Joseph Afeso (MVP|MCT).

July 2024

1
 Joseph Afeso (MVP|MCT). July 2024
TABLE OF CONTENTS

What are Objects (On-Prem and Cloud)?________________________________________________3

Steps to create a new user account in an Organizational Unit (OU) in Active Directory______________3

1. Create the OU______________________________________________________________3

2. Create user in Active Directory the Organization Unit (OU)____________________________3

Steps to create User in the Cloud (Microsoft 365 and Microsoft Entra Admin Center)_______________5

How to Create Users in Microsoft 365 Admin Center_______________________________________5

Steps to Create User from Microsoft Entra ID_____________________________________________9

Steps to create a new group In Active Directory (AD)______________________________________13

Steps to Add a user to a group in Active Directory________________________________________14

Groups in Microsoft 365____________________________________________________________17

Groups in Microsoft Cloud (Microsoft 365 & Entra)________________________________________17

Microsoft 365 Groups______________________________________________________________17

Steps to create M365 Group from Microsoft 365 Admin Center______________________________17

Steps to create M365 Group from Microsoft Entra ID______________________________________21

Steps to create M365 Group from Exchange Admin Center_________________________________23

Steps to Add members to User Assigned Groups_________________________________________27

1. Adding members to Groups in Microsoft 365 Admin Center_____________________________27

2. Steps to Add members to Groups in Exchange Admin Center___________________________29
3. Steps to add members to Groups in Microsoft Entra Admin Center________________________30

Distribution Groups_______________________________________________________________31

Steps to create Distribution Group from Microsoft 365 Admin Center__________________________31

Steps to create Distribution Group from Exchange Admin Center____________________________34

Security groups__________________________________________________________________37

Steps to create Security Group from Microsoft 365 Admin Center____________________________39

Steps to create Security Group from Microsoft Entra Admin Center___________________________39

Mail-enabled Security Groups_______________________________________________________40

Steps to create Mail-enabled Security Group from Microsoft 365 Admin Center__________________40

Steps to create Mail-enabled Security Group from Exchange Admin Center____________________43

Reasons to Disable user accounts____________________________________________________46

Steps to disable Rest Password and enable user accounts in Active Directory (On-Prem)________46

Steps to reset password of user from Microsoft 365 Admin Center____________________________48

Steps to re-enable user account from Microsoft 365 Admin Center___________________________49

Disable account from Microsoft 365 Admin Center________________________________________49

Steps to reset user password from Microsoft Entra Admin Center____________________________51

References_____________________________________________________________________53

2
 Joseph Afeso (MVP|MCT). July 2024

What are Objects (On-Prem and Cloud)?

Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It
serves as a centralized repository for managing users, computers, and other resources within a
network. Some key objects managed in Active Directory are users, groups, computers, Organizational
Units (OUs), contacts, shared folders and printers.

Cloud objects in Microsoft 365 (formerly Office 365) refer to the various entities managed in the cloud
environment provided by Microsoft. Some key objects in Microsoft 365 include users, all types of groups
& teams, and contacts.

Steps to create a new user account in an Organizational Unit (OU) in Active Directory

3. Create the OU
• Open Active Directory Users and Computers.
• Right-click on the local domain, navigate to "New," then select "Organizational Unit," and click
on it.

Enter the name of the OU. In my case, I am naming it "Joseph_July" to contain all objects I will be
creating this July.

4. Create user in Active Directory the Organization Unit (OU)

In the Active Directory Administrative Center, navigate to the desired OU where you want to create the
new user account.

To access the Active Directory Administrative Center, follow these steps:

• Open Server Manager.

3
 Joseph Afeso (MVP|MCT). July 2024
• Go to the "Tools" menu.
• Select "Active Directory Administrative Center".

• Right-click the OU, select "New," and then select "User."

When the wizard opens, enter the user’s details. This includes the new user’s full name, user logon
name, and any other pertinent information. Once you have entered all the required information, click
"OK."

