Azure Active Directory

Users and Groups Documentation

Managing Users and Groups

Azure Active Directory (Azure AD) provides robust tools for managing users and groups within your organization. This section details how to create, manage, and organize your identities.

Users

Users are the individuals who need access to your organization's resources. They can be employees, partners, or customers.

Creating a User

You can create new users through the Azure portal, PowerShell, or Microsoft Graph API. Here's a basic overview of the process via the Azure portal:

  1. Navigate to the Azure portal and select your Azure AD tenant.
  2. Go to Users and click New user.
  3. Choose either Create new user or Invite external user.
  4. Fill in the required user details, such as name, username, and initial password.
  5. Assign licenses and roles as needed.
  6. Click Create.

User Properties

Each user object has various properties that define their identity and access. Key properties include:

  • Display Name: The name that appears in the portal and other services.
  • User Principal Name (UPN): The sign-in name, typically in the format user@domain.com.
  • Object ID: A unique identifier for the user.
  • Assigned Roles: Permissions granted to the user.
  • Licenses: Products and services assigned to the user.

Groups

Groups are collections of users, devices, or other groups that allow for simplified management of access to resources.

Types of Groups

  • Security groups: Used to grant access to resources. You can assign licenses to security groups.
  • Microsoft 365 groups: Provide collaboration features like a shared inbox, calendar, and SharePoint site, in addition to access to resources.

Creating a Group

Similar to users, groups can be created via the Azure portal, PowerShell, or Graph API.

  1. In the Azure portal, navigate to your Azure AD tenant.
  2. Go to Groups and click New group.
  3. Select the Group type (Security or Microsoft 365).
  4. Provide a Group name and description.
  5. Configure membership type (Assigned or Dynamic).
  6. Add members if the membership type is Assigned.
  7. Click Create.

Group Properties and Management

Key aspects of group management include:

  • Membership: Adding or removing users from groups.
  • Membership Types:
    • Assigned: Members are explicitly added or removed by an administrator.
    • Dynamic User: Membership is automatically updated based on rules and user attributes.
    • Dynamic Device: Membership is automatically updated based on rules and device attributes.
  • Group Settings: Configuring settings such as naming policies and access reviews.

Common Operations and APIs

Here are some common operations and their corresponding Microsoft Graph API endpoints:

Operation HTTP Method Endpoint Description
List Users GET /users Retrieves a list of all users in the directory.
Get User GET /users/{id} Retrieves a specific user by their ID.
Create User POST /users Creates a new user.
List Groups GET /groups Retrieves a list of all groups in the directory.
Get Group GET /groups/{id} Retrieves a specific group by its ID.
Create Group POST /groups Creates a new group.
Add Member to Group POST /groups/{id}/members/$ref Adds a user or service principal as a member of a group.

For detailed API references, please refer to the Microsoft Graph API documentation for users and groups.