To set up user accounts and manage permissions, in Azure Active Directory (Azure AD) there are methods including the 🔵 #Azureportal, ⚙️ #PowerShell or the 📊#MicrosoftGraphAPI.
Using the Azure portal:
- Navigate to the Azure portal. Log in with your AD administrator account.
- Locate the search bar and type “Azure Active Directory “ then select the service.
- In the navigation pane choose “Users.”
- Click on the “Add user” button.
- Enter all information for the user, including their email address.
- Select “Create” to finalize the user account creation.
Once you have created a user account you can assign permissions to that user by following these steps:
- Click on the name of the user, from your list of users.
- In the navigation pane choose “Permissions.”
- Click on “Assign permissions.”
- Select which permissions you want to assign to this user.
- Click on “Assign” to apply these permissions.
Using PowerShell:
To configure both user accounts and permissions using PowerShell you can utilize a set of commands specifically designed for this purpose.
# Create a new user account
New-AzureADUser -DisplayName "Alice" -UserPrincipalName alice@contoso.com
# Assign a role to a user account
Add-AzureADRoleAssignment -ObjectId "alice@contoso.com" -RoleDefinitionName "User Administrator"
To grant access rights to a user account you can utilize the command provided below:
# Assign custom permissions to a user account
New-AzureADPermissionGrant -ObjectId "alice@contoso.com" -ResourceUri "https://myapp.azure.com/api/v1/users" -PermissionScope "Read"
Using the Microsoft Graph API
To configure user accounts and permissions using the Microsoft Graph API, you can use the following requests:
# Create a new user account
POST https://graph.microsoft.com/v1.0/users
Content-Type: application/json
{
"displayName": "Alice",
"userPrincipalName": "alice@contoso.com"
}
# Assign a role to a user account
POST https://graph.microsoft.com/v1.0/users/alice@contoso.com/roleAssignments
Content-Type: application/json
{
"roleDefinitionId": "00000000-0000-0000-0000-000000000000",
"principalId": "alice@contoso.com"
}
# Assign custom permissions to a user account
POST https://graph.microsoft.com/v1.0/users/alice@contoso.com/permissions
Content-Type: application/json
{
"resourceUri": "https://myapp.azure.com/api/v1/users",
"permissionScopes": ["Read"]
📚 Elevate Your Microsoft 365 Mastery: Take on the Whizlabs Microsoft 365 Administrator Proficiency Exam (MS-102) 🎓
Here are some recommendations, for setting up user accounts and permissions in Azure AD:
🔒 Utilize Azure AD groups to efficiently manage user permissions. This simplifies the process of assigning or revoking permissions for groups of users.
🛡️ Make use of AD roles to grant users access to resources and privileges they require. This ensures you have control over access to your AD resources.
🚀 Leverage Azure AD permissions to provide users with access to actions on resources. This offers you the control over user access.
🌐 Implement Azure AD conditional access policies that limit user access based on factors like device compliance, location and time of day. This adds a layer of security to safeguard your AD resources from unauthorized entry.
In conclusion 💼 by following these guidelines you can effectively configure user accounts and permissions, in Azure AD according to the requirements of your organization.📋
Top comments (0)