4
 Joseph Afeso (MVP|MCT). July 2024

Steps to create User in the Cloud (Microsoft 365 and Microsoft Entra Admin Center)

How to Create Users in Microsoft 365 Admin Center

Sign in to the Microsoft 365 Admin Center (admin.microsoft.com) as at least a User Administrator. Click
on "Users" and select "Active users" to see the different options available to create users. These options
include:

• Add a user: To create a single user.

• User templates: To use or create a template.

• Add multiple users: To create multiple users either by filling the table or uploading a .csv file.

Clicking on the first option, "Add a user," will display a window to input the basic information about the
user. Fill in the details and click "Next." Note that you have three options below:

1. Password options: Decide if you want the password to be generated automatically.

2. Password change requirement: Choose if you require the user to change their password
when they first sign in.

3. Send password via email: Optionally, send the password to an Administrator or the user via
email, if your organization’s policy allows it.

The next page allows you to choose the user's location and decide whether to assign a license to them
immediately. If licenses are not available, you must select "Create a user without a product license" to
proceed to the next step.

5
 Joseph Afeso (MVP|MCT). July 2024

In the next step, you have the option to choose the role you'd like to assign to this user and fill in
additional profile information. These options become visible once you select the dropdown menus in
the next screenshot. Even if no option is selected, you can still proceed to the next stage by clicking on
the "Next" icon since these settings are optional.

Expand the drop-down menu labeled "Role (User: no administration access)" to see a list of available
roles that you can assign to the user. By default, "User (no admin center access)" is selected, which
initially greys out the roles.

6
 Joseph Afeso (MVP|MCT). July 2024

To assign a role to this user, you need to select the second option, "Admin center access." You can
scroll down the list to view other roles that can be assigned to users based on your requirements. To
understand the actions associated with each role, hover your pointer over the "i" icon next to each role.

Scroll down to expand the "Profile info" section and choose any additional details you need to provide
about the user. After selecting the necessary information, click on "Next" to proceed.

7
 Joseph Afeso (MVP|MCT). July 2024

The next page displays a summary of the details you have provided about the user for your review. At
this stage, if you need to make corrections, you can click on "Edit." Otherwise, click on "Finish" to create
the user

The user is created and can now be found in the list of the active user in your tenant so you can click
on close.

8
 Joseph Afeso (MVP|MCT). July 2024

To confirm that the user is now available, click on "Users," then "Active users," and type the username
in the "Search active users" list.

Steps to Create User from Microsoft Entra ID

Microsoft Entra ID (formally Azure Active Directory) allows you to create several types of users in your
tenant, which provides greater flexibility in how you manage your organization's users.

Sign in to Microsoft 365 Admin center (admin.microsoft.com) with at least user administrator account,
click on show all.

Under Admin Centers, click on Identity.

9
 Joseph Afeso (MVP|MCT). July 2024

This will open another Admin Center called the Microsoft Entra Admin Center. Alternatively, you can
directly access the Microsoft Entra ID using the URL https://entra.microsoft.com/.

To create a user from the Microsoft Entra Admin Center, navigate to "Users" > "All users" > "New user"
to create a new internal user or invite an external user to collaborate with your organization.

You will notice a distinct difference in user creation between here and the Microsoft 365 admin center.
In this interface, the password is generated automatically even before the user is fully created. Enter
the User Principal Name (UPN) and the Display Name. If you prefer to manually set the password, you

10
 Joseph Afeso (MVP|MCT). July 2024
can uncheck "Auto-generate password" and enter your desired password. Additionally, there is an
option to create the account as disabled, which can be useful for setting up accounts in advance. Once
you have filled in these details, click "Next" to proceed to the properties

On the properties page, you will find fields to enter details across categories such as Identity, Job
Information, Contact Information, Parental Control, and settings. After entering the required details, click
"Next" to decide whether you would like to assign roles to the user.

Within the scope of this article, we will proceed directly to clicking on "Add role." Administrative units
and groups will be covered in subsequent topics.

11
 Joseph Afeso (MVP|MCT). July 2024

Another important difference between creating users in Microsoft Entra ID and M365 Admin Center is
how roles are presented. In Microsoft Entra ID, roles are arranged alphabetically, with well-spelled-out
descriptions that allow for easy comparison just by looking at the role descriptions. Additionally,
Microsoft Entra ID offers more granular roles compared to M365 Admin Center.

