Microsoft 365 Admin Center — Management, Security, and Best Practices
A practical guide to managing Microsoft 365 through the Admin Center — user management, license assignment, security configuration, Exchange, and Teams administration.
Microsoft 365 Admin Center Overview
The Microsoft 365 Admin Center (admin.microsoft.com) is the central management portal for your organization's Microsoft 365 subscription. From here, you can manage users, licenses, security, email, Teams, and more.
Admin Center URL
Main Admin: https://admin.microsoft.com
Exchange: https://admin.exchange.microsoft.com
Teams: https://admin.teams.microsoft.com
Security: https://security.microsoft.com
Compliance: https://compliance.microsoft.com
Entra (Azure AD): https://entra.microsoft.com
User Management
Creating Users
Admin Center → Users → Active Users → Add a user
Required fields:
- Display name
- Username (user@yourdomain.com)
- Password (auto-generate or manual)
- License assignment
- Role (User, Admin, Global Admin, etc.)
Bulk User Operations
powershell
# PowerShell: Bulk create users from CSV
# users.csv format:
# UserPrincipalName,DisplayName,FirstName,LastName,Department,License
# john@company.com,John Doe,John,Doe,Engineering,ENTERPRISEPACK
Connect-MgGraph -Scopes "User.ReadWrite.All"
Import-Csv users.csv | ForEach-Object {
$passwordProfile = @{
Password = "TempP@ss123!"
ForceChangePasswordNextSignIn = $true
}
New-MgUser -DisplayName $_.DisplayName `
-UserPrincipalName $_.UserPrincipalName `
-PasswordProfile $passwordProfile `
-MailNickname ($_.UserPrincipalName -split '@')[0] `
-AccountEnabled `
-Department $_.Department
}License Management
Admin Center → Billing → Licenses
Common licenses:
- Microsoft 365 Business Basic — Web apps + Exchange + Teams
- Microsoft 365 Business Standard — Desktop apps + above
- Microsoft 365 Business Premium — Above + security + Intune
- Microsoft 365 E3/E5 — Enterprise features
powershell
# PowerShell: Assign license
$userId = "john@company.com"
$skuId = (Get-MgSubscribedSku | Where-Object SkuPartNumber -eq "ENTERPRISEPACK").SkuId
Set-MgUserLicense -UserId $userId -AddLicenses @{SkuId = $skuId} -RemoveLicenses @()Security Configuration
Multi-Factor Authentication (MFA)
Entra Admin Center → Protection → Authentication methods
Recommended:
1. Enable Microsoft Authenticator as primary
2. Enable FIDO2 security keys for admins
3. Disable SMS authentication (SIM swap risk)
4. Create Conditional Access policies
Conditional Access Policies
Entra → Protection → Conditional Access → New Policy
Essential policies:
1. "Require MFA for all users"
- Users: All users (exclude break-glass account)
- Cloud apps: All cloud apps
- Grant: Require MFA
2. "Block legacy authentication"
- Users: All users
- Conditions: Client apps → Other clients
- Grant: Block access
3. "Require compliant device for admins"
- Users: Admin roles
- Grant: Require device compliance
4. "Block sign-in from risky locations"
- Users: All users
- Conditions: Named locations → untrusted
- Grant: Block or require MFA
Security Defaults
For smaller organizations without Azure AD P1:
Entra → Properties → Security Defaults → Enable
This automatically:
- Requires MFA for all users
- Blocks legacy authentication
- Protects privileged actions
Exchange Online Administration
Mail Flow Rules
Exchange Admin → Mail flow → Rules
Example: Disclaimer for external emails
- Apply to: Messages sent to outside the organization
- Action: Append disclaimer
- Text: "This email is confidential..."
