Technical requirements- Managing Azure Active Directory Objects-1

This first chapter of this book is focused on learning how to manage Azure Active Directory (Azure AD) objects. In this chapter, you will learn how to create and manage users and groups within Azure AD, including user and group properties. Additionally, we will look at Azure AD’s administrative units (AUs) and discover how to create them alongside managing device settings and performing bulk user updates. You will also learn how to manage guest accounts within Azure AD, configure Azure AD join, and configure Self-Service Password Reset (SSPR).

In brief, in this chapter, the following topics will be covered:

  • Creating Azure AD users and groups
  • Creating AUs
  • Managing user and group properties
  • Managing device settings
  • Performing bulk user updates
  • Managing guest accounts
  • Configuring Azure AD join
  • Configuring SSPR

Technical requirements

In order to follow along with the hands-on exercises, you will need access to an Azure AD as a global administrator. If you do not have access to this, students can enroll for a free account at https://azure.microsoft.com/en-in/free/.

An Azure AD Premium P1 license is also required for some of the sections. Luckily, there is also a free one-month trial for students at https://azure.microsoft.com/en-us/trial/get-started-active-directory/.

Creating Azure AD users and groups

Azure AD offers a directory and identity management solution within the cloud. It offers traditional username and password identity management, alongside roles and permissions management. On top of that, it offers more enterprise-grade solutions, such as Multi-Factor Authentication (MFA) and application monitoring, solution monitoring, and alerting.

Azure AD can easily be integrated with your on-premises Active Directory to create a hybrid infrastructure.

Azure AD offers the following pricing plans:

  • Free: This offers the most basic features, such as support for single sign-on (SSO) across Azure, Microsoft 365, and other popular SaaS applications, Azure Business-to-Business (B2B) for external users, support for Azure AD Connect synchronization, self-service password change, user and group management, and standard security reports.
  • Office 365 Apps: Specific Office 365 subscriptions also provide some functionality such as user and group management, cloud authentication, including pass-through authentication, password hash synchronization, seamless SSO, and more.
  • Premium P1: This offers advanced reporting, MFA, conditional access, Mobile Device Management (MDM) auto-enrollment, Azure AD Connect Health, advanced administration such as dynamic groups, self-service group management, and Microsoft Identity Manager.
  • Premium P2: In addition to the Free and Premium P1 features, the Premium P2 license includes Azure AD Identity Protection, Privileged Identity Management, access reviews, and Entitlement Management.

Note

For a detailed overview of the different Azure AD licenses and all the features that are offered in each plan, you can refer to https://www.microsoft.com/nl-nl/security/business/identity-access-management/azure-ad-pricing?rtc=1&market=nl.

Creating users in Azure AD

We will begin by creating a couple of users in our Azure AD tenant from the Azure portal. To do this, perform the following steps:

  1. Navigate to the Azure portal by opening a web browser and browsing to https://portal.azure.com.
  2. In the left-hand menu, select Azure Active Directory.
  3. Under the Manage blade of Azure AD in the left-hand menu, select Users | All users. Then, select the + New user option from the top-level menu, as follows:

 Figure 1.1 – The Azure AD Users bladeFigure 1.1 – The Azure AD Users blade

  • We are going to create three users. Add these values that are shown in the following screenshot:
    • Name: PacktUser1.
    • User name: The username is the identifier that the user enters to sign in to Azure AD. Select your domain name, which has been configured, and add this to the end of the username. The default is usually an onmicrosoft.com domain, but in my case, I have assigned a custom domain name, called safezone.fun. In the First name section, I have chosen Packt, and in the Last name section, I have added User1. Therefore, the User name value, in my case, will be [email protected]:

Leave a Reply

Your email address will not be published. Required fields are marked *