AZ-104-MicrosoftAzureAdministrator/LAB_01-Manage_Azure_AD_Identities.md at master · MicrosoftLearning/AZ-104-MicrosoftAzureAdministrator · GitHub

Task 1: Create and configure Azure AD users

To assign custom roles to a user, your organization needs Azure AD Premium P1 or P2.

This is Azure AD free, can only use built-in.

Open an InPrivate browser window and sign in to the Azure portal using the newly created user account. When prompted to update the password, change the password to a secure password of your choosing.

In the InPrivate browser window, in the Azure portal, search for and select Azure Active Directory.

Note: While this user account can access the Azure Active Directory tenant, it does not have any access to Azure resources. This is expected, since such access would need to be granted explicitly by using Azure Role-Based Access Control.

In the InPrivate browser window, on the Azure AD blade, scroll down to the Manage section, click User settings, and note that you do not have permissions to modify any configuration options.

In the InPrivate browser window, on the Azure AD blade, in the Manage section, click Users, and then click + New user.


Task 2: Create Azure AD groups with assigned and dynamic membership

Dynamic group membership adds and removes group members automatically using membership rules based on member attributes.

(Click + Try/Buy and activate the free trial of Azure AD Premium P2. Note: It can take up to 10 minutes for the licenses to activate. Continue refreshing the page until it appears. Do not proceed until the licenses have been activated.)


Task 3: Create an Azure Active Directory (AD) tenant (Optional – lab environment issue)

Quickstart – Access & create new tenant – Azure AD – Microsoft Entra | Microsoft Learn

When you create a new Azure AD tenant, you become the first user of that tenant. As the first user, you’re automatically assigned the Global Administrator role.

You can switch between them, but the lab must be be added to a subscriptions.

Task 4: Manage Azure AD guest users (Optional – lab environment issue)

Bulk user

Bulk upload to add or create members of a group – Azure Active Directory – Microsoft Entra | Microsoft Learn

Edit it to comma delimited, make one line.

When you are done with the line or lines it should look like this

Chris Green,chris@contoso.com,myPassword1234,No,Chris,Green,IT Engineer,IT Admin,Norway,Bergen,Hordaland,Norway,Home office,Garnes,5862,66376635,66376635

Remove Example line and past the content

NB you must alter the Service Principal Name to an existing SPN: @accountname.onmicrosoft.com for example

Upload it and verify

View user