account appears compromised, Remediate User performs the following actions:

  • Block user signin

  • Reset user password

  • Disconnect all current sessions

  • Disable all inbox rules for the user

Create Temporary Access Password

Create a temporary access password for a user to enroll in passwordless for Azure Active Directory.

Both passwordless authentication and the temporary access password function must be enabled on the tenant. See AzureAD: Configure Temporary Access Pass in Azure AD to register Passwordless authentication methods

Query String Support

The Add User has the ability to be form filled via URL query strings. This table shows all supported query strings. For example https://yourcipp.app/identity/administration/users/add?customerId=Mydomain.onmicrosoft.com&city=Rotterdam would automatically fill in the city for a user.

QueryString
Field

customerId

Client Tenant ID(Only required field)

businessPhones

Business Phone Number

city

User City Location

companyName

Company Name

country

Country

department

Department

displayName

Display Name

givenName

First Name

jobTitle

Job Title

mailNickname

Username before the email address part(User<@domain.com>)

mobilePhone

Mobile Phone Number

addedAliasses

Added Aliasses, Multiple allowed via linebreak(%0A)

postalCode

Zip or post code

streetAddress

Address information

surname

Last Name

usageLocation

User location for license, can be left blank for default.

primDomain

User Primary Domain (User<@domain.com>)

MustChangePass

Boolean, default is false.

AutoTask LiveLink

If you want to create your own LiveLink you can use the QueryString below.

?city=<CITY>&country=<COUNTRY>&customerId=<UDF-TenantId(tblCustomers)>&primDomain=<ACCOUNTWEBSITEADDRESS>&usageLocation=NL&streetAddress=<ACCOUNTADDRESS1>&companyName=<ACCOUNTNAME>&businessPhones=<ACCOUNTPHONE>&postalCode=<ACCOUNTPOSTALCODE>&givenName=<CONTACTFIRSTNAME>&surname=<CONTACTLASTNAME>
PreviousAdministrationNextRisky Users

Last updated