Coach Beard Jr. Boring Notes
  • CONTRIBUTING
  • Multi Threading
  • Processes
  • README
  • Security Policy
  • Stack vs Heap Memory Allocation
  • What is it?
  • Mind Map
  • Azure
    • Table of contents
  • Azure
    • Resources
  • BATCH-Scripting
    • Gettng-Started
  • Cloudflare
    • Digital Certificates - What are Those
  • Cloudflare
    • Introduction to HTTPS and TLS
  • Cloudflare
    • Resources
  • DENO LAND
    • DENO - CLI
  • DENO LAND
    • Deno_index.docx
  • DENO LAND
    • Examples
  • DENO LAND
    • Starting Examples
  • DENO LAND
    • Working with Deno
  • DENO LAND
    • http_server.ts
  • Docker Notes
    • Commands
  • Docker Notes
    • Communication
  • Docker Notes
    • Containers
  • Docker Notes
    • Data in Docker
  • Docker Notes
    • Docker Compose
  • Docker Notes
    • Dockerfile
  • Docker Notes
    • Images and containers
  • Docker Notes
    • Practice Images
  • What and Why
  • Docker Notes
    • Table of contents
  • Docker Notes
    • Virtual Machines
  • Docker Notes
    • Volumes
  • Docker Notes
    • dockerignore
  • Garbage Collection
    • Introduction
  • Git and Github
    • GIT
  • Git and Github
    • Github
  • HackingHub.io
    • Mindmap
  • HackingHub.io
    • Start Here
  • JENKINS
    • JENKINS (Getting Started)
  • Java - A Headache
    • A Headache
  • Java - A Headache
    • Checked Exceptions
  • Java - A Headache
    • Concurrency In Java
  • Java - A Headache
    • ENUM
  • Java - A Headache
    • ThreadExceptions
  • Java - A Headache
    • Exception Handling
  • Java - A Headache
    • Java Memory Management
  • Java - A Headache
    • Lambda Expressions
  • Java - A Headache
    • LifeCycle and States of a Thread in Java
  • Java - A Headache
    • Memory Allocation by JVM
  • Java - A Headache
    • Multi-Threading in JAVA
  • Java - A Headache
    • Transient
  • JavaScript
    • Arrays
  • JavaScript
    • Behind the Scenes of JavaScript
  • JavaScript
    • Falsy-Truthy Values
  • JavaScript
    • Garbage Collection
  • JavaScript
    • Getters_Setters
  • JavaScript
    • Hoisting
  • JavaScript
    • How Code is Parsed and Compiled
  • JavaScript
    • Index.docs
  • JavaScript
    • Inside JS Engine
  • JavaScript
    • MindMap
  • JavaScript
    • Objects
  • JavaScript
    • this in javascript
  • Kubernetes
    • Kubernetes Architecture Overview
  • Linux & Unix
    • GRUB - Grand Unified Bootloader
  • Linux & Unix
    • Resources
  • Miscellaneous
    • CDN Architecture
  • Miscellaneous
    • JavaScript exec returns Undefined
  • NodeJS
    • Index.docs
  • Obsidian - Help
    • Resources
  • Pentester Notes
    • IP Address
  • Pentester Notes
    • LAN - Local Area Network
  • Pentester Notes
    • MAC Address
  • Pentester Notes
    • MindMap
  • Pentester Notes
    • Networking
  • Pentester Notes
    • Offensive Security
  • Pentester Notes
    • Ping
  • Pentester Notes
    • Subnetting
  • Spring-Security
    • Servlets & Filters
  • Spring-Security
    • default-configuration
  • TypeScript
    • Index.docs
  • TypeScript
    • TypeScript
  • Webpack
    • Concepts
  • .github
    • ISSUE_TEMPLATE
      • feature_request
  • Automation
    • Cucumber-Framework
      • Getting Started
  • Automation
    • Playwright
      • Introduction
  • Azure
    • AZ-104
      • Control Azure services with the CLI
  • Azure
    • AZ-104
      • Deploy Azure infrastructure by using JSON ARM templates
  • Azure
    • AZ-204
  • Azure
    • AZ-204
      • mindMap
  • Azure
    • Azure Policy
      • Azure-policies
  • Azure
    • Azure Policy
  • Azure
    • Azure-Fundamentals
  • Azure
    • Azure-Fundamentals
      • mindmap
  • Cloudflare
    • Docs
      • Cloudflare IPs
  • Cloudflare
    • Docs
      • Getting Started
  • Cloudflare
    • Docs
      • MindMap
  • DENO LAND
    • Basics
      • Basics
  • DENO LAND
    • Basics
      • Connecting to Database
  • DENO LAND
    • Basics
      • Environment Variables
  • DENO LAND
    • Basics
      • Imports
  • DENO LAND
    • Basics
      • Modules
  • DENO LAND
    • Basics
      • Permissions
  • DENO LAND
    • Basics
      • Standard Library
  • DENO LAND
    • Basics
      • Testing
  • Eager
    • Primes
      • Finding prime number - formula
  • Git and Github
    • Github-Actions
      • Auto Publish(Release) - GitHub Actions
  • Git and Github
    • Github-Actions
