LAB4: Manage Azure Active Directory and Dynamic Membership

Manage Azure Active Directory and Dynamic Membership

In this lab, you learn about users and groups. Users and groups are the basic building blocks for an identity solution & how Manage Azure Active Directory and Dynamic Membership.

Tasks

• Task 1: Create and configure Azure AD users.

• Task 2: Create Azure AD groups with assigned and dynamic membership.

• Task 3: Create Azure AD tenant.

• Task 4: Manage Azure AD guest users.

Task 1: Create and configure Azure AD users.

1. Go-to Azure portal and search “Azure Active Directory”

   

2. Click on the Users » Select your user account » Properties » Click on the edit

   

3. After this click on the settings » Make sure Usage Location is selected then close the tab.

Create New Users (Cloud/System Administrator)

1. Click on the Users » New User » Username=User1 » Make sure usage location is same for the all users » Job Title=Cloud Administrator » Dept=IT » Create

2. Click on User1 » Assigned roles » Add Assignment » User Administrator » Add

3. Login on the azure portal using User1 credential & click on Azure Active Directory » Users » Create new User2 » Usage Location » Job Title=System Administrator » Dept=IT » Create.

   

   Now close the user1 portal and come back on admin portal again.

Task 2: Create Azure AD groups with assigned and dynamic membership.

1. Login the Azure portal » Azure Active Directory » Click on License » Click on Try/Buy » Azure AD Premium P2 » Free Trial » Activate

   

2. Go back on the License page » Refresh » Select Azure Active Directory Premium P2 » Click on Assign » Add users and groups » Select all the users (Admin, Cloud Admin, System Admin) » Select » Review Assignment Option » Review & Assign » Assign

Creating the group: IT Cloud Administrator

1. Click on the Search » Azure Active Directory » Groups » New Group » Group Type=Security » Group Name=IT Cloud Administrator » Membership Type=Dynamic User » Dynamic User Member » Add dynamic query

   Dynamic membership rules » Property=JobTitle » Operator=Equals » Value=Cloud Administrator » Save » Create

Creating the group: IT System Administrator

1. Click on the Search » Azure Active Directory » Groups » New Group » Group Type=Security » Group Name=IT System Administrator » Membership Type=Dynamic User » Dynamic User Member » Add dynamic query

   

   

2. Dynamic membership rules » Property=JobTitle » Operator=Equals » Value=System Administrator » Save » Create

Creating the group: IT Lab Administrator

1. Click on the Search » Azure Active Directory » Groups » New Group » Group Type=Security » Group Name=IT Lab Administrator » Membership Type=Assigned » Members » No member selected » Select both groups which we have created above

   Add Members » Select both Group(IT Cloud/ System Administrator) » Select » Create

Verify the Members which is added in groups

1. Click on the IT Cloud Administrator group » Members » we can see User1

2. Same we can verify the members in all the groups

Task 3: Create an Azure AD tenant.

1. Azure Active Directory » Overview » Manage tenant » Create tenant » tenant type » Azure Active Directory » Next-Configuration » Organization name = VDI Labs » Initial domain name = vdisolution.onmicrosoft.com » Country/Region » Review & Create » Create

   

   

Once you are click on the link you have redirected to your new tenant “VDI Labs”

Task 4: Manage Azure AD guest users

Now we are going to create new users on the newly created tenant “VDI Labs”

1. Azure Active Directory (Make sure VDI Labs tenant selected) » Users » New user » Create user »

   Name → LabUser1

   Username → LabUser1@vdisolution.onmicrosoft.com

   Let me create the password » Usage Location »

   Job Title→ System Administrator » Dept » IT » Create

2. Click on the LabUser1 » Copy the user principle name » Click on the settings icon

   

   

After click on the switch option the tenant account will switch to VDI Labs to default tenant

Inviting a guest user

Azure Active Directory (Default Tenant) » Users » New user » Invite external user »

Name → LabUser1

Email → LabUser1@vdisolution.onmicrosoft.com » Usage Location » Job Title » Lab-Administrator » Dept » IT » Invite

Click on the all users » Select LabUser1 » Groups » Add membership » IT Lab Administrators » Select

Now all the configuration has been done !! Thanks