Cloud identity management sits at the center of modern IT operations. Whether you are managing a startup environment or a large enterprise infrastructure, controlling who has access to cloud resources is vital. In Microsoft Azure, this responsibility is handled through Microsoft Entra ID.
In this hands-on guide, you’ll learn how to create users, assign administrative privileges, and apply the principle of least privilege by removing elevated permissions when they are no longer needed. These are foundational tasks every Azure cloud administrator should understand.
By the end of this walkthrough, you will know how to:
- Create users in Azure Entra ID
- Sign in with newly created accounts
- Assign the Global Administrator role
- Delegate administrative tasks securely
- Revoke elevated access after task completion
What is Microsoft Entra ID?
Microsoft Entra ID is Microsoft’s cloud-based identity and access management service. It allows organizations to manage users, authentication, permissions, and secure access to applications and cloud resources.
Today, Entra ID plays a major role in:
Identity governance
Zero Trust security models
Multi-factor authentication (MFA)
Role-based access control (RBAC)
Single Sign-On (SSO)
Organizations use Entra ID to ensure that only authorized users can access critical systems and data.
Prerequisites
Before starting this hands-on lab, ensure you have:
- An active Microsoft Azure subscription
- Access to the Microsoft Azure Portal
- A user account with Global Administrator privileges
- Permission to create and manage users
Step 1: Create a New User in Azure Entra ID
Every employee, administrator, developer, or service account in Azure needs an identity. User creation is one of the most common administrative tasks in any cloud environment.
Sign in to the Azure Portal
Search for and open Microsoft Entra ID
- Click on ADD, select Users and select Create New User
- A window with a form to fill in unique information for your user opens
user principal name:ricky.george@xxxxxxx
Display Name: Ricky George
Password: xxxxxxxxx (uncheck the auto-generate option to enter your password)
- Click on Next: properties
First Name: Ricky
Last Name: George
User type: Member
Click Next >> Next: Review + Create >>
Click Create
Back to Entra ID, on the left pane, select Manage >> User
Step 2: Sign In with the Newly Created User Account
Now that the account exists, the next step is testing access by signing in. In real-world environments, administrators often validate accounts before handing them over to employees or team members.
Open a private/incognito browser window
Navigate to the Microsoft Azure Portal
Sign in using the new credentials
Change the password if prompted
At this stage, the new user has very limited permissions.
If the user attempts administrative actions, Azure will deny access because no elevated role has been assigned yet.
This demonstrates Azure’s default security posture: users receive only minimal access until roles are explicitly assigned to them.
Step 3: Grant the User Global Administrator Access
Next, you will elevate the user’s privileges by assigning the Global Administrator role. The Global Administrator role is the highest privileged role in Entra ID.
A Global Administrator can:
- Manage all users
- Reset passwords
- Assign roles
- Configure security settings
- Manage subscriptions and services
Because of its power, organizations should grant this role carefully and temporarily whenever possible.
Sign back in using your original administrator account
Open Microsoft Entra ID >> Manage >> Users
Select the User we have just created (Ricky George)
Under the user, in the left pane, select Assign Roles
- Click on Add assignments
Search for Global Administrator and select the role.
Click ADD at the bottom to apply the role to the selected User.
Step 4: Create Another User Using the Newly Promoted Account
Using the newly promoted Global Administrator account, create another user.
While signed in as the promoted administrator
Open Microsoft Entra ID >> Manage
Navigate to ADD >> Users >> Create new Users
- Fill out the necessary information for a new user and click Create.
This confirms the promoted account has administrative privileges.
Step 5: Revoke Global Administrator Access from the First User
Once the administrative task is complete, remove elevated privileges.
One of the biggest security risks in cloud environments is excessive privileged access.
Leaving Global Administrator rights permanently assigned can increase exposure to:
a. Credential theft
b. Insider threats
c. Accidental misconfigurations
d. Unauthorized access
Sign in using your original administrator account
Open Microsoft Entra ID
Navigate to Manage >> Users >> select the New User account
On the left pane, select Assign Roles. You will see the assigned role to the User. Select the Global Administrator Role, then click Remove Assignment.
Sign back in using the first user account. Try accessing administrative settings again. You should notice that administrative capabilities are no longer available.
This confirms the role removal was successful.
Closing Thoughts
Managing identities and permissions is one of the most important responsibilities in cloud administration. In this hands-on, we have learned how to:
- Create users in Azure Entra ID
- Test account access
- Assign Global Administrator privileges
- Delegate administrative tasks
- Revoke elevated permissions securely
These tasks mirror real-world identity management workflows used across enterprise Azure environments today.
Top comments (0)