Before going into the step by step practical guide on Creating User Via Azure Active Directory (Microsoft Entra ID) and Assigning Roles with RBAC,I will like to define key concepts to learn:
- Microsoft Entra ID: Azure's Identity Management System Microsoft Entra ID(previously called Azure Active Directory or Azure AD) is the service that manages all identities in Azure. Every user account, every application identity, every group, all of them are stored and managed here. When you log into the Azure Portal, Entra ID is checking your credentials behind the scene.
2. Identity And Access Management(IAM)
Identity and Access Management(IAM) Is the system that answers three very important questions about every person or application that tries to use cloud: WHO are you? Are you really who you say you are? And what are you ALLOWED to do here? Which talks about IDENTITY! AUTHENTICATION! AUTHORISATION!
3. Role Based Access Control(RBAC)
RBAC is how Azure controls what a logged-in user is allowed to DO. Instead of giving everyone full admin access. RBAC lets you assign specific roles to specific people. RBAC allows administrators to assign permissions based on roles instead of assigning permissions individually.
Examples:
Global Administrator
User Administrator
Security Administrator
4.Principle of Least Privilege (PoLP)
Users should only have the minimum access required to perform their duties.
Azure Entra ID User & Role Management Practice Exercise
Create a new user in Azure Entra ID.
Sign in with the newly created user account.
Grant the user Global Administrator access.
Using the newly promoted account, create another new user in Azure Entra ID.
After creating the second user, revoke the Global Administrator access from the first user account.
Document the entire process with screenshots and explanations
The Practice Exercise involved:
In this exercise, I carried out administrative tasks in Microsoft Azure using Microsoft Entra ID.
Creating users in Azure Entra ID
Assigning Global Administrator privileges
Testing administrative access
Revoking elevated permissions
Demonstrating Identity and Access Management (IAM) best practices
Introduction
This step by step guide will helped us gain practical experience in Azure identity administration and role-based access control (RBAC).
Prerequisites
Before starting, ensure you have:
An active Azure subscription
Access to Azure Portal
First thing login to your Microsoft Azure Portal by going to https://portal.azure.com.
If you do not have an azure account sign up and create an account for free with this link https://azure.microsoft.com/en-us/free/. Registration will require a phone number and a debit or credit card details to validate your account even for the free account. You have a choice between the free or pay as you go account.
Official Portal:
Microsoft Azure Portal
Step 1 — Create a New User in Azure Entra ID
1.First thing login to your Microsoft Azure Portal by going to https://portal.azure.com.
2.Search for Microsoft Entra ID in the search bar at the top of your portal page and Select Microsoft Entra ID.
You are now in the Default Directory| Overview page.
3.Navigate to Users → + New user → Create new user.
Type Users on the search box and click on Users then click on + New User with a drop down arrow and click on create a new user
4.Fill in the details:
User principal name: Shalom1503
Display name: Shalom Ife
Password:***************
First name: Shalom
Last name: Ife
Usage location: Nigeria
And click on Next(Property)-> Next(Assignment)-> Review + create -> Create
Step 2 — Sign In with the Newly Created User Account
- Open a new browser/incognito window
- Go to: Microsoft Sign In Page
- Sign in using: . Newly created username . Username: Shalom1503@makansgreatolakunleoutlook.onmicrosoft.com . Password: saved password . Change password when prompted . Complete MFA setup when prompted by scanning the QRCODE
Step 3: Assign a Role to a User(Grant Global Administrator Access)
- Come to Default Directory through the Entra ID
2.Type USER on the search box and Click on the USER → SHALOM IFE(New User Created)
3.Select Assigned roles → + Add assignment.
4.Choose admin roles that you want to assign to user and add it
Step 4 — Use the Newly Promoted Account to Create Another User
# Sign in with the promoted user account to create another new user in Azure Entra ID
1.login to your Microsoft Azure Portal by going to
(https://portal.azure.com)
2.From the Default Directory page of the User created
'Shalom1503@makansgreatolakunleoutlook.onmicrosoft.com".
Click on +ADD → User → Create new user.
3 Fill in the details:
User principal name: Favour1403
Display name: Favour Timi
Password:***************
First Name:************
Last Name:*************
And click on Next(Properties)-> Next(Assignment)->
Review + create -> Create
Step 5 — Revoke Global Administrator Access from the First User
1.Sign in using the original administrator account
login to your Microsoft Azure Portal by going to
https://portal.azure.com/auth/login/
2.Navigate to and click on Microsoft Entra ID
3.Click on Manage button under the overview to bring down the arrow
which brings out the Roles and administrator button.
OVERVIEW -> MANAGE -> ROLES AND ADMINISTRATOR
4.On the search bar under the Administrator Roles, type the Global Administrator Roles given to the User and click on it
5.Click on the User given the Global administrator Roles(Shalom Ife)
6.Click the button in front of Global Administrator to make the X Remove Assignments button active and click on it and it will ask whether to Remove selected assignment. Click on YES
7.This successfully removed assignment "Global Administrator" from the
USER (Shalom Ife)
Removing/Revoking privileged access follows the concept called the Principle of Least Privilege (PoLP), ensuring users only retain permissions necessary for their tasks or give people only the minimum access needed to do their job
Conclusion
This assignment provided hands-on experience with Azure identity and access management using Microsoft Entra ID. This allow us to learn how to create users, assign administrative privileges, manage RBAC roles, and apply security best practices in a cloud environment.
The exercise also reinforced the importance of privilege management and secure administrative operations in enterprise cloud environments.
Top comments (0)