      • Continuous Integration (CI) - GitHub Actions
  • Git and Github
    • Github-Actions
      • Github-Actions Introduction
  • Java - A Headache
    • Garbage Collection
      • Garbage Collection
  • Java - A Headache
    • Garbage Collection
      • Types of Garbage Collection
  • Java - A Headache
    • Spring - Framework
      • annotation
  • Java - A Headache
    • Threads
      • Threads in JAVA
  • JavaScript
    • Basics
      • DataTypes_Variables
  • JavaScript
    • Basics
      • Null-Undefined-NaN
  • JavaScript
    • DOM
      • Fundamental data types
  • JavaScript
    • DOM
      • Learn to search Methods and attributes
  • JavaScript
    • DOM
      • What is DOM
  • JavaScript
    • DOM
      • Working With DOM
  • JavaScript
    • Functions
      • Functions in JavaScript
  • JavaScript
    • OOP
      • OOP in JS
  • Pentester Notes
    • DNS
      • DNS Records
  • Pentester Notes
    • DNS
      • Securing DNS
  • Pentester Notes
    • DNS
      • What is 1.1.1.1
  • Pentester Notes
    • DNS
      • What is DNS
  • Pentester Notes
    • OSI Model
      • Intro
  • Pentester Notes
    • Protocols
      • ARP Protocol
  • Pentester Notes
    • Protocols
      • DHCP Protocol
  • Azure
    • AZ-104
      • Azure-Administrators
        • automate-azure-tasks-using-scripts
  • Azure
    • AZ-104
      • Azure-Administrators
        • azure-resource-manager
  • Azure
    • AZ-104
      • Azure-Administrators
        • configure-azure-resources
  • Azure
    • AZ-104
      • Azure-Administrators
        • configure-resources-with-arm
  • Azure
    • AZ-104
      • Azure-Administrators
        • control-azure-services-cli
  • Azure
    • AZ-104
      • Azure-Administrators
        • deploy-azure-infra-using-arm-templates
  • Azure
    • AZ-104
      • Azure-Administrators
  • Azure
    • AZ-104
      • Configure and Manage VNet for Azure
        • Configure Azure DNS
  • Azure
    • AZ-104
      • Configure and Manage VNet for Azure
        • Configure Azure Virtual Network Peering
  • Azure
    • AZ-104
      • Configure and Manage VNet for Azure
        • Configure Network Security Groups
  • Azure
    • AZ-104
      • Configure and Manage VNet for Azure
        • Configure Network routing and endpoints
  • Azure
    • AZ-104
      • Configure and Manage VNet for Azure
        • Configure Virtual Networks
  • Azure
    • AZ-104
      • Deploy and Manage Azure compute resources
        • Configure Azure Container Instances
  • Azure
    • AZ-104
      • Deploy and Manage Azure compute resources
        • Configure Virtual Machines
  • Azure
    • AZ-104
      • Deploy and Manage Azure compute resources
        • Manage VM with Azure CLI
  • Azure
    • AZ-104
      • Deploy and Manage Azure compute resources
        • configure-azure-app-service-plans
  • Azure
    • AZ-104
      • Deploy and Manage Azure compute resources
        • configure-azure-app-service
  • Azure
    • AZ-104
      • Deploy and Manage Azure compute resources
        • configure-vm-availability
  • Azure
    • AZ-104
      • Implement and Manage Storage in Azure
        • Configure Azure Blob Storage
  • Azure
    • AZ-104
      • Implement and Manage Storage in Azure
        • Configure Azure Files and Azure File Sync
  • Azure
    • AZ-104
      • Implement and Manage Storage in Azure
        • Configure Azure Storage Security
  • Azure
    • AZ-104
      • Implement and Manage Storage in Azure
        • Configure Azure Storage with tools
  • Azure
    • AZ-104
      • Implement and Manage Storage in Azure
        • Configure Storage Accounts
  • Azure
    • AZ-104
      • Implement and Manage Storage in Azure
        • Control Access to Azure Storage with SAS
  • Azure
    • AZ-104
      • Implement and Manage Storage in Azure
        • Create Azure Storage Account
  • Azure
    • AZ-104
      • Implement and Manage Storage in Azure
        • Upload, download, manage data with Azure Storage Explorer
  • Azure
    • AZ-104
      • Manage identities and governance in Azure
        • Allow users to reset their password with Entra SSPR
  • Azure
    • AZ-104
      • Manage identities and governance in Azure
        • Configure Azure Policy
  • Azure
    • AZ-104
      • Manage identities and governance in Azure
        • Configure Microsoft Entra ID
  • Azure
    • AZ-104
      • Manage identities and governance in Azure
        • Configure RBAC
  • Azure
