Manage Yammer users across their life cycle from Office 365

After Yammer is activated on your Office 365 tenant, you, as the Office 365 administrator, can control the life cycle for Yammer users from Office 365. When you create users in Office 365, they can log on to Yammer with their Office 365 credentials. When a user is deleted from Office 365, they are automatically deactivated or suspended in Yammer. When a user is restored in Office 365, they are reactivated in Yammer. Also, the user's profile properties (such as name and department) from Azure Active Directory will be automatically populated in the user's Yammer profile, and any changes to the profile properties in Azure Active Directory will be reflected in Yammer as well.

Create a user

Yammer users are created as they log on, instead of being created with bulk updates or sync from Active Directory. Let's take a look at how a Yammer user is created in the following diagram.

The process follows these steps:

1. The Office 365 admin creates a user in Office 365.

2. The user logs on to Office 365 using the identity provider that is configured for the tenant.

3. The user clicks the Yammer tile in the app launcher to go to Yammer.

   

4. A new Yammer user is created for the Office 365 user.

5. The user's profile properties from Azure Active Directory are automatically populated in the user's Yammer profile.

Block a user

An administrator can block a user in Office 365, and the user will be logged out of Yammer as well as all the other Office 365 services. The following diagram shows how this works:

The process follows these steps:

1. The Office 365 administrator sets the user's sign-in status to Blocked.

   To do this:

   1. In the Office 365 admin portal, select a user and choose Edit User. The Sign-in status is shown in the user details, as in the following screenshot.

      

   2. Choose Edit next to Sign-in status to swtich between Allowed and Blocked, as in the following screenshot.

      

2. This action flows into Yammer, and the corresponding user is logged out of Yammer (on all devices). When this user tries to login to Yammer again from any device, he or she will be prompted to login with their Office 365 credentials. However, the user will not be able to login because their sign-in status is set to blocked. As a Yammer verified administrator, you can go to the Network Admin area, and look at the Account activity section to verify that the Yammer user has been logged out, as in the following screenshot, where the user has no active Yammer sessions.

   

Delete a user

If an employee leaves the company, you can delete the user from Office 365. When the user is deleted from Office 365, the corresponding user is deactivated (also known as suspended) in Yammer. The following diagram shows how this works:

The process follows these steps:

1. An admin deletes a user from Office 365, as shown in the following screenshot:

   

2. The user deletion in Office 365 flows into Yammer, and the corresponding Yammer user is deactivated in Yammer. Specifically, the operation is equivalent of navigating to Yammer administration, choosing Remove Users, and then selecting Deactivate this user, as shown in the following screenshot:

   

   Users who are deactivated (or suspended) this way will show up in Yammer administration pages as being deactivated by System Administrator, as shown in the following screenshot:

   

3. When you delete a user in Office 365, the user becomes inactive. After approximately 30 days, user data gets permanently deleted. See Delete or restore users for more information.

4. Similarly, when a user is deactivated in Yammer, that user becomes inactive in Yammer. After approximately 90 days, deactivated users are permanently removed, but their Yammer messages are retained. For more information, see Remove users.

Restore a user

An administrator can also restore a user in Office 365, and the user will be reactivated in Yammer. The following diagram shows how this works:

The process follows these steps:

1. The Office 365 administrator can restore a deleted user in Office 365, as shown in the following screenshot:

   

2. This action flows into Yammer as well, and the previously deactivated user in Yammer is reactivated.

Yammer user profile update from Azure Active Directory

Office 365 uses the cloud-based service Azure Active Directory (Azure AD) to manage users. You can either manage users directly in the cloud or use Azure AD Connect to create and synchronize users/groups from your on-premises environment. When Office 365 users who are new to Yammer access Yammer for the first time using their Azure AD credentials, a Yammer user is created, and the Yammer user profile is populated with the Azure AD user properties. And when the user's profile properties are edited in Azure AD, they are updated in the existing user's Yammer profile. Say, the user's department changed in Azure AD, this change will be reflected in Yammer as well.

Users have a profile in both Office 365 and in Yammer.

• To view their profile in Office 365, users can click on their profile picture and choose About me.

  

  This lets them view and edit their user profile for Office 365.

  

• To view their profile in Yammer, users can choose Settings, and then View Profile.

  

  This lets them view and edit their user profile for Yammer.

  

There are a few key things to understand about how Yammer user profiles are updated from Azure Active Directory.

• User profile updates are one-way:    Updates are one-way, from Azure AD to Yammer. Any user profile changes made in Yammer are not be updated back to Azure AD.

• Azure AD overwrites Yammer user profile edits:    Even when Yammer user profiles are populated from Azure AD, users can edit their Yammer user profile, for example, change their Job Title. These changes are not automatically overwritten. Next time any of these updateable properties change in Azure AD, those changes will overwrite any modifications made in Yammer. There is no configuration in Yammer to block users from updating their Yammer profile.

• You can control updates by using Azure AD Connect:    If customers want to control which properties to update from their on-premises directory to Azure AD, they can do it by configuring the Azure AD Connect tool.

• Email address updates in Azure AD are reflected in Yammer:     Any updates to the user's email in Azure AD are updated in Yammer. The updated email domain should match one of the domains on the Yammer network.

• What happens if a Yammer user doesn't have an email address:    If none of the emails for the user match the domains on the Yammer network, or if the user does not have any email address in Azure AD, the Yammer user profile is updated to denote that the user does not have email, so that their colleagues are aware of this (if a user hovers over a person in Yammer, they will see in the hover card that the person does not have an email).

The Office 365 administrator can edit user properties from the Office 365 admin center.

To edit user properties in Office 365

1. In the Office 365 admin center, go to the Users section, and select or search for a user, as shown in the following screenshot.

