Microsoft Entra, previously known as Azure Active Directory, is a central component of Microsoft’s Identity and Access Management solutions. It’s needed for creating user and group objects that can be enabled with Microsoft Cloud services and assigned roles. Using Microsoft Entra, admins can create Microsoft Entra users and groups, manage access permissions, and enable group conversations. Integrating Microsoft Teams and Office 365 groups (Microsoft 365 groups) further extends its capabilities.
Microsoft Entra integration with the other Microsoft cloud services enables these to take advantage of the centralized Identity and Access Management solution across the entire Microsoft cloud environment.
Let’s look at creating Microsoft Entra users and groups and the different types of Microsoft 365 groups, as this will help one prepare for the Microsoft Azure AZ-104 exam.
User and Group Management in AZ-104 Curriculum
Managing Microsoft Entra users and groups is a requirement for Azure Administrators, as reflected in the AZ-104 exam curriculum. Note the following competencies you will need to demonstrate as part of the exam related to users and groups:
- Creating users and groups
- Managing user and group properties
- Overseeing licenses in Microsoft Entra ID
- Handling external users
- Configuring self-service password reset (SSPR)
This section will examine creating users and groups and the processes to achieve this objective. Users and Groups can be created by the following:
- Automatic synchronization from on-premises directories
- Manually created in the Azure admin center
Automating the Creation of Users and Groups
Automating the creation of users and groups in Microsoft Entra using Azure AD Connect is a streamlined approach that syncs with your on-premises Active Directory. This automation simplifies the Management tasks and ensures user and group information consistency across both on-premises and cloud environments and resources.
Below is a screenshot of Azure AD Connect:
1. Install and Configure Azure AD Connect:
- Begin by installing Azure AD Connect on a server
2. Choose Synchronization Options:
- Select the desired synchronization options, such as synchronizing all users and groups or filtering what gets synchronized
3. Schedule Synchronization:
- Set up a synchronization schedule that suits your organization’s needs. Azure AD Connect can periodically sync to keep user and group information updated
4. Monitor and Manage Synchronization:
- Utilize Azure AD Connect Health to monitor the synchronization process, ensuring data consistency and troubleshooting any issues
You can learn more about Azure AD Connect (now Entra Connect Sync): Microsoft Entra Connect Sync: Understand and customize synchronization – Microsoft Entra | Microsoft Learn.
Manually Creating Users and Groups in Azure AD
Creating users and groups in Microsoft Entra, formerly Azure Active Directory, is important for organizational Identity and Access Management. The process can be done in the admin center, where admins can create Microsoft Entra users and groups, define unique group names, and assign group members.
Permissions required to create users
To create a new user, you must be a member of the Global administrators or the User administrators groups. Azure AD allows both administrators and users to manage forgotten passwords.
Once a user is created, they can be added to an Office 365 group, enabling group conversations and collaborative work on a SharePoint site. Group owners can manage group settings, add or remove members, and oversee the shared group calendar on Outlook.
Adding guest users
There is another way to add users to Azure Active Directory, and that is by inviting users to your organization. You can invite a new guest user to collaborate with your organization, which may benefit contractors and others working with your organization.
Azure AD structure
Creating structured groups, whether public or private, allows for better organization and management of resources. Admins can manage group access levels through the Microsoft 365 admin center and integrate with Microsoft Teams for enhanced communication.
Also, note the following:
- Creating users and assigning them to groups ensures streamlined task Management, as each member can access the resources and tools necessary for their roles
- Microsoft Entra’s integration with Microsoft 365 Groups and Microsoft Teams admin center also enhances the ability to manage group messages, shared document libraries, and more
Creating Users in Microsoft Entra
Creating users is a simple process in Microsoft Entra. Here’s a step-by-step guide based on official documentation:
- Access the Admin Center:
- Sign in to the Microsoft Entra admin center with your admin credentials
- Navigate to User Management:
- Select ‘Users,’ then ‘Active users.’
- Add New User:
- Click on Add a user and fill out the necessary information, including the user’s name, username, and domain
- Assign Roles:
- Assign the appropriate role to the user, ensuring they have access to perform their tasks. Azure Roles help to bolster role-based access control in Azure by assigning users only the permissions they need
- Configure Additional Settings:
- Set up multi-factor authentication, location, and licenses as needed
- Review and Complete:
- Review the details, make any necessary adjustments, and complete the user creation process
Bulk-creating users
In Azure AD (Microsoft Entra), you can also create users in bulk.
- Only Global administrators or User administrators can create and delete user accounts
- The admin creates a comma-separated values (CSV) template to bulk create users
- You can also download bulk templates from Microsoft in the Azure AD portal
Note the following official documentation for creating bulk user accounts: Create bulk user accounts – Training | Microsoft Learn.
Understanding Azure Active Directory Groups
Azure Active Directory (Azure AD) Groups allow managing access to resources. Let’s note a few key points.
Group Types – Security groups are primarily used for granting access permissions to resources. On the other hand, mail-enabled security groups grant permissions and facilitate email communication among group members.
Access Management – These groups allow administrators to define and manage user access, ensuring that users have the appropriate permissions to access the resources necessary for their roles while maintaining a secure environment.
Directory Roles – Azure AD Groups are essential in assigning directory roles. Directory roles are permissions that administrators can grant to users or groups, thereby delegating specific administrative tasks efficiently and securely.
Application Access – Group members are granted access to specific applications, simplifying the process for administrators and providing users with the necessary resources.