Again, you will find a summary of all the details you provided about the user. If there is a need for
correction, click on "Previous" to make the necessary adjustments. Otherwise, click on "Create" to
proceed with user creation.

12
 Joseph Afeso (MVP|MCT). July 2024

Once the user creation is successful, navigate to "All users," type the username in the search, and you
will see the user appear. Did you notice that "Joseph July," created from the Microsoft 365 Admin
Center, also appears here? This is because the user's identity is managed centrally across platforms.

If you go to the Microsoft 365 Admin Center, you will also see the two users there.

Steps to create a new group In Active Directory (AD)

In a Windows Server enterprise network, there are two types of groups: Security and Distribution. In the
cloud, there are Microsoft 365 Groups, Distribution Lists, Security Groups, Mail-Enabled Security
Groups, and Dynamic Distribution Lists

Creating a group in Active Directory allows you to efficiently manage a set of users, computers,
contacts, and other groups as a unified entity. Groups streamline the process of assigning permissions
and rights across multiple accounts.

13
 Joseph Afeso (MVP|MCT). July 2024
To create a new group in a specific Organizational Unit (OU) in Active Directory:

1. In the Active Directory Administrative Center, locate and navigate to the desired OU.

2. Right-click on the OU, choose "New," and then select "Group."

In the Group dialog box, enter the group’s name and select the group scope and type. Click OK to
create the new group.

Steps to Add a user to a group in Active Directory

To add a user account to a group in an OU in Active Directory:

1. Navigate to Active Directory Users and Computers and locate the OU where the group is
situated.

2. Find and select the group to which you want to add the user.

3. In the right-hand action pane, click on "Members."

4. In the Members section, click "Add."

5. In the "Select Users, Contacts, Computers, Service Accounts, or Groups" dialog box, enter the
name of the user you wish to add to the group, and then click "Check Name."

14
 Joseph Afeso (MVP|MCT). July 2024

The user is now added as a member of the group. Click OK to confirm and close the dialog box.

15
 Joseph Afeso (MVP|MCT). July 2024

You can verify that the user is now a member of the group.

16
 Joseph Afeso (MVP|MCT). July 2024
Groups in Microsoft Cloud (Microsoft 365 & Entra)

In the cloud, Groups allow you to assemble a team for collaboration and easily create a shared collection
of resources. Rather than manually assigning permissions to each resource, adding members to the
group automatically grants them access to the tools your group offers.

Types of groups in Microsoft 365

Microsoft 365 provides a range of Group types designed to enhance team collaboration. Each type
serves a distinct purpose, whether it's managing email conversations, sharing files, or organizing
events. This article explores the different types of Groups available in Microsoft 365 and their specific
uses, helping you choose the most suitable option for your team's collaboration requirements.

Microsoft 365 Groups

These groups are tailored for internal collaboration within your organization. They include a group email
address and a SharePoint site for sharing documents, notes, and meeting agendas. Microsoft 365
Groups are ideal for project management, team communication, and document collaboration. You can
create these groups in various applications such as Microsoft 365 Admin Center, Exchange Admin
Center, and Entra ID. They are accessible via mobile apps like Outlook for iOS and Outlook for
Android.

Group members can send as or send on behalf of the group email address if this has been enabled by
the administrator.

Microsoft 365 Groups support nesting through dynamic groups in Microsoft Entra ID.

Steps to create M365 Group from Microsoft 365 Admin Center

To add a Microsoft 365 group in the M365 admin center (https://admin.microsoft.com), sign in with at
least an Exchange administrator account. Here are the steps:

1. Sign in to the M365 admin center (https://admin.microsoft.com).

2. Expand "Teams & groups."

3. Click on "Active Teams & groups."

4. Click on "Add Microsoft 365 group."

Fill out the name of the group and optionally provide a description (recommended best practice), then
click on "Next."

17
 Joseph Afeso (MVP|MCT). July 2024

At this stage, you add an owner to the group. Group owners have unique permissions, such as adding
or removing members, deleting conversations from the shared inbox, and changing group settings.
They can also rename the group, update the description, and more.