   

2. Choose Edit next to the user name to view or change the properties, such as Email address and Display name.

   

Azure AD updates the following Yammer properties:

Property in Azure AD	Property in Yammer
Email address First Name Last Name Job Title Department Office Office phone Mobile phone Description	Email First Name Last Name Job Title Department Location Work phone Mobile phone About Me

In Office 365, you can see the user properties that will be updated for Yammer in the following dialog boxes:

• Edit email addresses dialog box

  

• Edit contact information dialog box

  

In Yammer, you can see the user properties that will be updated for Yammer on the Profile page. These properties are in the following sections:

• The Basics and Info sections

  

• The Contact section

  

Should I use Yammer Directory Sync?

We recommend that Yammer customers switch to using this consistent experience between Office 365 and Yammer to manage the life cycle of all their users. It's more convenient than managing users separately, and this is the long-term direction for Yammer as well. If you are currently using the Yammer Directory Sync tool, consider switching to managing users in Office 365. Once you switch to managing users in Office 365, turn off the Yammer Directory Sync tool.

Note: You can only manage the life cycle of users from Office 365 if they are using their Office 365 credentials to access Yammer.

The table below lists some key aspects of Yammer Directory Sync and how it compares with using Office 365 to manage the user life cycle. For more information about Yammer Directory Sync, see Plan for Yammer Directory Sync.

Task	Yammer Directory Sync	Office 365
Manage users in bulk	You can manage users in bulk with Yammer Directory Sync. However, you cannot manage Office 365 users from Yammer.	You can use Azure Active Directory Connect(Azure AD Connect) to integrate your on-premises directory with Azure Active Directory and Office 365 and to manage users in bulk. Azure AD Connect has advanced capabilities, such as password sync, Azure Multi-Factor Authentication and third-party application support. Most importantly, Azure AD Connect provides you with a single tool for integrating your on-premises Active Directory to Office 365, including Yammer. The Yammer Directory Sync tool will be deprecated on Dec 1st, 2016.
Create user	The user is created as a pending user in Yammer, and this user is sent an email invitation to join Yammer.	A user can log on to Yammer with his or her Office 365 account, at which point the user is created in Yammer.
Delete user	The user is deactivated in Yammer. Users in pending state are deleted.	The user is deactivated in Yammer.
Configure custom invitation emails	You can create custom invitation emails when you use Yammer Directory Sync allows you to create custom invitation emails.	Office 365 does not support custom invitation emails. However, as Yammer becomes more closely integrated with Office 365, we expect users to discover and use Yammer as they use Office 365, instead of needing a one-time email introduction.
Update user profiles	You can update Yammer profiles from Yammer Directory Sync.	You can use Azure AD Connect to synchronize user profile properties from your on-premises Active Directory to Azure Active Directory. These changes will update the Yammer user profile as well.

FAQ

Q: Will user profile pictures be updated from Office 365 to Yammer?

A: Yes. If a user's Yammer profile does not include a picture, the profile will be updated with the user's Office 365 profile picture. This update is initiated when the user logs in to Yammer and will be reflected in the Yammer profile within few hours. If the user later updates his or her Office 365 profile picture, the Yammer profile picture will also update after the user logs into Yammer.

Q: How does Yammer single sign-on (SSO) affect Yammer user life cycle management in Office 365?

A: Yammer SSO helps with identity management, making sure that users log on to Yammer with the same credentials as they do in their on-premises environment. An alternative to this is using the Office 365 sign-in for Yammer, which lets users log on to Yammer with their Office 365 credentials (Office 365 supports SSO as well). As users log on, we create a mapping between users in Office 365 and Yammer. Yammer user life cycle management from Office 365 depends on this mapping of users between Office 365 and Yammer. So, if you use Yammer SSO, you cannot take advantage of Yammer user life cycle management in Office 365.

Important: 

• Yammer SSO is being deprecated and will stop working after December 1st, 2016. You will not be able to set up new configurations with Yammer SSO after April 1st, 2016. Instead of Yammer SSO, we recommend that you use Office 365 sign-in for Yammer.

• For more information about the deprecation and how to transition out of Yammer SSO, see Plan for Yammer SSO and DSync deprecation.

Q: How is Yammer user life cycle management different from Office 365 sign-in for Yammer?

A: Yammer SSO and Office 365 sign-in for Yammer are different options for identity management. This change is for user life cycle management. They are related, but different. Office 365 sign-in for Yammer is a prerequisite for user life cycle management.

Q: Can we disable the Yammer Directory Sync tool once Yammer user life cycle management in Office 365 is available?

A: The long term product direction is to manage the life cycle of Yammer users in Office 365. However, the decision of when to turn off Yammer Directory Sync is based on how your company uses it.

Important: 

• Yammer DSync is being deprecated and will stop working after December 1st, 2016. You will not be able to set up new configurations with Yammer DSync after April 1st, 2016. Instead of Yammer DSync, we recommend that you use Azure AD Connect Connect. For more information, see Integrating your on-premises identities with Azure Active Directory and Understanding Office 365 Identity and Azure Active Directory.

• For more information about the deprecation and how to transition out of Yammer SSO and Yammer DSync, see Plan for Yammer SSO and DSync deprecation.

Q: The Yammer Directory Sync tool updates profile fields today. Will Yammer user life cycle management in Office 365 update profile fields as well?

A: Yes.

Q: What happens when an email address is changed in Office 365? Will that trigger an email address change in Yammer?

A: Yes.

Q: My company has a configuration where not all Yammer users are yet in Office 365. How will user life cycle management work in this case?

A: The users who log on to Yammer with Office 365 credentials can be managed in Office 365. You can continue to manage the users who don't use their Office 365 credentials the same way you manage them today. Eventually, when you move everyone to Office 365, you will have one single place to manage all your users (including those who use Yammer).