Configuring Identities

Learn how to configure identities in Microsoft Entra ID.

We'll cover the following

Microsoft Entra ID simplifies creating and managing user accounts, groups, and applications. With Microsoft Entra ID, organizations can easily create users, assign them to groups or roles, and manage their access.

Users

Creating new users in Microsoft Entra ID involves entering basic information such as name and email address. After adding the user’s details, assigning them to specific roles or enabling additional features like multi-factor authentication (MFA) is possible. Additionally, organizations can provision users from other systems like HR databases for large-scale user onboarding needs.

There are two types of users:

  • Member users: The users with an account in the directory’s home tenantA tenant refers to a container for the entities of an organization in Microsoft Entra ID, which is provided to the organization when it signs up with Microsoft Azure. are member users. They can read almost all directory information and access most resources in the directory.

  • Guest users: The users invited from another organization are guest users. They have restricted directory permissions and can only access resources they have been explicitly granted access to.

Securing users in Microsoft Entra ID is essential to protecting an organization’s digital assets and data. Microsoft Entra ID provides an easy way to manage user authentication and authorization within a single, unified platform. Users can be protected by various means, such as MFA, encryption, secure network traffic, password protection, and identity protection.

Follow the steps below to create a user:

  • Navigate to the Microsoft Entra ID dashboard and click the “Users” option under the “Manage” section.

  • Click the “New user” option and then “Create a new user” option from the drop-down list:

  • In the “Basics” tab, fill in the details.

  • Click the “Review + Create” tab and click the “Create” button.

Press + to interact
Users tab in the sidebar
Users tab in the sidebar
1 of 4

We can change the type of user from the “Properties” tab in the “Create new user” process.

Press + to interact
Type of user
Type of user

Groups

To create a group in Microsoft Entra ID, administrators must enter a descriptive name for the group. We can create two types of groups: Security and Microsoft 365.

  • Security groups are used when we need to manage access control and assign permissions to group members. Group members can be users, devices, service principals, or even other groups.

  • Microsoft 365 groups are used when users need to communicate and collaborate while using a resource. The resources can include a shared mailbox, calendar, SharePoint site, etc. Group members can only include users.

Follow the steps below to create a security group:

  • Click the “Groups” option under the “Manage” section in the Microsoft Entra ID dashboard.

  • Click the “New group” tab.

  • Select “Security” from the “Group type” drop-down list and give the group a name.

  • Click the “Create” button.

Press + to interact
Groups tab in the sidebar
Groups tab in the sidebar
1 of 3

Follow the steps given below to add the user that we created in this group:

  • Click “New group” and navigate to the “Members” page from the sidebar.

  • Click the “Add members” option.

  • Search and select New User and click the “Select” button. This will take us back to the “Members” page, where we can see the “New User” as a group member.

Press + to interact
Groups menu
Groups menu
1 of 4

Groups enable organizations to manage users and provide access rights to shared resources. They allow admins to easily apply security policies across an entire organization or specific subsets without manually managing identities and access rights. If the admin has to provide the same roles to all the users in a specific team, the admin can just add all the team members in a single group and assign roles to that group. All the users in the group will automatically inherit the role.

Benefits

Groups provide several benefits:

  • First, they streamline user management by allowing a single set of rules for multiple users or roles. This eliminates manual processes for granting permissions and reduces the risk of errors in assigning access rights.

  • Second, they make it easy to control who can access sensitive data or applications within your organization’s environment.

  • Finally, groups are highly scalable and can accommodate thousands of users as needed for large enterprise organizations with complex needs.

Securing groups is essential to ensure the security of a company’s Microsoft Entra ID environment. One way to do this is by taking advantage of the built-in roles and permissions provided with Microsoft Entra ID. These roles allow administrators to assign different access levels for users or groups, allowing for more granular control over data access and security. Additionally, it is essential to have an effective group policy structure in place to ensure that all users are assigned the correct level of access based on their job roles and responsibilities.

Microsoft Entra External ID

Microsoft External identities (IDs) are an essential part of Microsoft Entra ID. Organizations can use external ID to authenticate and authorize access to cloud services, such as Office 365, Dynamics 365, and Microsoft Intune. Organizations should consider using external IDs when providing access to applications or services outside the organization’s network. This allows users to access these applications or services securely without logging in with a different account than their corporate credentials.

Follow the steps given below to create an external user with Microsft Entra External IDs.

  1. In the Microsoft Entra ID dashboard, click the “External identities” option under the “Manage” section.

  2. Scroll down and click the “Invite guest users” button.

  3. Click the “New user” option and click the “Invite external user” option from the drop-down list.

  4. Type the external user’s email address and click the “Review + invite” button.

  5. Click the “Invite” button.

Press + to interact
Microsoft Entra ID overview
Microsoft Entra ID overview
1 of 5

Benefits

External IDs offer the following benefits:

  • External IDs provide improved security. They allow organizations to authenticate users without storing their credentials within their environment, which can help protect against data breaches and other threats. They are designed to be more secure than traditional authentication methods like username/password combinations, improving the overall security of an organization’s IT infrastructure.

  • They provide an enhanced user experience. By leveraging existing identity providers like Facebook or Google, organizations can enable users to sign into their applications with a single click rather than needing to authenticate each time they access an application or service.

  • Lastly, external ID solutions provide organizations with advanced options for managing user access rights across their IT systems and services.