You must have at least one owner, but Microsoft recommends adding two, so one can assist in the
other's absence. Additionally, if you plan to add Microsoft Teams to this group, all owners MUST have
a license that includes Teams.

Click on "Next" to proceed to the option of adding users to the group. While adding owners is mandatory
at the point of creation, adding members is optional at this stage. If the users are not yet created or if
you haven't decided on the members yet, you can simply click "Next" to continue. Otherwise, click on
"Add members" to include members in the group.

18
 Joseph Afeso (MVP|MCT). July 2024

Enter the email address for the Group and choose the privacy setting. Public groups can be joined by
anyone without needing approval from the group owner, and anyone can access the group content.
Private groups, on the other hand, are not open for everyone to join; only group owners can add
members, and only members can access the group content. Note that for role assignment to be
enabled, the group must be private.

NB: To select "Create a team for this group," all owners must have a license that includes Teams.

You will now see a summary of the details you provided for the group. Review these settings to ensure
they are correct. If any changes are needed, click on "Edit." Otherwise, click on "Create group."

19
 Joseph Afeso (MVP|MCT). July 2024

The group is now created. To verify, go to "Active Teams & groups" and search for the group; it should
be listed there.

Heyyyy, the group is now available in the Active Teams & Groups section!

20
 Joseph Afeso (MVP|MCT). July 2024
Steps to create M365 Group from Microsoft Entra ID

Sign in to Microsoft Entra ID (https://entra.microsoft.com) with at least an Exchange administrator

account. Click on "Groups," select "All groups," and then select "New group."

You will observe that the default group type selected is "Security group." To create a Microsoft 365
group, you need to click the drop-down menu next to "Group type" and select "Microsoft 365."

At this stage, you input the name of the group, email address, and the membership type. There are two
membership types: Assigned and Dynamic User.

• For Assigned membership, administrators manually add and remove users or devices to and
from the group.

• For Dynamic User membership, administrators create membership rules to automatically add
and remove members.

21
 Joseph Afeso (MVP|MCT). July 2024

After receiving the "Success message" confirming that the group has been created, navigate to "All
groups" and use the search box to find the group. You will also notice that the group "Joseph July
Group," created from Microsoft 365, appears here as well. This directory is where all groups are
managed.

If you also navigate to the Microsoft 365 Admin Center, you will see both groups listed there as well.

One important distinction is that when creating a group from the Microsoft 365 Admin Center, it's
mandatory to assign at least one owner before proceeding. However, in the Microsoft Entra Admin
Center, assigning an owner upfront is not required. Typically, the admin who creates the group is
automatically assigned as the owner.

22
 Joseph Afeso (MVP|MCT). July 2024

Checking the ownership of "Joseph July," created from Microsoft 365, shows that the assigned owners
are listed without the administrator automatically becoming a member or an owner of the group.

Steps to create M365 Group from Exchange Admin Center

Sign into the Exchange admin center (https://admin.exchange.microsoft.com), with at least an

Exchange administrator account. Click on "Groups" and then select "Add a group."

Select the type of Group. Microsoft 365 group is recommended and selected by default so click on
next.

Type in the name and description of the group and click on Next.

23
 Joseph Afeso (MVP|MCT). July 2024

Here, just as you did in Microsoft 365 Admin center, you must assign at least an owner to move forward.
Remember again that Microsoft recommend that you add at least 2 owners.

Review the owners of the group and click on Next

24
 Joseph Afeso (MVP|MCT). July 2024
You choose if you want to add member also. Remember, group members have access to everything in
the group, including group content like email messages, files, and a shared calendar. By default, group
members can invite guests to join your group, but they can't edit group settings.

Enter Email address of the group and choose the privacy of the group.

The next page show you the summary of the details you have provided about the group and you can
choose to make corrections by clicking on Edit. Otherwise click on “Create Group”.

25
 Joseph Afeso (MVP|MCT). July 2024

Here is a "Success Message" stating that the group has been created so you can click on “Close”.