Example: Block attachments with macros
- Apply to: Any attachment has executable content
- Action: Reject the message
Shared Mailboxes
Exchange Admin → Recipients → Mailboxes → Add shared mailbox
Benefits:
- No license required
- Multiple users can access
- Shared calendar and contacts
- 50 GB storage limit
Anti-Spam and Anti-Phishing
Security Center → Email & collaboration → Policies
Configure:
1. Anti-phishing policy — Protection against impersonation
2. Anti-spam policy — Spam filtering thresholds
3. Anti-malware policy — Attachment scanning
4. Safe Attachments — Sandbox detonation (E5/Defender)
5. Safe Links — URL rewriting and protection (E5/Defender)
Teams Administration
Teams Policies
Teams Admin → Messaging policies
Configure:
- Who can create teams
- Who can create channels
- Guest access permissions
- File sharing settings
- Meeting recording policies
Meeting Policies
Teams Admin → Meetings → Meeting policies
Key settings:
- Allow external participants
- Enable/disable recording
- Allow transcription
- Lobby settings
- Screen sharing permissions
SharePoint Administration
SharePoint Admin Center → Sites → Active Sites
Key tasks:
- Create team sites and communication sites
- Manage site storage quotas
- Configure sharing settings (internal/external)
- Set up content types and metadata
(For detailed SharePoint configuration, see our dedicated SharePoint Configuration Guide.)
PowerShell Management
Connecting to Microsoft 365
powershell
# Install Microsoft Graph module
Install-Module Microsoft.Graph -Scope CurrentUser
# Connect
Connect-MgGraph -Scopes "User.ReadWrite.All","Organization.Read.All"
# Common commands
Get-MgUser -All # List all users
Get-MgUser -UserId "john@company.com" # Get specific user
Get-MgSubscribedSku # List licenses
Get-MgDomain # List domainsUseful Scripts
powershell
# Find users without MFA
Get-MgUser -All | ForEach-Object {
$methods = Get-MgUserAuthenticationMethod -UserId $_.Id
if ($methods.Count -le 1) {
[PSCustomObject]@{
User = $_.DisplayName
Email = $_.UserPrincipalName
MFAMethods = $methods.Count
}
}
}
# Export license report
Get-MgUser -All -Property DisplayName,UserPrincipalName,AssignedLicenses |
Select-Object DisplayName, UserPrincipalName,
@{Name="Licenses"; Expression={
($_.AssignedLicenses | ForEach-Object {
(Get-MgSubscribedSku | Where-Object SkuId -eq $_.SkuId).SkuPartNumber
}) -join ", "
}} |
Export-Csv "license-report.csv" -NoTypeInformation
# Find inactive users (no sign-in for 90 days)
$cutoff = (Get-Date).AddDays(-90)
Get-MgUser -All -Property DisplayName,UserPrincipalName,SignInActivity |
Where-Object { $_.SignInActivity.LastSignInDateTime -lt $cutoff } |
Select-Object DisplayName, UserPrincipalName,
@{Name="LastSignIn"; Expression={$_.SignInActivity.LastSignInDateTime}}Monitoring and Reporting
Service Health
Admin Center → Health → Service health
Monitor:
- Exchange Online status
- Teams status
- SharePoint/OneDrive status
- Microsoft Entra status
Usage Reports
Admin Center → Reports → Usage
Available reports:
- Active users
- Email activity
- Teams activity
- OneDrive/SharePoint usage
- Microsoft 365 apps usage
Audit Logs
Compliance Center → Audit
Search for:
- Admin activities (user creation, license changes)
- User activities (file access, sharing)
- Security events (failed logins, MFA challenges)
Best Practices
- Use Global Admin sparingly — Create dedicated admin accounts for daily admin tasks
- Enable MFA for all accounts — Especially admin accounts
- Create a break-glass account — Emergency access with MFA exception (monitor heavily)
- Block legacy authentication — Prevent password spray attacks
- Review licenses regularly — Remove licenses from departed employees
- Enable audit logging — Track all admin and user activities
- Configure alerts — Email forwarding rules, mass deletions, unusual sign-ins
- Use groups for license assignment — Easier to manage than per-user
- Document your configuration — Policies, rules, and customizations
- Keep up with Message Center — Microsoft announces changes there first
Conclusion
Microsoft 365 Admin Center is the command center for your organization's cloud infrastructure. Mastering user management, security configuration, and PowerShell automation enables you to manage your environment efficiently and securely. Focus on security first (MFA, Conditional Access), then optimize user experience and collaboration settings.
Related: SharePoint Configuration and Linux Server Hardening.