In a Microsoft Entra tenant, there are users, groups, and devices that are controlled through the features of Entra discussed in this section. This section focuses on managing users and groups throughout their lifecycles, how to manage device settings, how to perform bulk updates to users using automation tooling such as PowerShell, and how to manage guest accounts.
The latter part of this section discusses how to manage Entra joined devices and how to configure user experience controls, such as self-service password reset (SSPR).
Create users and groups
There are primarily two types of users in Entra ID—cloud-only users and users synchronized from an on-premises directory. Cloud-only users are created and managed exclusively in Entra ID, and their attributes can be updated directly in Entra ID.
You can create cloud-only users through the Azure portal, Azure PowerShell, Azure command-line interface (CLI), or the Microsoft Entra Admin Center or by using the Microsoft Graph. When creating new users, you must be assigned to the Global Administrator or User Administrator role. See Skill 1.2 for more details about various roles and their assignments.
To create users from the Azure portal, type Microsoft Entra ID in the search box, or browse to All Azure Services and select Microsoft Entra ID as a user with rights to create users, click Users to open the Users blade, click New User, and click Create A New User. An example of this blade is shown in Figure 1-1. Note that you can also invite users (guest users) to your directory through the Azure portal.
FIGURE 1-1 Create New User blade in the Azure portal
When creating a new user, the User Principal Name (username), Display Name (the user’s given name and surname), and Password fields are mandatory. You can configure additional settings, such as assigning specific groups and roles, blocking sign-ins from a specific location, and so on.
Groups are groups of objects that make role assignments and access permissions easier to manage. A group can contain groups, users, devices, or service principals. When using groups, you eliminate the need to individually assign roles or permissions. Creating groups is a similar experience to creating user accounts and can be performed from the Azure portal, Azure PowerShell, the Azure CLI, Microsoft Entra Admin Center, and Microsoft Graph. To create a group in the Azure portal, type Microsoft Entra ID in the Search field or browse to All Azure Services, select Microsoft Entra ID, click Groups to open the Groups blade, and click New Group. The New Group blade is shown in Figure 1-2.
FIGURE 1-2 New Group blade in the Azure portal
When you create a new group, there are several factors that dictate the type of group that is created and how that group behaves in Entra and associated workloads, such as Microsoft 365.
Acedexam Training Policies
Learning resources
Other resources
Our Training Providers