Go to "Groups" and use the search bar to find the group. You will notice that the group has been
successfully added, and both the group created from M365 Admin Center, Microsoft Entra Admin
Center, and here in Exchange Admin Center are all available.

26
 Joseph Afeso (MVP|MCT). July 2024

Steps to Add members to User Assigned Groups

4. Adding members to Groups in Microsoft 365 Admin Center

Visit the M365 Admin Center (admin.microsoft.com), click on "Teams and groups," then select "Active
teams and groups," and search for the group to which you want to add members.

The group open by default the General page about the group. Click on membership

It automatically displays the owners section. If you need to add more owners, you can proceed to do
that. Otherwise, click on "Members" to add additional members to the group.

27
 Joseph Afeso (MVP|MCT). July 2024

Click on the search bar to view a list of your users. Type the name or email of the user(s) you want to
add to the group, select the user(s), and then click on "Add."

When the members are added successfully, you get the prompt below "X group members added"

We can check the Group for the added members by clicking on the membership of the group

You can also click on owners to get the list of the owners.

28
 Joseph Afeso (MVP|MCT). July 2024

5. Steps to Add members to Groups in Exchange Admin Center

Sign into the exchange admin center, click on Groups, search for the group you want to add members
to from the search bar.

The page defaults to the "General" tab, so click on "Members." From there, click on "View and manage
members." If you need to manage owners of the group, click on the first option to view and manage
owners.

The next page displays the current members of the group and gives you the option to add more. Click
on "Add Members."

29
 Joseph Afeso (MVP|MCT). July 2024

You can select the users you want to add, and the "Add" button will activate for you to add the member.
If the users are not showing up on the list, you can also search for them.

6. Steps to add members to Groups in Microsoft Entra Admin Center

Sign into Microsoft Entra Admin Center (https://entra.microsoft.com/) Select Groups, click on All
groups, search for the group you want to add members to.

The default page that opens is the overview page of the group. Click on "Members," then select the
members you want to add. If the members are not appearing, search for them using the search bar,
select the checkbox next to their names, and click on "Select."

30
 Joseph Afeso (MVP|MCT). July 2024

Distribution Groups

These groups are utilized for broadcasting information and updates to individuals both within and
outside the organization. They are ideal for sharing job updates, organizational changes, or events with
specific customers or employees. You can create these groups in both the Microsoft 365 Admin Center
and Exchange Admin Center.

Steps to create Distribution Group from Microsoft 365 Admin Center

Sign into Microsoft 365 Admin center, click on active teams and groups, select distribution list, select
add a distribution list.

Enter the name of the Group, the description and click Next

Here as well, you must add an owner. Remember, "Group owners have unique permissions to manage
the group. They can add and remove members, change group settings, rename the group, update its
description, and more."

31
 Joseph Afeso (MVP|MCT). July 2024

Click on Next to move adding the members of this group.

If you cannot find the member you want to add in the list, search for the user using the "Search for
name or email address" bar. After selecting the members, click on "Add."

Enter the group email address. If you anticipate external users sending emails to this address, ensure
you check the option "Allow people outside your organization to send email to the distribution group."

32
 Joseph Afeso (MVP|MCT). July 2024

Review the details provided and make correction where necessary. Otherwise, click Create group.

Once you see the "Success message" that the group has been created, you can click on close.

33
 Joseph Afeso (MVP|MCT). July 2024
Steps to create Distribution Group from Exchange Admin Center

Sign into exchange admin center (https://admin.exchange.microsoft.com), click on groups, select

distribution list, click on add a group.

Select distribution group.

Enter the name of the distribution list and the description and close on Next.

34
 Joseph Afeso (MVP|MCT). July 2024
Click on assign owners, choose or search for the owners of the group and click on add.

Click on Next to add the members of the distribution group

Select the members of the group from the list of users or search for the users if they are not appearing
on the list of users and click on add and click on Next.

35
 Joseph Afeso (MVP|MCT). July 2024

Next, provide the email address for the distribution group. Choose "Allow people outside my
organization to send email to this distribution list" if you want it to receive external emails. Select the
group's joining method: Open, Closed, or Owner approval, based on your needs. You can also configure
how members leave the group: whether members can leave on their own, only group owners can
remove members, or if all requests to leave should be automatically declined.

