Day-2: Identity & User Management – Step-by-Step (Hands-On)

By | January 1, 2026
0 Comment

This section provides practical admin steps for each Day-2 topic, exactly as performed in real Microsoft 365 environments.

1️⃣ Entra ID (Azure AD) – Tenant & Identity Basics (Admin View)

Steps to Access Entra ID

  1. Sign in to https://entra.microsoft.com
  2. You are now in Microsoft Entra Admin Center
  3. Observe:
    • Tenant name
    • Tenant ID
    • Primary domain
    • Directory type

Admin Understanding

  • Tenant → Your organization boundary
  • Directory → Identity store
  • Subscription → Billing container (Azure side)

2️⃣ Create Users in Microsoft 365 (Hands-On)

Steps to Create a User

  1. Go to Entra Admin Center
  2. Navigate to Users → All users
  3. Click New user → Create new user
  4. Enter:
    • User name
    • Display name
    • Username (UPN)
  5. Set password:
    • Auto-generate or manual
  6. Click Create

Reset User Password

  1. Select a user
  2. Click Reset password
  3. Generate new password
  4. Save and share securely

📌 Real admin task: Password reset is the most common M365 ticket

Block / Unblock Sign-In

  1. Select user
  2. Click Block sign-in
  3. Save changes

Use case:

  • Employee on leave
  • Suspicious activity
  • Security incident

Delete & Restore User

Delete

  1. Select user
  2. Click Delete user

Restore

  1. Go to Users → Deleted users
  2. Select user
  3. Click Restore user

📌 Deleted users can be restored within 30 days

3️⃣ Group Management (Hands-On)

Create a Security Group

  1. Go to Groups → New group
  2. Group type: Security
  3. Group name & description
  4. Membership type: Assigned
  5. Add members
  6. Click Create

Why Groups Matter (Admin Reality)

Instead of:
❌ Assigning access to individual users
Do this:
✅ Assign access to groups

This simplifies:

  • Access management
  • Audits
  • Role assignment

4️⃣ Role-Based Access Control (RBAC)

Assign Admin Role

  1. Go to Roles & administrators
  2. Select User Administrator
  3. Click Add assignments
  4. Choose user
  5. Assign role

Remove Global Admin (Best Practice)

  1. Select Global Administrator
  2. Remove unnecessary users
  3. Keep minimum 2 Global Admins

📌 Interview Answer Ready:
“Global Admin should be limited to reduce security risk.”

5️⃣ Authentication Basics (Admin View)

Check Authentication Methods

  1. Go to Protection → Authentication methods
  2. Review:
    • Password policy
    • MFA options
    • Registration status

📌 Configuration will be done in later days — Day-2 is understanding phase

6️⃣ Audit Logs & Activity Tracking

View Audit Logs

  1. Go to Monitoring → Audit logs
  2. Filter by:
    • User
    • Activity
    • Date range

You can see:

  • User creation
  • Password resets
  • Role assignments

📌 Admin Insight:
Audit logs are used during security investigations

✅ End of Day-2 – Practical Outcome

After completing Day-2 steps, you can:

✔ Create and manage users
✔ Reset passwords & block access
✔ Create and use groups correctly
✔ Assign admin roles safely
✔ Understand identity security basics
✔ Track admin activities

🔜 Day-3 Preview

Day-3: License Management & Service Assignments

  • License types
  • Assigning licenses
  • Service-level controls
  • Cost optimization

Leave a Reply

Your email address will not be published. Required fields are marked *