Mastering Identity Management in Microsoft Entra ID: From Users to Roles

Introduction

Groups in Microsoft Entra ID simplify how access is managed across applications, licenses, and resources. Instead of assigning permissions to individual users one by one, administrators can create groups, add users as members, and assign policies or licenses to the group. This makes administration more efficient, consistent, and scalable.

In this walkthrough, you will explore beginner-level group management tasks such as creating groups, assigning members, configuring dynamic membership, and applying licenses. These are essential skills for managing identity and access at scale.

This exercise should take approximately 15 minutes to complete.

Skilling Objectives

By completing this exercise, you will learn how to:

• Create a Microsoft 365 group for collaboration.
• Create a Security group with dynamic membership.
• Add users to groups using different methods.
• Assign licenses and ownership at the group level.

Step 1: Create a Microsoft 365 Group

1. Open Microsoft Entra admin center.
2. Log in with your tenant administrator credentials.

3. From the left menu, select Groups → All groups → + New group.
   

4. Enter the following details:

• Group type: Microsoft 365
• Group name: Project23
• Group description: This group consists of members of the new AI Simulation software with codename Project23
• Membership type: Assigned

1. Under Members, select + Add members → Bhogeswar Kalita → Select.
   

2. Click Create.
   

💡 Why we create Microsoft 365 groups: They provide a shared workspace for collaboration in Outlook, Teams, and SharePoint, making it easier for project members to communicate and share resources.

Step 2: Create a Security Group with Dynamic Membership

1. In Microsoft Entra admin center, go to Groups → All groups → + New group.
2. Enter the following details:

• Group type: Security
• Group name: Guest Users
• Group description: This group has all the Guest users currently in the tenant.

• Membership type: Dynamic User

  1. Under Dynamic user members, select Add dynamic query.
  2. Configure the query:

• Property: userType

• Operator: Equals

• Value: Guest

  1. Click Save → Create.
  2. Wait about 2 minutes for the group to populate, then select Refresh.

💡 Why we create Security groups: They are used to manage access to resources or apply security policies. With dynamic membership, users are automatically added or removed based on rules, reducing manual administration.

Step 3: Add an Existing User to a Group

1. Go to Groups → All groups → Project23.
   

2. Select Members → + Add members.
   

3. Mark the box next to External User and click Select.
   

💡 Why we add users to groups: Group membership ensures users inherit access and licenses automatically, reducing errors and improving consistency compared to managing each account individually.

Step 4: Add Licenses and Owners to a Group

Assign Group Owners

1. Go to Groups → All groups → Project23.
2. Select Owners → + Add owners.
3. Mark the box next to Bhogeswar Kalita and click Select.

👉 By default, the tenant administrator is the owner if no one is specified.

Assign Group Licenses

1. Open Microsoft 365 admin center.
2. Go to Billing → Licenses.
3. Select Microsoft Power Automate Free.
4. Open the Groups tab → + Assign licenses.
5. Select the Project23 group from the dropdown.
6. Click Assign and refresh to confirm.

💡 Why we assign licenses to groups: Group-based licensing streamlines administration—when new members are added to the group, they automatically inherit the required licenses without manual intervention.

Conclusion

In this exercise, you learned how to create Microsoft 365 and Security groups, add users, configure dynamic membership, assign licenses, and define group ownership in Microsoft Entra ID.

Groups are a cornerstone of modern identity management, helping administrators manage collaboration, enforce security, and scale license assignments efficiently. By mastering these basics, you can streamline user access and reduce administrative overhead across your organization.