Hello and welcome back to Cyber Aires. Microsoft Azure Administrator A Z 103 course. I'm well, Carlson. And this is Episode 48 about users and groups.
In today's episode, we're gonna learn about the three different types of users here available to us in Azure Active directory.
We're gonna show how to manually add and talk briefly about how the bulk add users into azure active directory as well.
We're going to discuss a few of the different group options available in azure active directory, depending upon the skew that you have of Azure A D.
And then we're gonna go through portal and add some members and owners to active directory, a measure active directory and two groups as well just to get a feeling for how management and navigation in Azure A. D works
to get started, we're gonna dive right into portal, and we're gonna come, too. But obviously the azure active directory blade.
Now, before we can get started and see all of the options available to us, remember that on the free tier of azure a d, we have a limited subset of options available, So the first thing we're gonna do here in this trial as your A D tenant is start a free trial of premium P one or pee, too.
They have a couple of options here, and I advise you to consider these. If you're looking at Azure for production workloads, don't squander this time.
That's also a good reason that you may want to spend up a secondary email account to give yourself some azure 80 time just to familiarize yourself with the material for a Z one of three, and then reserve your corporate accounts for some more corporate testing in your corporate environment,
we're gonna go ahead. That wouldn't set up this
and that's all there was to that. Now we'll need to refresh the azure active directory blade,
and I can see now that my azure active directory blade looks a little bit different. I can see the sign in's associate ID right off the bat,
but to jump right into the different user types. Let's go ahead here and select users under manage.
I'm gonna bring us into the user's blade, and we can see that I have only two users here in this particular active directory tenant
and over here in the source is where we're gonna be able to tell the difference about the type of user that this is.
So I can tell that the account that was created or the user account created when I initially set up my azure 80 tenant is this one right here. And that's gonna be a Microsoft account as the source
as your active directory here is gonna be the source When we've created this user here in Portal or just strictly in azure active directory.
There is 1/3 type of account here that will see and that's going to say, Windows Server A. D and these air going to be users that are synchronized from our on premise environment using Azure A D Connect, which will talk about an upcoming video.
But remember, there are both of these Air cloud created users. Azure Active directory is the one that I have manually created here by selecting new user,
and the third type here is gonna be a unpromising Quinn ization, and that's gonna be a Windows server a D. As the source for that particular user.
Adding a user to add your active directory manually is relatively straightforward we come up here to new user will put in his name.
Put in the user name.
We can select a profile which is essentially just some other identifying information here in Azure A. D. And this is not required. But often helpful
properties here is not gonna be changeable because of how we're coming in. We can see that the source of authority is azure accurate directory, which is accurate for argues case today.
If we wanted to go ahead and the sign any groups, we would do that here.
And then we could send the directory role of this particular user. And keep in mind that this is this only has to do with hasher active directory.
This is not equivalent to the role based access control that we've talked about in an azure so far. We can go ahead and generate a password.
If we wanted to show that password so we could give it to the customer or the user so they could log in initially and reset that that we can do so Copy this out and then we just hit Create
one thing I want to point out before we get going here is that I was able to use this particular u R l because I have set this and verified it as a custom domain here in my azure environment.
If you have not done this, you will need to use the full your l for your azure active directory tenant. In this case, it would be William. We'll see about that. Got on Microsoft dot com.
Keep in mind that this has to be a legitimate user name with a riel girl, or you cannot create that user
I can hit create, though,
and I've added that user here it our azure active directory, and I can see that the source is azure active directory, as expected,
and you can also add guest users here in Azure active directory. And these are gonna be users that exist outside of your active directory tenant. But you can give access to re sources and single sign on and some of the other functionality that as your 80 offers to them.
I think of this as a consultant or 1/3 party contractor that you don't want receiving group e mails from within the company, but they need to go ahead and be able to leverage. Single sign on into some of your resource is for your company while they're doing work.
If you click here on new guest user, you can see that if we want to know more information about guests users, we can click here to get to the Microsoft documentation advice. You're spending a little bit of time to see what guest users air all about. It really is a pretty powerful and helpful feature of azure active directory.
You can see multi factor authentication here. We're gonna talk about that in an upcoming episode. So if it caught your attention, rest assured we'll get back to that here very shortly.
We also have the option of bulk adding users and to azure active directory directly via A C S V file. You can find documentation about that as well on the Microsoft website. But that's gonna be very similar to any C S V import that you've ever done before. You set the column headings in the very first row,
and then you put the information down below that.
But I encourage you to check out the documentation on azure a de bulk import VSC S V to learn a little bit more about that.
We're going to skip that for now, though, because the real power here of importing users and Azure active directory is gonna be as your a d connect, which will cover in detail in an upcoming episode as well.
We're gonna go ahead and back out a level, though, and talk briefly about groups. And we don't have any groups created right now so we can go ahead and slight new group.
And I have a couple of options here about the group types. So security and office 3 65 Well, clearly. Office 3 65 groups are going to be four office 3 65 And for this purpose, we're gonna go ahead and leave this at security. I can name the group
Intergroup Prescription Should I choose to? And I can see here that the membership type is assigned
and what this means is that for user's to be a member of this group, I have to manually come in and assign them now with my P one and P two as your membership, I ultimately be able to select dynamic here is well and set some other conditions as to group membership. But there are two different types of groups here in azure active directory.
Those that are assigned or the ones manually managed, and those that are dynamic
that used rule sets to determine who is in which group.
I can go ahead and select an owner of this group here.
What? Go ahead. It's like Michael Scott is the owner of this group,
and then I can set members here as well. We're gonna go ahead and put Dwight here in this group
and I can create that group with the owner and member already selected.
And that's really all there is to manually adding users and groups here in tow as your active directory. So in today's episode, we talked about the two main types of users here and as your active directory, and those are gonna be those that are created in the cloud versus those that are synchronized from on premise infrastructure.
We also talked about two different ways to add users to azure a D, and that's going to be both manually and through a C S V bulk import
spoiler alert. There is an additional weight, and we're gonna talk about that the azure A D connect very soon
there are a couple of different types here in Azure Active Directory, and those were going to be the assigned group that we manage manually and the dynamic group that we use rule sets or oh, you membership to determine what groups users were members of here in Azure D.
And then we also went through and added members and owners to azure Adie groups. Really, this all was very simple and basic. It's gonna be very familiar to you based on what you're likely already doing in your active directory domain service's environment on premise. But I felt like it was important to go through that process here in Azure 80
to point out some of the differences
coming up. Next, we're going to talk about Azure Active Directory connect and the way that that tool allows us to synchronize our on promise a. D. D. S environment to our azure A D environment and prevent us from having to re create all of those users and groups here in azure active directory, especially manually or even through CSB.
Thanks for joining me today, and I'm looking forward to the upcoming video