Create, configure, and manage users

How do you view users?

To view the Microsoft Entra users, select the Users entry under Identity - then open the All Users view.

Cloud identities

These users exist only in Microsoft Entra ID. Example are administrator accounts and users that you mange yourself. Their source is Microsoft Intra ID or External Microsoft Entra directory if the user is defined in another Microsoft Entra instance but needs access to subscription resources controlled by this directory.

Directory-synchronized identities

These users exist in an on-premises Active Directory. Their source is Windows Server AD.

Guest Users

These users exist outside Azure. Their source is Invited User.

How do you create an user?

In left navigation, under Users, then All Users

Selects users → New user and Create new user

How do you create a security group?

In left navigation, under Identity, select Groups and then All groups

In the Groups screen, on the menu, select New Group

How long do deleted user accounts remain in a suspended state?

30 days

Which Roles do you need to restore or permanently delete users?

Global Administrator

Partner Tier-1 Support (P1)

Partner Tier-2 Support (P2)

User administrator

What are the two groups types Microsoft Entra ID allows you to define?

Security Groups

Microsoft 365 Groups

Security Groups

The most common type of groups and are used to manage member and computer access to shared resources for a group of users. For example, you can create a security group for a specific security policy. By doing it this way, you can give a set of permissions to all the members at once, instead of having to add permissions to each member individually. This option requires a Microsoft Entra administrator.

Microsoft 365 Groups

Provide collaboration opportunities by giving members access to a shared mailbox, calendar, files, SharePoint site, and more. This option also lets you give people outside of your organization access to the group. This option is available to users as well as admins

Which role do you need to create a security group for a specific security policy?

Microsoft Entra Administrator

Which role do you need to give people outside of your organization access to groups?

All users can do this as well as admins.

How do you view all groups?

Go to Identity in the Microsoft Entra admin center and then click on Groups.

Membership Type

This specifies how individual members are added to the group. Two types: Assigned and Dynamic

Assigned

Members are added and maintained manually

Dynamic

Members are added based on rules, creating a Dynamic Group.

Dynamic Groups

Membership is generated by a formula each time the group is used. A dynamic group includes any recipient in Active Directory with attribute values that match its filter.

What does MDM stand for?

Mobile Device Management. Example: Microsoft Intune

Microsoft Entra registered devices

The goal of Microsoft Entra registered devices to provide your users with support for the BYOD or mobile device scenarios

Microsoft Entra joined devices

Microsoft Entra joined is intended for organizations that want to be cloud-first or cloud-only. Microsoft Entra joined enables access to both cloud and on-premises apps and resources

Scenarios for joined devices

• You want to transition to cloud-based infrastructure using Microsoft Entra ID and MDM like Intune.

• You can’t use an on-premises domain join, for example, if you need to get mobile devices such as tablets and phones under control.

• Your users primarily need to access Microsoft 365 or other SaaS apps integrated with Microsoft Entra ID.

• You want to manage a group of users in Microsoft Entra ID instead of in Active Directory. This scenario can apply, for example, to seasonal workers, contractors, or students.

• You want to provide joining capabilities to workers in remote branch offices with limited on-premises infrastructure.

The goal of Microsoft Entra joined devices is to simplify:

• Windows deployments of work-owned devices

• Access to organizational apps and resources from any Windows device

• Cloud-based management of work-owned devices

• Users to sign in to their devices with their Microsoft Entra ID or synced Active Directory work or school accounts.

Hybrid Microsoft Entra joined devices

Joined to on-premises AD and Microsoft Entra ID requiring organizational account to sign in to the device

Device Writeback

Device writeback helps you to keep a track of devices registered with Microsoft Entra ID in AD. You will have a copy of the device objects in the container "Registered Devices"

You can assign one or more product licenses to a group. True or false?

True

Licenses are assigned to all members of a group. True or false?

True

Which licenses to you need for group-based licensing?

Microsoft Entra ID Premium 1 (P1) or greater

Office 365 Enterprises E3 or greater

For groups assigned a license, you must also have a license for each unique member. True or false?

True

What is a custom security attribute?

Custom security attributes are business-specific attributes (key-value pairs) that you can define and assign to Microsoft Entra objects.

What is SCIM

System for Cross-Domain Identity Management

System for Cross Domian Identity Management (SCIM)

Is an open standard protocol for automating the exchange of user identity information between identity domains and IT systems.