Conditional Access Policies – Azure AD Groups support conditional access policies, allowing for dynamic access controls based on user location, device status, and other factors. This feature enhances security by granting access under secure and compliant conditions.
Security and Compliance – These groups provide a framework for administrators to implement and enforce security policies and compliance standards across the organization.
Understanding Microsoft 365 Groups
Microsoft 365 Groups enable collaborative environments within organizations. Each group provides a shared workspace, enhancing the ability for users to communicate and collaborate efficiently.
Group Resources – The SharePoint site within each Office 365 group serves as a central hub for storing, organizing, and accessing documents, promoting smooth team collaboration. These groups facilitate group conversations, allowing members to discuss ongoing topics and projects efficiently.
Group Calendar – Microsoft 365 groups enable members to schedule and manage events collaboratively, providing an integrated view of availability and preventing scheduling conflicts.
Mailbox Features – Each Microsoft 365 has a shared mailbox accessible through Outlook, centralizing communication and ensuring all group members have access to vital information.
Public and Private Groups – Groups can be configured as public, open to all in the organization, or private, limiting access and visibility for confidential tasks.
BI and Planner Integration – Integration with Power BI in Microsoft 365 groups supports data analysis and visualization. At the same time, Microsoft Planner aids in task Management, allowing for efficient assignment and monitoring of tasks within the group.
Creating Microsoft 365 Groups
Creating an Microsoft 365 group is straightforward. Navigate to the admin center, select the “Groups” option, and then choose “Add a group.” The new group is readily available after specifying the group name and adding members.
Azure AD Groups vs Microsoft 365 groups
Azure Active Directory (Azure AD) Groups and Microsoft 365 (previously Office 365) Groups are two distinct types of groups designed to provide different functionalities within the Microsoft Cloud environment.
For both types of groups, Microsoft has enabled the ability to create and manage both throughout the different apps. For example, in the Exchange Admin Center, you can see both types of groups in the environment, encompassing Microsoft 365 groups, distribution lists, dynamic distribution lists, and mail-enabled security groups. This is the case across most Admin Centers that allow choosing resources from both sides.
Let’s look at the differences between the different types of groups.
Azure Active Directory (Azure AD) Groups
- Identity and Access Management (IAM): Azure AD Groups primarily focus on securing resource access. They are used to manage user access to various cloud-based and on-premises resources
- Group Types: Azure AD Groups include security groups and mail-enabled security groups. Security groups are used for granting access permissions to resources, while mail-enabled security groups additionally provide collaboration capabilities
- Directory Role Assignment: Azure AD Groups allow for directory role assignments that grant users specific administrative privileges, helping delegate administrative tasks efficiently
- Integration: Though they integrate with various Azure services and applications, Azure AD Groups are not as inherently tied to productivity and collaboration tools as Microsoft 365 Groups are
Microsoft 365 Groups
- Collaboration-Focused: Microsoft 365 Groups are designed primarily to facilitate collaboration among users. When a group is created, they automatically provide shared resources like a SharePoint site, OneNote notebook, and a shared mailbox
- Group Resources: Upon creation, each group gets a dedicated space for storing documents, a shared calendar, and a platform for group conversations, fostering a collaborative environment
- Visibility: Groups can be set as private or public. Public groups are accessible to all organization members, while private groups restrict access
- Integration: Microsoft 365 Groups are tightly integrated with Microsoft’s suite of productivity tools and services, including Outlook, SharePoint, Microsoft Teams, and OneDrive
Summary of differences:
- Purpose: While Azure AD Groups are designed to focus on access Management and security, Microsoft 365 Groups are created with collaboration and productivity in mind
- Integration: Microsoft 365 Groups are more closely integrated with Microsoft’s collaboration and productivity tools suite than Azure AD Groups
- Group Types: Azure AD supports security and mail-enabled security groups, whereas Microsoft 365 Groups support collaboration with integrated applications and services
Managing Group Members
Effectively managing group members is vital for ensuring secure and organized collaboration within the team sites. Let’s look at how to create an Office 365 group (Microsoft 365 group) and remove group members.
The process of adding and removing group members
Adding members to groups is straightforward in the admin center. Conversely, removing members is also a simple process that can be conducted with just a few clicks, providing administrators with control over group membership.
Creating Groups in Microsoft Entra
Let’s look at the process to create groups in Microsoft Entra as a crucial step toward structured organization and Management of users based on various criteria such as department, project, or access levels. Here’s a step-by-step guide:
1. Access Admin Center:
- Navigate to the admin center using your admin credentials
2. Initiate Group Creation:
- Go to the Groups page and select Add a Group. Choose the group type: a Microsoft 365 group, Microsoft Teams, or a security group
3. Specify Group Details:
- Fill in the necessary group details, including the group name, description, and whether it’s a public group or private group
4. Add Members:
- Add members to the group, specifying the group owners and members. You can also set up a group mailbox here
5. Configure Group Settings:
- Configure additional group settings, like the Outlook group calendar, for group communications and scheduling
6. Review and Create:
- Review all the details and click ‘Create’ to finalize the group creation
7. Manage Group Post-Creation:
- Post creation, manage the group through the admin center, where you can modify group settings, add or remove members, and manage group conversations
Note the following documentation for more information on creating group accounts: Create group accounts – Training | Microsoft Learn.
Wrapping up
Creating Microsoft Entra users and groups is essential in managing Microsoft 365. Administrators must understand and effectively utilize Microsoft Entra to create and manage users and groups and understand the different types of groups and how they are used.
Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.