    • AZ-104
      • Manage identities and governance in Azure
        • Configure Subscriptions
  • Azure
    • AZ-104
      • Manage identities and governance in Azure
        • Configure user and group accounts
  • Azure
    • AZ-104
      • Manage identities and governance in Azure
        • Create Azure Users and Groups in Entra ID
  • Azure
    • AZ-104
      • Manage identities and governance in Azure
        • Secure Azure resources with Azure RBAC
  • Azure
    • AZ-104
      • Monitor and back up Azure resources
        • Configure Azure Alerts
  • Azure
    • AZ-104
      • Monitor and back up Azure resources
        • Configure Azure Monitor
  • Azure
    • AZ-104
      • Monitor and back up Azure resources
        • Configure Log Analytics
  • Azure
    • AZ-104
      • Monitor and back up Azure resources
        • Configure Network Watcher
  • Azure
    • AZ-104
      • Monitor and back up Azure resources
        • Configure Virtual Machine Backups
  • Azure
    • AZ-104
      • Monitor and back up Azure resources
        • Configure file and folder backups
  • Azure
    • AZ-104
      • Monitor and back up Azure resources
        • Improve incident response with alerting on Azure
  • Azure
    • AZ-204
      • Azure-AppService-WebApps
        • AppService-DeploymentSlots
  • Azure
    • AZ-204
      • Azure-AppService-WebApps
        • Azure-App-Services
  • Azure
    • AZ-204
      • Azure-AppService-WebApps
        • Configure-web-app-settings
  • Azure
    • AZ-204
      • Azure-AppService-WebApps
        • Scale-apps-Azure-AppService
  • Azure
    • AZ-204
      • Azure-AppService-WebApps
  • Azure
    • AZ-204
      • Azure-Cosmos-DB
        • cosmosDB-part1
  • Azure
    • AZ-204
      • Azure-Cosmos-DB
        • cosmosDB-part2
  • Azure
    • AZ-204
      • Azure-Cosmos-DB
  • Azure
    • AZ-204
      • Azure-Functions
        • Azure-Functions-2
  • Azure
    • AZ-204
      • Azure-Functions
        • Azure-Functions
  • Azure
    • AZ-204
      • Azure-Functions
  • Azure
    • AZ-204
      • Containerized-Solutions
        • implement-azure-container-apps
  • Azure
    • AZ-204
      • Containerized-Solutions
        • manage-container-images-in-container-registry
  • Azure
    • AZ-204
      • Containerized-Solutions
  • Azure
    • AZ-204
      • Containerized-Solutions
        • run-container-images-container-instances
  • Azure
    • AZ-204
      • Sols-using-blob-Storage
        • Azure-Blob-Storage-demo
  • Azure
    • AZ-204
      • Sols-using-blob-Storage
        • Azure-Blob-Storage-intro
  • Azure
    • AZ-204
      • Sols-using-blob-Storage
        • Azure-Blob-Storage-lifecycle
  • Azure
    • AZ-204
      • Sols-using-blob-Storage
        • mindmap
  • Azure
    • AZ-204
      • course-notes-udemy
        • Azure App Service
  • Azure
    • AZ-204
      • course-notes-udemy
        • Containers Service
  • Azure
    • AZ-204
      • course-notes-udemy
        • Create VM via Powershell
  • Azure
    • AZ-204
      • Course Notes - Udemy
  • Azure
    • Azure-Fundamentals
      • Architecture-Services
        • Azure Infrastructure
  • Azure
    • Azure-Fundamentals
      • Architecture-Services
        • Azure-identity-access-security
  • Azure
    • Azure-Fundamentals
      • Architecture-Services
        • Azure-storage-services
  • Azure
    • Azure-Fundamentals
      • Architecture-Services
  • Azure
    • Azure-Fundamentals
      • Architecture-Services
        • compute-and-network-services
  • Azure
    • Azure-Fundamentals
      • Architecture-Services
        • mindMap
  • Azure
    • Azure-Fundamentals
      • Cloud-Concepts
  • Azure
    • Azure-Fundamentals
      • Cloud-Concepts
        • cloud-concepts
  • Azure
    • Azure-Fundamentals
      • Management-Governance
        • Cost-management-Azure
  • Azure
    • Azure-Fundamentals
      • Management-Governance
        • Monitor-tools-in-auzre
  • Azure
    • Azure-Fundamentals
      • Management-Governance
  • Azure
    • Azure-Fundamentals
      • Management-Governance
        • azure-for-governance-and-compliance
  • Azure
    • Azure-Fundamentals
      • Management-Governance
        • features-tools-for-managing-and-deploying-resources
  • Azure
    • Azure-Fundamentals
      • Management-Governance
        • mindmap
Powered by GitBook
On this page
Edit on GitHub
  1. Azure
  2. AZ-104
  3. Manage identities and governance in Azure

