Introduction
As part of my journey to becoming an Azure Administrator, I recently completed Lab 01 - Manage Microsoft Entra ID Identities from the AZ-104 certification series. This lab provided hands-on experience with creating and managing users and groups in Microsoft Entra ID (formerly Azure AD). Below, I document my learnings, key takeaways, and insights from this lab.
Lab Overview
This lab focused on understanding and implementing identity management in Azure, particularly by provisioning users and groups efficiently. The scenario revolved around an organization hiring engineers to manage a pre-production lab environment, requiring appropriate identity provisioning for seamless authentication.
Skills Practiced:
- Creating and configuring user accounts
- Creating security groups and managing membership
- Understanding static vs. dynamic group membership
- Managing guest users in Microsoft Entra ID
Task 1: Creating and Configuring User Accounts
Users are central to identity management, and Azure provides a simple yet powerful way to manage them. Hereβs what I did:
- Signed into the Azure portal (https://portal.azure.com)
- Navigated to Microsoft Entra ID
- Created a new user with these settings:
- User principal name: az104-user1
- Display name: az104-user1
- Job Title: IT Lab Administrator
- Department: IT
- Usage location: United States
- Enabled auto-generated password
- Invited an external user (guest) to the directory
π Insight: Guest users are useful when working with external partners or contractors, allowing them limited access while maintaining security.
Other Ways to Bulk Create Users
π Insight: It is unlikely you will be creating user accounts individually. The main ways to bulk create users include:
Bulk operations in Azure AD portal:
- Use the "Bulk create users" feature in the Azure Active Directory admin center
- Upload a CSV file with user information
Azure PowerShell Scripting:
- Use New-AzureADUser and PowerShell scripts to automate user creation
Azure CLI:
- Use az ad user create commands to provision users programmatically
Microsoft Graph API:
- Automate user provisioning with REST API calls
Task 2: Creating and Managing Groups
- Groups help in organizing users and managing access control efficiently.
- Created a Security Group: IT Lab Administrators
- Assigned membership type: Assigned (Static)
- Added the newly created user and the invited external user
- Assigned myself as the group owner
π Insight: While static groups require manual updates, dynamic groups automatically update based on attributes like job title. However, this feature requires Microsoft Entra ID P1 or P2 licensing.
Key Learnings
- Understanding Tenants: A tenant is a unique instance of Microsoft Entra ID, allowing organizations to manage internal and external user identities securely.
- User vs. Guest Accounts: Internal users have full organizational access, whereas guest users have limited permissions.
- Group Management: Groups simplify access control by managing permissions at the group level instead of individual users.
- Static vs. Dynamic Membership:
- Static Groups: Members added manually.
- Dynamic Groups: Membership updates automatically based on user properties (requires premium licensing i.e Microsoft Entra ID P1 or P2 licensing).
Pop Quiz: Validate Your Learning!
Test yourself with these Yes or No questions:
https://1suleyman.github.io/az-104-lab-1-quiz/
Conclusion
Completing this lab reinforced my understanding of Microsoft Entra ID, particularly in managing users and groups. The hands-on approach helped bridge the gap between theory and real-world implementation.
Stay tuned for my next blog post on Lab 02a - Manage Subscriptions and RBAC!
π Follow my journey as I dive deeper into Azure Administration!
Top comments (0)