When organizations move from on-premises servers to Office 365, they add complexity in user management. Features like role-based access, delegation of administrative permissions and automated configuration management are missing from the standard Office 365 toolkit. Autopilot gives Office 365 administrators a way to delegate administrative permissions to any user in an organization, easily and safely.
How it works
Users can be granted access to perform management actions within Autopilot. A policy engine determines if the user has the correct permissions to perform that action on the target user.
Autopilot brings the concept of virtual organizational units to Office 365 management. This allows for organizations to easily group users into manageable groups and delegate specific actions to users without having to provide those users any additional access rights in Office 365.
Bulk actions can be applied to a set of users or to an entire Organizational Unit, allowing sweeping changes to be made at the click of a button without relying on complex PowerShell scripts.
Actions can also be applied automatically via a Configuration Policy, which keeps all the users, groups, and other AD objects correctly configured against the baseline that you have specified for that group of users ensuring compliance with corporate policies.
Autopilot captures details of every action and event in its audit log so you can see exactly who made each change and when.
The only install for a customer is the optional On-Premises Agent, which needs 443 access to the Autopilot URL for the tenant.
Autopilot is a SaaS (software as a service) application that runs on the Microsoft Azure platform and acts as an abstraction layer, or proxy, between Office 365 Administrators and the Office 365 platform.
It’s hosted in Microsoft Azure, utilizing Service Fabric clusters. A few microservices lie within Service Fabric:
- Core: The core controls the policies, role-based access control, database(s), and it basically coordinates everything going on.
- User Interface: It’s built on the Office 365 UI Fabric, providing a common look and feel for those that use Office 365 for administration.
- Agent Controller: Responsible for sending work items received from the core to the appropriate agent to do the work. Those agents are Office 365/Azure PowerShell, MS Graph API, and On-premises PowerShell. Once an agent runs a command the results are sent back to the Agent Controller. The Agent Controller then sends either success or errors to the core for auditing and notification.
User interface (video)
Finally, here’s a look at the user interface: