How to create & Manage users and Groups within Azure AD.

Az Active Directory Objects

Featured image

In this blog,let’s learn how to create and manage users & group their properties within Azure AD.

Disclaimer :- I’m not gonna cover Azure AD’s AU (Administrative Units)

Prerequisits :-

Q. Before start let’s understand What Azure AD offers? or What is Azure AD?


If you are interested into Azure AD licencing and cost, kindly visit official doc :-

Azure AD licencing

Create users in Azure AD via portal


1) Visit Azure portal


2) Select Azure Active Directory from left hand hamburger menu or directly search in search box

Az AD Directory

3) Click on users, then select all Users


4) Now We have to create a few demo users with different privileges,here I’m gonna create 3 users as

new user

5) I am using my own custom domain hugs4bugs, but feel free to use deafult

Usercreation Page

6) Fill the second tab info as per your choice and feel free to skips non mandatory things too. I have filled details as follow :-

 * First Name : user
 * Last Name : 1
 * user type: member
 * job title: az admin (here this user gonna have global admin privilege)
 * company : hugs4bugs (optional)
 * departement: IT (optional)
 * employee id: 001 (optional)
 * contact info : skipped 
 * parental control : skipped 
 * settings: usage location : India


Leave as default or blank Assignments tab

7) Click on Review and Create button and repeate same steps for user2 & user3

user creation

8) After successful user creation , notification will popup .


Groups : Azure AD

Before jumping to the Azure AD Groups, let’s understand the types of groups and their functionality.


* Security Group :- As same as on prem Group
                   used to secure Objects within the Azure AD 

* Microsoft 365 Group :- Provides group of people access to a collection of shared resources eg:- shared mailbox, calendar,.
Not just limited to Azure AD

Security Groups provides 3 types of memberships:-

  1. Assigned :- Manually assign user to a group
  2. Dynamic user:- Define parameter, to auto assign users to a group like people with same job Title can be groupped together
  3. Dynamic Devices:- Define parameters to auto group devices, eg:- All devices with same OS can be assigned to the same group

Create Assigned Group via Azure Portal

if you have premium P1 licence feel free to create Dynamic user group.

Assigned Group

Managing User and Group Properties

So, we have successfully created users,Groups in previous steps now what and how can configure for an azure AD user account.

For Users List:-

  1. Profile:
  2. Assigned Roles
  3. Administrative Units
  4. Groups
  5. Applications
  6. Licences
  7. Devices
  8. Azure Role Assignments
  9. Authentication Methods

Users Permission

For Groups


  1. Overview
  2. Properties
  3. Members
  4. Owners
  5. Administrative units
  6. Group Memberships
  7. Applications
  8. Licenses
  9. Azure Role Assignments
  10. Dynamic Membership Rules

Device Management

To meet with the security and compliance standard, we can configure Device based conditional access form Azure AD.


1) Signin to Azure Portal 2) Go to Azure Active Directory and select Devices option


3) Select Device settings from the left-hand menu and let’s configure following settings:-


For the best security use case make sure enable MFA.

After all settings are done click on the save.

To check all user logs, click on the audit logs

audit logs

Managing Guest Users

Here comes the Azure AD B2B in the role,it is a feature in azure that allows org to connect and work safely with external users.

External User


Feel free to select users role from assignment tab and be causious too., since it’s external guest user permission. You don’t wanna share critical resources with others.

Guest Access

If you put original guest user email . you will get a mail like this


After Accepting invitation, it’ll ask for MFA(Multifactor Authenticato App) Registration .


After 1st successful signin



SSPR stands for the self-service password Reset. It allows users to reset password by ownself, which reduces the dependencies on admins.

in free Azure AD only cloud users only password change is supported not password reset


1) Visit Azure Active Directory 2) Select password reset from the Azure AD overview blade from left hamburger menu.

password reset

3) In the Password reset overview blade, you can enable SSPR for all your users, by selecting All, or for selected users and groups, by selecting Selected.

Make a slection of methods available to users for password reset.

Click save.

Thanks for Reading, Keep learning keep Troubleshooting together!