Review the summary of the details you provided and make necessary corrections by clicking on edit.
Otherwise, click on create group to have the group created.

36
 Joseph Afeso (MVP|MCT). July 2024
When you see the success message, the group is created so you can click on close.

Security groups

They are designed to grant access to Microsoft 365 resources and make administration easier. They
can be used to grant access to important company resources like tools, portals, reports, and devices
like printers. Security Groups can be created in Microsoft 365 Admin center and Microsoft Entra Admin
Center.

Steps to create Security Group from Microsoft 365 Admin Center

Sign into Microsoft 365 Admin Center with privilege account, click on Teams & groups, select active
teams and groups, select security groups and click on add a security group.

On the next page, provide the name and the description of the Security Group and click Next.

37
 Joseph Afeso (MVP|MCT). July 2024

In the next pages, you choose whether Azure AD (Entra ID) role can be assigned to the group or not
by checking the box and click on Next.

The next page is a summary of the details of the Security group for your review. Where corrections are
needed, click on Edit, otherwise, click on create group.

38
 Joseph Afeso (MVP|MCT). July 2024

Steps to create Security Group from Microsoft Entra Admin Center

Sign into Microsoft Entra Admin center with a privilege account. Click on groups, click on all groups and
click on new group

On the next page, you will notice that the default group type selected is "Security." Proceed to provide
the group name, description, choose whether Microsoft Entra roles can be assigned to the group, and
decide if the membership type should be assigned or dynamic. You can also assign owners and
members to this group from this page and then click on "Create."

39
 Joseph Afeso (MVP|MCT). July 2024

Click on all groups and search for the group we just created, you would see that we can see all the
groups we have created so far in the Microsoft Entra Admin Center. This will be same experience if we
try to check groups from the Microsoft 365 admin center.

Mail-enabled Security Groups

They function similarly to security groups but also have the ability to send and receive emails to all
members. They are useful for distributing news, promotions, and company updates to your sales team.
Unlike dynamic management from Entra ID, these groups can be created and managed in both the
Microsoft 365 Admin Center and Exchange Admin Center.

Steps to create Mail-enabled Security Group from Microsoft 365 Admin Center

Sign into Microsoft 365 Admin Center (https://admin.microsoft.com/) with a privilege account, click on
group and teams, click on security groups and select add a mail-enabled security group.

40
 Joseph Afeso (MVP|MCT). July 2024
Type in the name of the security group, enter the description and click on Next to add owner (s)

Just as you have seen in the previous steps, there is need to have at least an owner added before we
can proceed. So click on Assign owner and chose the user(s) you want to assign the ownership role.

In the next page, you can choose to add members now or latter

41
 Joseph Afeso (MVP|MCT). July 2024
Provide email address for the group and choose if you will allow external users to send email to the
mail-enabled security group.

Next is to review the details about the group for correction if any. Otherwise, click on create.

42
 Joseph Afeso (MVP|MCT). July 2024
Steps to create Mail-enabled Security Group from Exchange Admin Center

Sign into Exchange Admin Center (https://admin.exchange.microsoft.com) with a privilege account,

click on Groups, click on Mail-enabled security, click on add a group.

On the next page, select Mail-enabled security from the list of the group type and click Next

Type in the name of the group, enter the description and click on Next

At the next stage, assign the group to at least an owner before you can proceed to the next step.

43
 Joseph Afeso (MVP|MCT). July 2024

You now have the option to either add members to the group now or later.

Now it's time to provide an email address for the group and decide whether to allow external users to
send emails to the group. Additionally, choose whether users will require owner approval to join the
group.

44
 Joseph Afeso (MVP|MCT). July 2024

Here's a summary of the group details. You can make amendments if necessary by clicking on "Edit."
Otherwise, proceed to click on "Create Group."

Getting the below "success message" means that the group has been successfully created.

