Users in Azure AD

Azure AD supports three types of users:

1. Cloud Identities

   • Exist only in Azure AD.

   • Examples: Admins or users you create manually.

   • Source: Azure AD (or external Azure AD for guest access across directories).

   • Deletion: Removing them deletes their account permanently.

2. Directory-Synchronized Identities

   • Exist in on-premises AD and synced to Azure AD via Azure AD Connect.

   • Source: Windows Server AD.

   • Useful for organizations with existing AD infrastructure.

3. Guest Users

   • External users (Microsoft accounts, other cloud providers).

   • Source: Invited user.

   • Ideal for vendors, contractors, or partners.

   • Access can be removed anytime.

Tip: Decide early which user types you need based on your organization’s scenario.

Managing Users

You can add users via:

• Azure Portal: Includes name, username, job title, department, etc.

• Other Options: Office 365 Admin Center, Microsoft Intune, or CLI.

Key Considerations:

• Only Global Administrators can manage users.

• Profile info is optional.

• Deleted users can be restored within 30 days.

• Sign-in and audit logs are available.

Bulk User Creation:

• Use CSV files (manual Excel creation, HR system export, or SQL database).

• Naming conventions: e.g., Smith.John@contoso.com.

• Password conventions: Randomly generated or emailed securely.

Steps via PowerShell:

1. Connect with Connect-AzAccount.

2. Create a Password Profile for new users.

3. Import the CSV with Import-CSV.

4. Loop through users, defining parameters (UPN, Display Name, Job Title, etc.).

5. Create users using New-AzADUser and enable accounts.

Groups in Azure AD

Two types of groups:

1. Security Groups

   • Manage access to resources for users or devices.

   • Example: Apply a security policy to multiple users at once.

   • Requires Azure AD admin to create/manage.

2. Office 365 Groups

   • Enable collaboration with shared mailbox, calendar, files, SharePoint site, etc.

   • Can include external users.

   • Available to both admins and standard users.

Membership Types:

• Assigned: Manually add specific users.

• Dynamic User: Automatic membership based on user attributes (e.g., department).

• Dynamic Device: Automatic membership for devices (security groups only).

Tip: Decide if you want static assignment (direct control) or dynamic rules (auto-updates based on attributes).

✅ Next Steps to Consider:

• Define which types of users your organization will need.

• Decide how you will add users (manually, bulk via CSV, or directory sync).

• Identify which groups you need and whether membership will be assigned or dynamic.