Configure user and group accounts

  • Configure users accounts and user account properties

  • create new user accounts

  • import bulk user accounts with a template

  • configure group accounts and assignment types

Access to azure resources is controlled through user accounts an identities that are defined in Entra ID. It supports group accounts to hep you organize user accounts for easier admin.

Create User accounts

Every user who wants access to azure resources needs an azure user account. A user account has all the information required to authenticate the user during the sign-in process. Entra ID supports three types of user accounts. The types indicate where the user is defines and whether the user is internal or external to your Microsoft Entra organization

User Account
Description

Cloud Identity

defined only in microsoft entra id. this type of user account includes admin accounts and users who are managed as part of your organization. Cloud identity can be for user accounts defined in your entra organization and also for user accounts defined in an external entra instance.

Directory-Synchronized identity

defined in an on-premises active directory. A synchronization activity occurs via entra connect to bring these user accounts in to azure. the source for these accounts in Windows Server Active Directory.

Guest User

defined outside Azure. examples include user accounts from other cloud providers, and microsoft accounts like Xbox live account.

Things to consider when choosing user accounts

  • Consider where users are defined

  • Consider support for external contributors

  • Consider a combination of user accounts

Manage User accounts

There are several ways to add cloud identity user accounts in Entra ID. Common approach is by using the Azure portal. User accounts can also be added to Microsoft Entra ID through Microsoft 365 Admin center, Microsoft Intune admin console and the Azure CLI

The admin can create a user within the organization or invite a guest user to provide access to organization resources.

A user with global admin or user admin privileges can preset profile data in user accounts such as the main phone number for the company.

Non-admin users can set some of their own profile data but they cant change their display name or account name

Things to consider when managing cloud identity accounts

  • Consider user profile data

  • Consider restore options for deleted accounts

  • Consider gathered account data.

Create bulk user accounts

Entra ID supports several bulk operations, including bulk create and delete for user accounts.

Only global admin or user admin have privileges to create and delete user accounts in the azure portal

To complete bulk create or delete operations, the admin fills out a csv template of the data for the user accounts.

Things to consider when creating user accounts

  • Consider naming convention

  • Consider using initial passwords

  • Consider strategies for minimizing errors

Create group accounts

Entra ID allows your organization to define two different types of group accounts. Security groups are used to manage member and computer access to shared resources for a group of users.

You can create a security group for a specific security policy and apply the same permissions to all members of a group.

Use security groups to set permissions for all group members at the same time, rather than adding permission to each member individually

Access Rights
Description

Assigned

add specific users as members of a group, where each user can have unique permissions

Dynamic user

use dynamic membership rules to automatically add and remove group members. When members attributes change, azure reviews the dynamic group rules for the directory. if the member attributes meet the rule requirements, the member is added to the group

Dynamic device

(Security groups only) apply dynamic group rules to automatically add and remove devices in security groups.

Microsoft Entra ID supports three types of user accounts: cloud identities, directory-synchronized identities and guest user identities

there are two types of group accounts: Security and Microsoft 365

Administrative units help you control administrator access to resources.

PreviousManage identities and governance in AzureNextAzure

Last updated 1 year ago