45
 Joseph Afeso (MVP|MCT). July 2024
Reasons to Disable user accounts

Disabling user accounts in whether in Active Directory or cloud environments is a fundamental aspect
of managing security and access control within an organization. Whether it's for new hires who haven't
started, employees on leave, compromised accounts, or other scenarios, this practice helps safeguard
company data, ensure compliance, and maintain a secure and efficient IT infrastructure.

Steps to disable and enable user accounts in Active Directory (On-Prem):

Open the Active Directory Administrative Center, navigate to the OU where the user account is located,
find and select the user account you want to disable. In the right-hand action pane, click on the "TASKS"
dropdown and select "Disable." This will disable the selected user account, preventing any logins using
that account.

These steps can also be followed to reset a user's password and re-enable their account..

Alternatively, to re-enable the accounts from the OU, right-click the disabled accounts, and you will have
the option to reset the password and re-enable the account.

46
 Joseph Afeso (MVP|MCT). July 2024

Steps to disable, Reset Password and re-enable user accounts in the cloud (Microsoft 365 and
Entra ID)

Disable user account from Microsoft 365 Admin Center

Sign into the Microsoft 365 Admin Center with a privileged account, click on Active Users, select the
user you want to disable, and click on Block sign-in.

You will be notified that "Blocking someone prevents anyone from signing in as this user, and is a good
idea when you think their password or username may have been compromised. When you block
someone, it immediately stops any new sign-ins for that account, and if they’re signed in, they’ll be
automatically signed out from all Microsoft services within 60 minutes." Also, note that this won't stop
the account from receiving mail, and doesn't delete any data.

Check the box beside block the user from signing in and click on save changes to confirm your action.

You will get a confirmation that the user is now blocked from signing in and they'll automatically be
signed out of all Microsoft services within 60 minutes.

47
 Joseph Afeso (MVP|MCT). July 2024
Steps to reset password of user from Microsoft 365 Admin Center

You may want to change the user's password before re-enabling the account, especially if it was
compromised. Select the user account, click on Reset Password.

You have the option to either allow the password to be generated automatically or set it manually. You
can also require the user to change their password upon their first sign-in after the account is re-
enabled. If your policy permits, you can choose to communicate the new password to the user via email.

Click on reset

Click on close and proceed to enable the account since the user now has a new password.

48
 Joseph Afeso (MVP|MCT). July 2024
Steps to re-enable user account from Microsoft 365 Admin Center

Having changed the password of the account e.g compromised account follow these steps to re-enable
the account. Come back to the user account and click unblock sign in.

Uncheck the box behind "block this user from signing in" the save changes box will be activated

You may need to allow some minutes before the user will be able to sign in again.

Disable account from Microsoft 365 Admin Center

Sign into Microsoft Entra Admin Center (https://entra.microsoft.com/) with a privilege account, click on
users, All users, select the user of interest

49
 Joseph Afeso (MVP|MCT). July 2024

The user's details come up. In cases of compromised account, it is advisable to revoke all sessions
and click on edit on the account status.

Uncheck the account "Account Enable" box and click on save.

50
 Joseph Afeso (MVP|MCT). July 2024
The account status changes of the user changes to disabled.

Steps to reset user password from Microsoft Entra Admin Center

Click on reset password while the account is you will observe that even with the Global Admin
permission, you cannot rest the passwords. You will get the error "Unfortunately, you cannot reset this
user’s password because you do not have sufficient permissions or their account has been disabled".
Obviously, this is not as a result of permission but because the account is disable”. That is to say that
you cannot rest the password of an account which is in it's disabled state from Microsoft Entra Admin
Center.

Go to the Microsoft 365 Admin Center to confirm that the account is disable and click on Reset
Password.

51
 Joseph Afeso (MVP|MCT). July 2024

Choose whether you would want the password to be generated automatically, also if you require the
user to change their password when they first sign in.

You will discover that even at the disabled state, the password to the account can be changed
successfully from the Microsoft 365 Admin Center. Can you spot a nice difference? You can go ahead
to enable the account from the Microsoft Entra Admin Center.

52
 Joseph Afeso (MVP|MCT). July 2024
Click to Edit the account status

Check the "Enable account" Box and click ok

And the account status should now be active.

References

Microsoft Learn (https://learn.microsoft.com/)

53