How to create and configure users accounts and explore user account properties in Microsoft Entra ID

Configuring user accounts and managing user account properties is a core task in Microsoft Entra ID (formerly Azure Active Directory or Azure AD). Entra ID enables administrators to create, configure, and manage users, as well as define user attributes to control access to various resources and services.

In Entra ID, user management is typically done via the Azure portal, PowerShell, or Graph API, depending on the complexity of the environment and the level of automation needed. Below, I'll guide you through the basic steps to configure user accounts and their properties using the Azure portal as the primary interface.

1. Creating User Accounts

To create a user account in Microsoft Entra ID via Azure Portal:

1. Sign in to the Azure portal

   Go to Azure Portal, and sign in with an administrator account.

2. Navigate to Microsoft Entra ID

   In the left-hand menu, search for Azure Active Directory or Microsoft Entra ID, and select it.

3. Create a New User

   In the Azure AD dashboard, go to Users > All users.

   Click + New user at the top of the page.

4. Configure User Properties

   Choose between two options for creating a user:

   • Create user: This is for creating a completely new user in the directory.

   • Invite user: This is used to invite external users (guests) into the directory.

   For a new user, select Create user.

5. Fill in the User Details

   • User name: Provide the user’s unique user principal name (UPN), which typically follows the format username@domain.com.

   • Name: Enter the full name of the user.

   • Profile: Optionally, you can enter the user’s job title, department, and office location.

6. Password Settings

   • Password: A temporary password is generated automatically, but you can specify your own password here.

   • Check the box to require the user to change the password upon first sign-in.

7. Roles and Groups (Optional)

   • If necessary, you can assign a role to the user at the time of creation (such as Global Administrator or User).

   • You can also assign the user to specific groups during this step.

8. Click "Create"

   • After configuring the necessary settings, click Create.

   • The user account will be created and appear in the All users list.

2. Modifying User Account Properties

Once a user is created, you can modify their properties at any time.

1. Navigate to User Account

   • In the Azure AD portal, go to Users > All users.

   • Find the user account you wish to modify and click on the user's name to open their profile.

2. Edit User Properties

   • Basic Info: You can edit basic information such as the user's name, job title, department, location, and phone number.

   • User Principal Name (UPN): You can change the UPN (i.e., the username) if necessary.

   • Profile Picture: You can also update the user’s profile picture if needed.

3. Change Password

   • You can reset the user’s password by clicking on Reset Password.

   • The user will be required to change the password the next time they sign in.

4. Assigned Roles

   • To change a user’s roles, go to the Roles and administrators tab in the user's profile.

   • Click + Add assignments to assign new roles or remove existing roles.

5. Assign/Remove Groups

   • To manage group memberships, navigate to the Groups section under the user's profile.

   • Click + Add membership to add the user to a group, or select a group and remove the user from it.

6. Licenses

   • If you want to assign or modify the licenses (e.g., Microsoft 365, Azure subscriptions), go to the Licenses section.

   • From here, you can assign, remove, or change the user's licenses.

7. Authentication Methods

   • You can manage the user’s authentication methods (e.g., Multi-Factor Authentication (MFA), passwordless authentication, or Windows Hello for Business) under the Authentication methods tab.

8. Other Settings

   • Sign-In Activity: View or manage the user’s sign-in activity under the Sign-ins section.

   • Devices: View and manage the user’s registered devices (if you have Intune or similar device management systems).

3. Managing User Account Properties via PowerShell

For more advanced scenarios, such as bulk management, automation, or scripting, you can use PowerShell to configure and modify user accounts and their properties.

1. Install and Import the Azure AD Module

   Open PowerShell as an administrator and run.

   xxxxxxxxxx
   2
   1
   Install-Module -Name AzureAD
   2
   Import-Module AzureAD
   

2. Connect to Azure AD

   Use the following command to sign in:

   xxxxxxxxxx
   1
   1
   Connect-AzureAD
   

3. Create a User

   Example to create a new user.

   xxxxxxxxxx
   7
   1
   New-AzureADUser `
   2
   -DisplayName "John Doe" `
   3
   -UserPrincipalName "john.doe@domain.com" `
   4
   -MailNickName "johndoe" `
   5
   -PasswordProfile @{ForceChangePasswordNextSignIn=$true; Password="TempPassword123!"} `
   6
   -GivenName "John" `
   7
   -Surname "Doe"
   

4. Modify User Properties

   Example to change a user’s display name and job title.

   xxxxxxxxxx
   4
   1
   Set-AzureADUser `
   2
   -ObjectId "john.doe@domain.com" `
   3
   -DisplayName "Johnathan Doe" `
   4
   -JobTitle "Senior Developer"
   

5. Reset a User’s Password

   To reset a user’s password.

   xxxxxxxxxx
   3
   1
   Set-AzureADUserPassword `
   2
   -ObjectId "john.doe@domain.com" `
   3
   -Password "NewPassword123!"
   

6. Assign a User to a Group

   Example to add a user to a group.

   xxxxxxxxxx
   3
   1
   Add-AzureADGroupMember `
   2
   -ObjectId <GroupObjectId> `
   3
   -RefObjectId <UserObjectId>
   

7. Assign Roles

   Example to assign a role to a user.

   xxxxxxxxxx
   3
   1
   Add-AzureADDirectoryRoleMember `
   2
   -ObjectId <RoleObjectId> `
   3
   -RefObjectId <UserObjectId>
   

4. Managing User Attributes in Azure AD

You can also manage user account attributes (e.g., department, location, job title) using the Azure portal or PowerShell.

Attributes are stored in the user's profile and can be used for group membership rules, conditional access policies, and role-based access control (RBAC).

Common User Attributes:

• UserPrincipalName (UPN): The unique identifier for the user, often in the format of an email address (e.g., user@domain.com).

• GivenName: The user's first name.

• Surname: The user's last name.

• JobTitle: The user’s job title.

• Department: The user's department or business unit.

• Manager: The manager of the user (important for hierarchical permissions and workflows).

• PhysicalDeliveryOfficeName: The office where the user works.

• TelephoneNumber: The user’s phone number.

• EmployeeID: A unique identifier for the employee, typically used for tracking.

You can edit these attributes either via the Azure portal in the user's profile or by using PowerShell commands like Set-AzureADUser.

Conclusion

Managing user accounts and their properties in Microsoft Entra ID involves using both the Azure portal and PowerShell to create, modify, and manage users and their attributes.

The Azure portal offers an intuitive, GUI-based way to configure individual user properties, while PowerShell is best suited for automation, bulk operations, and advanced scenarios.

Proper user account management is critical for maintaining security, compliance, and access control across cloud applications and resources.