Exercise 2 – creating users and groups in Azure AD
This section will look at creating users and groups for Azure AD using the Azure portal. You can use an existing Azure AD instance to perform this exercise if you wish.
In the following sub-sections, you can see the procedure to complete the exercise, segregated into tasks for a better understanding:
Task – accessing the Azure portal
- Log in to the Azure portal: https://portal.azure.com. You can alternatively use the Azure desktop app: https://portal.azure.com/App/Download.
Task – creating a new user
- In the search bar, type in users. Click Users from the results list.
- In the Users blade, click + New user on the top toolbar.
- On the New user page, ensure the Create user option is selected.
- Set the Identity settings as follows:
- User name: Enter a name. This will be the username for the user to sign in with (this will form their UPN). If you have added custom domain names to Azure AD, these will appear here in the dropdown; select the domain name you wish to give the user to sign in with.
- Name: Set as required. This is a descriptive name for the user.
- First name and Last name: Optional.
- For the Password settings, select as required.
- For the Groups and Roles setting, select as required.
- For the Block sign-in setting, leave it at the default setting.
- For the Usage location setting, set the location of the user as required.
- For the Job Info setting, enter as required or leave at the default setting.
- Click Create.
You will receive a notification that the user was successfully created.
12. You will now see the user listed in the Users blade; the User principal name column is what the user will enter to sign in.
Task – creating a new guest (B2B) user
- In the search bar, type in users. Click Users from the results list.
- In the Users blade, click + New guest user on the top toolbar.
- On the New user page, ensure the Invite user option is selected.
- Set the Identity settings as follows:
• Name: Set as required. This is a descriptive name for the user.
• Email address: Set as required. This will be where the invite is sent and must be associated with a Microsoft account to allow access.
• First name and Last name: Optional.
- For the Personal message setting, select as required.
- For the Groups and Roles setting, select as required.
- For the Block sign-in setting, leave it at the default setting.
- For the Usage location setting, set the location of the user as required.
- For the Job Info setting, enter as required or leave at the default setting.
- Click Invite.
You will receive a notification that the user was successfully invited.
- You will now see the user listed in the Users blade; the User principal name column is what the user will enter to sign in.
- The invited guest user will now receive an email to accept the invitation.
- The invited guest user will sign in with the Microsoft AD tenant associated with the email address.
Task – creating a group and adding a user
- In the search bar, type in groups. Click Groups from the results list.
- In the Groups blade, click + New Group on the top toolbar.
- Select the group type as required. Leave as the default of Security for this exercise.
- Enter a group name as required.
- Enter a group description as required.
- Set an Azure AD roles assignment as required. Leave as the default of No for this exercise.
- Select the membership type as required. Leave as the default of Assigned for this exercise.
- Set Owners as required. Leave as the default of No owners selected for this exercise.
- Set Members as required. Select the created new user from the previous task for this exercise.
- Click Create.
You will receive a notification that the group was successfully created.
- You will now see the group listed in the Groups blade.
- Click the group you created. From the Overview screen, you will see the number of users in this group.
- Click Members from the Manage section on the left navigation toolbar of the group screen.
- From the Members page for the group, you will see the users added to this group. You can remove users from the top toolbar and perform bulk operations.
In this exercise, we successfully created a new user and a new guest user in Azure AD, and then created a new group and added a user.
This section covered hands-on exercises. The following section provides a summary of this chapter.