Guide

UserDesk lets your IT admin hand off routine Microsoft 365 tasks — like creating new users, resetting passwords, and assigning licenses — to trusted non-IT staff such as HR managers or office coordinators.

Instead of logging a ticket every time someone joins or leaves, the right people can handle it themselves through a controlled, auditable interface — without ever touching the Azure or Microsoft 365 admin centers.

When your organization first connects to UserDesk, your Global Admin will need to approve the permissions the app needs. This is a one-time setup step that happens automatically during onboarding.

• Step 1 — Subscribe —An admin from your organization picks a plan (Starter or Pro) and completes payment.
• Step 2 — Authorize —Your Global Admin approves the permissions UserDesk needs to manage users, groups, and licenses in your Microsoft 365 tenant.
• Step 3 — Sign in —Anyone in your organization can now sign in with their Microsoft 365 work account. The first person to sign in becomes the portal Admin.

You sign in with your Microsoft 365 work account. UserDesk uses Microsoft's standard OAuth login — no separate password to manage.

Your session stays active as long as you're using the portal. Behind the scenes, your access token is automatically refreshed so you don't get logged out after an hour.

The Users page lists every account in your Microsoft 365 tenant. Click any row to open the detail panel where you can view and manage the account. Use the search bar to filter by name, email, or department.

• Create user —Click “+ New user” to create a new M365 account. Pick licenses and groups directly, or apply a template to pre-fill everything.
• Edit profile —Click any user to open their detail panel, then edit display name, department, job title, phone number, and office location.
• Reset password —Generates a readable temporary password (e.g. BoldTiger42!). The user is forced to change it on next sign-in.
• Enable / Disable account —Blocks or restores sign-in access immediately — useful for offboarding or temporary account holds.
• Assign / Remove licenses —View assigned licenses with friendly names, assign new ones from available inventory, or remove existing ones.
• Convert to shared mailbox —An offboarding tool that converts a user to a shared mailbox in one step — removes groups, removes licenses, disables sign-in, and converts the mailbox type.
• Delete user —Permanently removes the account from Microsoft 365. Requires confirmation to prevent accidents.

Templates save a standard configuration for a role type in your organization. When you create a new user, pick a template and UserDesk pre-fills department, job title, licenses, and group memberships automatically.

For example, a Sales Rep template might set Department = Sales, assign a Business Premium license, and add the user to the Sales Team group — all in one step. You can still adjust any field before creating the user.

• Name —A descriptive label for the role type (e.g. “IT Contractor”).
• Department & Job title —Pre-filled onto the new user’s M365 profile.
• Usage location —Required by Microsoft to assign licenses. Typically the user’s country.
• Licenses —One or more licenses to assign automatically at creation.
• Groups —M365 groups or distribution lists the user is added to automatically.

The Teams & Groups page is split into two tabs — Teams and Groups & DLs — so they stay conceptually separate even though they use the same Microsoft 365 infrastructure.

• Teams tab —Lists every Microsoft Team in your tenant. Click a team to see its members, add or remove people.
• Groups & DLs tab —Lists distribution lists, M365 groups, and security groups. Each row shows the group type and email address.
• Create group —Click “+ New Group” to create Teams, security groups, or distribution lists.
• Edit & manage members —Click any group to edit its name, description, and manage members directly.

Every action taken through UserDesk is recorded automatically — password resets, account changes, license assignments, group membership changes, user creation and deletion, and template modifications. Entries cannot be edited or deleted.

• Search —Filter entries by user or target email address.
• Action type filter —Show only specific actions like password resets or license changes.
• Date range —Narrow results to a specific time period.
• Details —Click any entry to see full metadata — which licenses, which groups, what changed.

Every person who signs into UserDesk is assigned one of three roles. The first person from your organization to sign in automatically becomes an Admin. Everyone else starts as a Viewer.

• Admin —Full access — manage M365 users, templates, groups, licenses, billing, and control who else can use the portal.
• Member —Can manage M365 users (create accounts, reset passwords, assign licenses, manage groups) but cannot change portal access, billing, or settings.
• Viewer —Read-only — can see the user list, groups, and audit log but cannot take any actions.

UserDesk offers two subscription tiers, both available in monthly and annual billing (save ~2 months with annual).

• Starter — $59/mo —Up to 50 M365 users, 3 portal admins. User management, password resets, license management, templates, and audit log.
• Pro — $99/mo —Unlimited M365 users and portal admins. Everything in Starter plus Teams & Groups management, shared mailbox conversion, advanced group settings, and priority support.

UserDesk connects to your Microsoft 365 tenant using Microsoft's standard OAuth authorization. The portal never stores passwords or has standing access to your data outside of active sessions.

• Security headers —X-Frame-Options, HSTS, Content-Type-Options, XSS Protection, and Permissions-Policy on every response.
• Rate limiting —Sensitive write operations are rate-limited to prevent abuse.
• Session validation —Every API request validates the session, checks token expiry, and verifies the user’s portal role.
• Token auto-refresh —Access tokens refresh automatically so sessions last beyond the default 1-hour window.
• Audit trail —Every action is logged with actor, target, timestamp, and full metadata. Entries cannot be edited or deleted.
• Tenant isolation —Each organization’s data is fully isolated. API calls use the signed-in user’s own token.