Manage user and group properties
As users and groups are used, they might need updates to their attributes (or properties). For example, you might need to change a user’s job title, or you might need to add or remove members from an existing group.
Users and groups can be updated using management tools such as the Azure portal, Azure PowerShell, Azure CLI, and Microsoft Graph. Figure 1-4 shows an example of the user profile in the Azure portal that can be accessed by browsing to your Entra tenant, selecting Users, choos- ing a user, and clicking Edit Properties.
FIGURE 1-4 A user profile in the Azure portal
Groups can be managed through the Azure portal by browsing to your Entra tenant, selecting Groups, choosing a specific group, and then clicking Properties, Members, or Own- ers, depending on the type of update you want to make. When editing a group, you will not be able to change the Group Type (such as changing a Security group to a Microsoft 365 group), but you will be able to update the Group Name, Group Description, and the Membership Type, as shown in Figure 1-5. Changing a static group to dynamic group will remove all the members from the static group and apply dynamic membership rules. This change will also affect the access to the resources if the static group has any previously assigned access for its members.
FIGURE 1-5 Group properties in the Azure portal
Registered and joined devices in Entra ID can be managed in two areas in the Azure portal:
- Browse to your Entra tenant in the Azure portal, and select Devices. Overview is the default view, but you can also choose other views, such as All Devices, Device Settings, BitLocker Keys, and so on.
- Open the Devices blade for an individual user.
With either option, you will be able to search for devices using the device name as a filter, view a detailed overview of any registered and joined devices, and perform common device- management tasks.
To enable and disable devices, you must be a Global Administrator, Intune Administrator, or Cloud Device Administrator. Disabling a device prevents it from accessing Entra ID resources. Note that this does not prevent the user from accessing resources in general; it only prevents the user from accessing resources from that disabled device. Figure 1-6 shows the Disable option.
FIGURE 1-6 Disable option in the All Devices blade in the Azure portal
Deleting devices is similar to enabling or disabling a device. Again, the user performing the update must be a Global Administrator, Intune Administrator, or Cloud Device Administrator. Deleting a device prevents a device from accessing your Entra ID resources and removes all details that are attached to the device (including BitLocker keys for Windows devices). Deleting a device represents a non-recoverable activity and is not recommended unless it is required for an activity such as device decommissioning.
Previously, the Azure portal was only helpful for single updates to users, which meant you had to rely on custom automation solutions (mostly using PowerShell) for updating users in bulk. Because of recent updates, you can now perform bulk operations (such as creating, invit- ing, and deleting users in batches) using the Azure portal as well as the Entra admin center at https://entra.microsoft.com.
You can access this functionality by navigating to your Entra tenant in the Azure portal and then clicking Users. You will see these options at the top of the blade, as shown in Figure 1-7.
FIGURE 1-7 Bulk update options in the Users blade in the Azure portal
Clicking Bulk Create opens the Bulk Create User blade, which is shown in Figure 1-8.
FIGURE 1-8 Bulk Create Users blade in the Azure portal
Bulk user creation is a three-step process:
- Click Download on the Bulk Create User blade to download a CSV (comma-separated values or comma-delimited) template (UserCreateTemplate.csv). This is a standard tem- plate with mandatory attributes, such as Name, User Name, Initial Password, and Block Sign In. You can also specify optional attributes such as First Name, Last Name, Job Title, and so on.
- Edit the CSV file with bulk update values. You just need to update appropriate values and save the changes. The sample mandatory values are already included in the tem- plate for reference.
- Upload the updated CSV file and submit the operation.
After submitting the operation, you can check the status of the bulk operation by navigat- ing to Bulk Operation Results under the Activity section of the Users blade (see Figure 1-9).
FIGURE 1-9 Bulk Operation Results blade in the Azure portal