Azure AD Identities
Managing Users and Groups
Managing Passwords and Password Policies
Self-Service Password Reset
Managing Product Licenses
The course is part of this learning path
Microsoft 365 offers Enterprise Mobility & Security (EMS), Windows 10, and Office 365 to enhance business productivity and security. Because Microsoft 365 offers a variety of services and features, not everything is in the same place. Therefore, we need to navigate within different portals, and familiarity with “what is where” gets really important over time.
In this course, we will have a look at some of the most common tasks to be performed by Microsoft 365 administrators related to Azure AD identities, how to secure your environment by assigning the correct permissions to your users, and how to reduce administrative overhead. We’ll do various tasks in different ways by using the Microsoft 365 Admin Center, the Azure portal, and even use Windows PowerShell for automating bulk actions.
Choosing the right type of identity for your current infrastructure is the first step for any successful Microsoft 365 deployment.
- Plan Azure AD Identities
- Manage Users and Groups
- Manage User Access with Access Reviews
- Manage Passwords and Password Policies
- Implement Self-Service Password Reset (SSPR)
- Manage Product Licenses
- People preparing for Microsoft’s MS-100 exam
- Microsoft 365 Administrators
- Experience with Microsoft 365
- Experience with the Azure portal
- Experience with PowerShell
If you want to manage multiple users at the same time, your best bet would be using PowerShell. In this demonstration, we'll have a look at two modules. The first one would be the MSOnline Module which uses the MSOnline Cmdlets, and the second one will be the Azure AD Module. The reason why it's important to know about those two is because the MSOnline Module has been around for a while now. But according to Microsoft, it is meant to be deprecated. So that's why we'll also have a look at the Azure AD Module.
So let's start with the MSOnline Module. The first thing we need to do is to connect to the tenant, and for this, we are going to use the Get-Credential cmdlet. Then we're gonna store into a variable. Then we use the Connect-MsolService and we provide those credentials by using the credential parameter.
Now that we are connected, let's have a look at the users that we currently have by using the Get-MsolUser and we provide the ALL switch. So it will show us all the users currently in the tenant.
Now let's create our new users using a CSV file. The first thing we need to do is to import our CSV file. We use the Import-CSV cmdlet and we provide the path where the CSV is located. Then, we store everything in a variable that we call New Users. You can give any name to your variable, but it's always best practice to give a very descriptive name.
So let me show you the CSV file. The first name that we have in here would be the header on your CSV file. So we have the UPN, we have the first name and so on. And here, I'm creating three test users.
Let's go back to the script and have a look at what's going on here. Because we are creating multiple users at the same time, we are going to use a for each loop. And so what's happening here is for each user that I have in my new user's variable which is my CSV file, I'm gonna provide the city, your first name, last name, and so on. But here I'm using splatting, so if your cmdlet is too long, using splatting is a good way to make your script easy to read. And then we use the New-MsolUser cmdlet and we provide our hash table.
Now, let's run this part, and now our three users have been created. And note also that this command is providing a random password. If we run the Get-MsolUser again, we now have our User 1, User 2, and User 3 created. Now let's use the exact same CSV file and delete the users.
We also need to import our CSV file by providing the path and storing this in a variable that's called Users to Delete and looking for each item that we have in our CSV. We use the Remove-MsolUser but this time we can only provide the user principal name and that would be enough. I'm using the Force parameter because I don't want to be a problem for confirmation for each user.
And one last time, we're gonna run the Get-MsolUser and we should be back to the beginning where we only had four users. And indeed, the User Tests have been deleted.
The Azure AD Module is a little bit different and uses cmdlets with a prefix, Azure AD. So again, let's use the Get-Credential cmdlet and store that into a variable then use the Connect-AzureAD and provide those credentials. I'm also using the Out-Null so nothing is displayed on the console.
Let's run the Get-AzureADUser with the old parameter which is a Boolean value. So it will be true or false. And again, we have our four users, so let's create a few more.
This module is a little bit different. We import our CSV file by using the Import-Csv and provide the path, then store into a variable that's called New AAD User List. If we have a look at the CSV file, this is the same format as we've used before. However, with the Azure Ad Module, we have more require parameters.
Back to the script, here we are also looking for each new user that we have in our list, but this time, this module will not provide an auto-generated password. So we need to create a new variable which is called Password In Here and then create a new object to store this password. Then again, I'm using splatting to make my code easy to read and I need at least to provide the five mandatory parameters. We have Accountenabled, Passwordprofile, Displayname, mailNickname, and UserPrincipalName, and the rest is up to you. Then we use the New-AzureADUser and provide our hash table. And our three users have been created and you can see that the output is different.
If we run the Get-AzureADUser, we should have our four users plus those three, and indeed, the users are created.
To delete users, it's gonna be similar to the MSOnline Module. We import our CSV file, then we look for each user that we have in the CSV file and we use the Remove-AzureADUser. But this time the parameter is called Object ID which is in fact the user principal name. Then let's verify that our three test users have been deleted. And indeed, we are back to the beginning where we only had four users.
About the Author
Veronique is a SharePoint and Office 365 consultant for an IT company based in Glasgow, UK. She loves photography, the outdoors, and long walks with her two dogs! You can follow Veronique on Twitter @veronicageek or read her blog at https://veronicageek.com.