Contents
- Understanding the concepts of user identities
- Creating, Configuring and giving a licence to User Identities
- Management of User Creation in Bulk
- Understanding Groups in Azure AD
- Group Management using M365 Admin Centre
- Creating and Managing Groups in Azure AD
- Managing Licences for User Identities in Azure AD
Understanding the concepts of user identities
- The term identity is used for using 1 identity to sign in to multiple accounts (SSO)
- Azure AD is the central directory services store
- Identities can be sync’d from on premise AD
Some people say this is less secure because if a hacker gets your account details they have access to all your different systems. But you can use MFA with the identity login.
Managing Identities
- Azure AD Portal
- M365 admin centre
- On Premise AD with sync using Azure AD Connect
- PowerShell
Licences and Roles
Licences: enables/disables features that your users can utilise
Roles: gives your users rights to perform actions including administrative controls in your environment
Creating, Configuring and giving a licence to User Identities
Azure Method
Create an identity:
- Go to Azure portal -> Azure Active Directory -> Users
- Click Create New
- Fill out their details
- Add to groups or assign roles if you choose
- NOTE: you must specify usage location, otherwise you can’t give them a licence
Assign a licence
- Go to the user in Azure AD
- Go to Licences -> Assignments
- Select the licences for the user and save
M365 Method
- Go to M365 portal -> Users -> Add User
- Enter their details
- Assign the licence (usage location is forced here)
- Add a Role if you choose
Management of User Creation in Bulk
Using the Azure Portal Web interface
- – go to Azure Portal -> All users
- – Click on “Bulk Operations” -> Bulk Create
- – This lets you download a CSV template you can use to create the users
- – Edit your template with the new users and then upload the file
- – this will create a “job” to create the users
Understanding Groups in Azure AD
Types of groups
- Office 365 (Creates Team collaboration including email group)
- Distribution Groups (Email only group)
- Mail-enabled Security group (Security group with email)
- Security (access to resources only)
Assigned Vs Dynamic Groups
- Assigned groups are static. You manually assign objects
- Dynamic groups allows Azure to be queried based upon an attribute tied to an identity. Membership is based on the attributes. EG: if in the marketing dept add them to the Marketing group
Group Management using M365 Admin Centre
Creating Groups
- Go to M365 Admin portal
- Click on ‘Groups -> Active Groups -> New Group’
- Select the Group Type
- Give it a name
- Set the group owners
- Set the Group email address
- Choose the privacy settings (Private, public etc…)
- Click Create
Creating and Managing Groups in Azure AD
Creating a group
- Go Azure Portal ->Azure AD ->Groups ->New Group
- Select the Group Type
- Give it a name and description
- Select whether you can assign Azure AD roles to this group
- Select the membership type:
- Assigned: static group where you assign people
- Dynamic: this allows you to add a query to associate members to groups based on attributes. Eg: if they are in Sales dept add them to this group
Managing Licences for User Identities in Azure AD
- Go to Azure AD -> Users -> pick a user
- Click on Licences
- From here you can manage the licences for that user
NOTE: for users to get a licence they must have a usage location selected
