Mastering Azure Entra ID: A Hands-On Guide to User Management and Privileged Roles

daniel ugot — Thu, 28 May 2026 00:13:29 +0000

Cloud identity management sits at the center of modern IT operations. Whether you are managing a startup environment or a large enterprise infrastructure, controlling who has access to cloud resources is vital. In Microsoft Azure, this responsibility is handled through Microsoft Entra ID.

In this hands-on guide, you’ll learn how to create users, assign administrative privileges, and apply the principle of least privilege by removing elevated permissions when they are no longer needed. These are foundational tasks every Azure cloud administrator should understand.

By the end of this walkthrough, you will know how to:

Create users in Azure Entra ID
Sign in with newly created accounts
Assign the Global Administrator role
Delegate administrative tasks securely
Revoke elevated access after task completion

What is Microsoft Entra ID?

Microsoft Entra ID is Microsoft’s cloud-based identity and access management service. It allows organizations to manage users, authentication, permissions, and secure access to applications and cloud resources.

Today, Entra ID plays a major role in:

Identity governance
Zero Trust security models
Multi-factor authentication (MFA)
Role-based access control (RBAC)
Single Sign-On (SSO)

Organizations use Entra ID to ensure that only authorized users can access critical systems and data.

Prerequisites

Before starting this hands-on lab, ensure you have:

An active Microsoft Azure subscription
Access to the Microsoft Azure Portal
A user account with Global Administrator privileges
Permission to create and manage users

Step 1: Create a New User in Azure Entra ID

Every employee, administrator, developer, or service account in Azure needs an identity. User creation is one of the most common administrative tasks in any cloud environment.

Sign in to the Azure Portal
Search for and open Microsoft Entra ID

Click on ADD, select Users and select Create New User

A window with a form to fill in unique information for your user opens

user principal name:ricky.george@xxxxxxx
Display Name: Ricky George
Password: xxxxxxxxx (uncheck the auto-generate option to enter your password)

Click on Next: properties

First Name: Ricky
Last Name: George
User type: Member

Click Next >> Next: Review + Create >>
Click Create
Back to Entra ID, on the left pane, select Manage >> User

Step 2: Sign In with the Newly Created User Account

Now that the account exists, the next step is testing access by signing in. In real-world environments, administrators often validate accounts before handing them over to employees or team members.

Open a private/incognito browser window
Navigate to the Microsoft Azure Portal
Sign in using the new credentials
Change the password if prompted

At this stage, the new user has very limited permissions.

If the user attempts administrative actions, Azure will deny access because no elevated role has been assigned yet.

This demonstrates Azure’s default security posture: users receive only minimal access until roles are explicitly assigned to them.

Step 3: Grant the User Global Administrator Access

Next, you will elevate the user’s privileges by assigning the Global Administrator role. The Global Administrator role is the highest privileged role in Entra ID.

A Global Administrator can:

Manage all users
Reset passwords
Assign roles
Configure security settings
Manage subscriptions and services

Because of its power, organizations should grant this role carefully and temporarily whenever possible.

Sign back in using your original administrator account
Open Microsoft Entra ID >> Manage >> Users
Select the User we have just created (Ricky George)
Under the user, in the left pane, select Assign Roles

Click on Add assignments

Search for Global Administrator and select the role.
Click ADD at the bottom to apply the role to the selected User.

Step 4: Create Another User Using the Newly Promoted Account

Using the newly promoted Global Administrator account, create another user.

While signed in as the promoted administrator
Open Microsoft Entra ID >> Manage
Navigate to ADD >> Users >> Create new Users

Fill out the necessary information for a new user and click Create.

This confirms the promoted account has administrative privileges.

Step 5: Revoke Global Administrator Access from the First User

Once the administrative task is complete, remove elevated privileges.
One of the biggest security risks in cloud environments is excessive privileged access.

Leaving Global Administrator rights permanently assigned can increase exposure to:

a. Credential theft
b. Insider threats
c. Accidental misconfigurations
d. Unauthorized access

Sign in using your original administrator account
Open Microsoft Entra ID
Navigate to Manage >> Users >> select the New User account
On the left pane, select Assign Roles. You will see the assigned role to the User. Select the Global Administrator Role, then click Remove Assignment.

Sign back in using the first user account. Try accessing administrative settings again. You should notice that administrative capabilities are no longer available.

This confirms the role removal was successful.

Closing Thoughts

Managing identities and permissions is one of the most important responsibilities in cloud administration. In this hands-on, we have learned how to:

Create users in Azure Entra ID
Test account access
Assign Global Administrator privileges
Delegate administrative tasks
Revoke elevated permissions securely

These tasks mirror real-world identity management workflows used across enterprise Azure environments today.

DEV Community: daniel ugot

Mastering Azure Entra ID: A Hands-On Guide to User Management and Privileged Roles

What is Microsoft Entra ID?

Prerequisites