Scribd
Upload
4 views

Azure Basics 4

The document outlines the management of users and groups in Microsoft Entra, highlighting features such as named locations, authentication methods, and multi-factor authentication. It details user creation, dynamic membership, and group types, emphasizing the benefits of simplified management and enhanced security. Additionally, it covers licensing requirements, device management, and key considerations for effective user and group management within the platform.

Uploaded by

Mahmud Rayhan Shajib
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
4 views

Azure Basics 4

The document outlines the management of users and groups in Microsoft Entra, highlighting features such as named locations, authentication methods, and multi-factor authentication. It details user creation, dynamic membership, and group types, emphasizing the benefits of simplified management and enhanced security. Additionally, it covers licensing requirements, device management, and key considerations for effective user and group management within the platform.

Uploaded by

Mahmud Rayhan Shajib
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Named locations – If we readily identify safe locations like cities where headquarters and

branch offices are located, we can create named locations and allow these under conditional
access policies.
● Authentication methods – We can enable additional authentication methods like
FIDO2
Security Key/ Microsoft Authenticator
● Multi-Factor Authentication (MFA) – We can configure MFA and add multi-
factored
authentication. Please note that this setting is outside of the Azure portal and a link will take
out to the GUI. The sample screen looks like this.
Managing Microsoft Entra Users and Groups
Microsoft Entra provides robust tools for managing users and groups, which are
essential
for maintaining access, collaboration, and security within your organization. Here are
some key points about managing users and groups in Microsoft Entra:
Users
● Creation and Management: You can create individual users and manage
their access
to resources. This includes assigning roles, permissions, and licenses.
● Dynamic Membership: Users can be automatically added or removed from
groups
based on specific attributes, making it easier to manage large numbers of users.
Groups
➔ Types of Groups: There are two main types of groups in
Microsoft Entra:
◆ Security Groups: Used to manage user and computer access to shared
resources. Members can include users, devices, service principals, and other
groups.
◆ Microsoft 365 Groups: Provide collaboration features like shared mailboxes,
calendars, and files. These groups can include only users.
➔ Group Membership: Groups can have assigned membership, where specific
users
are added manually, or dynamic membership, where users are added based on rules.
➔ Access Management: Groups can be used to assign access to applications,
data, and
resources, simplifying the management of permissions.
Benefits
Simplified Management: Using groups to manage access and permissions
reduces the
complexity of managing individual user permissions.
--Back to Index-- 18
Enhanced Security: By applying the principle of least privilege, you can limit
access to
only those who need it, reducing the risk of security breaches.
Microsoft Entra primary methods to manage them:
1. Microsoft Entra Admin Center
● Creating a User:
1. Navigate to "Users" > "All users."
2. Click "New user."
3. Fill in the required information, such as display name, user name, and
password.
4. Assign necessary licenses and roles.
● Managing Groups:
1. Navigate to "Groups" > "All groups."
2. Click "New group."
3. Choose the group type (security group or Microsoft 365 group).
4. Provide a group name and description.
5. Add members to the group.
2. Microsoft Entra PowerShell
Creating a User:
PowerShell
Connect-AzureAD
New-AzureADUser -DisplayName "John Doe" -UserPrincipalName
"[email protected]" -Password "Password123!"
● Use code with caution
Creating a Group:
PowerShell
Connect-AzureAD
New-AzureADGroup -DisplayName "Marketing Team" -SecurityEnabled $true
● Use code with caution.
3. Microsoft Graph API
--Back to Index-- 19
You can use the Microsoft Graph API to programmatically manage users and groups.
This
is particularly useful for automation and integration with other systems.
Key Considerations for Effective User and Group
Management:
➔ User Provisioning:
◆ Manual Provisioning: Create users manually in the Microsoft Entra admin center.
◆ Automated Provisioning: Use tools like Microsoft Identity Manager (MIM) or
Microsoft
Entra Connect to automate user provisioning from on-premises Active Directory.
➔ Group Management:
◆ Dynamic Groups: Create groups based on specific criteria, such as attributes or
claims, to automate membership.
◆ Nested Groups: Organize groups into a hierarchical structure for better
management and access control.
➔ Role-Based Access Control (RBAC):
◆ Assign appropriate roles to users and groups to control access to resources and
applications.
◆ Use built-in roles or create custom roles to tailor permissions.
➔ Password Policies:
◆ Enforce strong password policies to enhance security.
◆ Configure password expiration, complexity requirements, and lockout policies.
➔ Multi-Factor Authentication (MFA):
◆ Require MFA for additional security.
◆ Configure MFA policies to enforce them for specific users or groups.
➔ Single Sign-On (SSO):
◆ Enable SSO for seamless access to applications.
◆ Configure SSO for both cloud-based and on-premises applications.
You can ensure secure and efficient access to your organization's resources by
effectively
managing users and groups in Microsoft Entra ID.
For more information, please refer to this → How to manage groups - Microsoft Entra
--Back to Index-- 20
Manage Licenses in Microsoft Entra ID
Microsoft Entra ID services require you to license each of your users or
groups for that service.
Only users with active licenses will be able to access and use the licensed
Microsoft Entra ID
services for which that's true. Licenses apply to Tenants but are not
transferable to other
Tenants.
There are several license plans available for the Microsoft Entra ID service,
including Microsoft
Entra ID Free, Microsoft Entra ID Premium P1 and Premium P2 plans.
You must have one of the following licenses for every user who benefits from
group-based
licensing:
● Paid or trial subscription for Microsoft Entra ID Premium P1 and above
● Paid or trial edition of Microsoft 365 Business Premium or Office 365
Enterprise E3 or
Office 365 A3 or Office 365 GCC G3 or Office 365 E3 for GCCH or Office 365
E3 for DOD
and above
Managing the device settings and identity
Microsoft Entra ID provides a central place to manage device identities and
monitor related event
information.
You can access the devices overview by completing these steps:
1. Sign in to the Azure portal.
2. Go to Microsoft Entra ID > Devices.
(Source: Microsoft Documentation)
We can manage device identities by using the Azure portal. As an
administrator, you can control
the process of registering and joining devices by configuring the following
device settings.
You must be assigned one of the following roles to view/manage device
settings in the Azure
portal: Global Administrator, Cloud Device Administrator, Global Reader and
Directory Reader
--Back to Index-- 21
(Source: Microsoft Documentation)
Microsoft Entra Pricing

You might also like