To set up user accounts and manage permissions, in Azure Active Directory (Azure AD) there are methods including the ๐ต #Azureportal, โ๏ธ #PowerShell or the ๐#MicrosoftGraphAPI.
Using the Azure portal:
- Navigate to the Azure portal. Log in with your AD administrator account.
- Locate the search bar and type โAzure Active Directory โ then select the service.
- In the navigation pane choose โUsers.โ
- Click on the โAdd userโ button.
- Enter all information for the user, including their email address.
- Select โCreateโ to finalize the user account creation.
Once you have created a user account you can assign permissions to that user by following these steps:
- Click on the name of the user, from your list of users.
- In the navigation pane choose โPermissions.โ
- Click on โAssign permissions.โ
- Select which permissions you want to assign to this user.
- Click on โAssignโ to apply these permissions.
Using PowerShell:
To configure both user accounts and permissions using PowerShell you can utilize a set of commands specifically designed for this purpose.
# Create a new user account
New-AzureADUser -DisplayName "Alice" -UserPrincipalName alice@contoso.com
# Assign a role to a user account
Add-AzureADRoleAssignment -ObjectId "alice@contoso.com" -RoleDefinitionName "User Administrator"
To grant access rights to a user account you can utilize the command provided below:
# Assign custom permissions to a user account
New-AzureADPermissionGrant -ObjectId "alice@contoso.com" -ResourceUri "https://myapp.azure.com/api/v1/users" -PermissionScope "Read"
Using the Microsoft Graph API
To configure user accounts and permissions using the Microsoft Graph API, you can use the following requests:
# Create a new user account
POST https://graph.microsoft.com/v1.0/users
Content-Type: application/json
{
"displayName": "Alice",
"userPrincipalName": "alice@contoso.com"
}
# Assign a role to a user account
POST https://graph.microsoft.com/v1.0/users/alice@contoso.com/roleAssignments
Content-Type: application/json
{
"roleDefinitionId": "00000000-0000-0000-0000-000000000000",
"principalId": "alice@contoso.com"
}
# Assign custom permissions to a user account
POST https://graph.microsoft.com/v1.0/users/alice@contoso.com/permissions
Content-Type: application/json
{
"resourceUri": "https://myapp.azure.com/api/v1/users",
"permissionScopes": ["Read"]
๐ Elevate Your Microsoft 365 Mastery: Take on the Whizlabs Microsoft 365 Administrator Proficiency Exam (MS-102) ๐
Here are some recommendations, for setting up user accounts and permissions in Azure AD:
๐ Utilize Azure AD groups to efficiently manage user permissions. This simplifies the process of assigning or revoking permissions for groups of users.
๐ก๏ธ Make use of AD roles to grant users access to resources and privileges they require. This ensures you have control over access to your AD resources.
๐ Leverage Azure AD permissions to provide users with access to actions on resources. This offers you the control over user access.
๐ Implement Azure AD conditional access policies that limit user access based on factors like device compliance, location and time of day. This adds a layer of security to safeguard your AD resources from unauthorized entry.
In conclusion ๐ผ by following these guidelines you can effectively configure user accounts and permissions, in Azure AD according to the requirements of your organization.๐
Top comments (0)