Manage multiple directories Each Entra ID tenant (or directory) is managed as an independent resource. There is no parent- child relation between directories, although users from one directory can be invited to another directory through Entra External Identities features. Because each tenant is an independent resource, directories can be created and deleted as needed. This also means […]

Interpret access assignments To manage access (role) assignments, you can use the Azure portal, the Azure CLI, Azure PowerShell, Azure SDKs, or the Resource Manager REST APIs. The following section describes how to manage role assignments using the Azure portal. In the Azure portal, the Access Control (IAM) blade is used to manage access to resources, and […]

Create a custom role In addition to built-in roles available in Azure, you might need to create a custom role to provide a set of permissions that are not available in any of the built-in roles. Custom roles can be created and assigned through the Azure portal, Azure PowerShell, Azure CLI, and REST API. This […]

Understand how RBAC works The specific permissions that are applied to a resource with RBAC are defined in a role definition. A role definition contains the list of permissions—or declared permissions—and those permissions define what actions can or cannot be performed against a type of resource, such as read, write, or delete. Role definitions, or roles, can be […]

Understand how RBAC works Role-based access control (RBAC) facilitates the management of access to Azure resources by entities referred to as security principals, as well as controls what actions those entities can perform. In addition to determining who can do what, in Azure, access can be granted to users, groups, service principals, and managed identities through role assignments, […]

Configure self-service password reset The password reset is one of the highest cost-incurring activities for many organizations, and many organizations have dedicated front-line help desks to handle such requests. Self-service password reset (SSPR) allows users to reset their own passwords in Microsoft Entra ID, including the ability to optionally write the password back to an on-premises environment when […]

Manage external users To create guest users from the Azure portal, browse to your Entra tenant as a user with rights to create users, select the Users blade, choose New User, and then select Invite External User. An example of this blade is shown in Figure 1-10. A guest user can be anyone who is invited to […]

Configure Microsoft Entra Join Also, registration of devices in Entra can be combined with a mobile device management solution, such as Microsoft Intune, Microsoft Endpoint Configuration Manager, Mobile Appli- cation Management (MAM), and Group Policy if it is hybrid joined. This allows for additional device attributes—such as device operating system version and device state (including whether the device […]

You can access this functionality by navigating to your Entra tenant in the Azure portal and then clicking Users. You will see these options at the top of the blade, as shown in Figure 1-7. FIGURE 1-7 Bulk update options in the Users blade in the Azure portal Clicking Bulk Create opens the Bulk Create […]

Manage user and group properties As users and groups are used, they might need updates to their attributes (or properties). For example, you might need to change a user’s job title, or you might need to add or remove members from an existing group. Users and groups can be updated using management tools such as the Azure portal, Azure […]