Microsoft Entra ID - Create Users, Groups and Assign Roles
Create users and groups in Microsoft Entra ID, assign Azure RBAC roles at different scopes, and verify permissions.
Lab Overview & Objectives
Microsoft Entra ID is the cloud-based identity and access management service at the heart of every Azure subscription. It acts as the organizational directory where user accounts, groups, and role assignments define who can access what across your cloud environment. Understanding how to manage identities and assign the right level of access is foundational to cloud security - misconfigured permissions are consistently among the top causes of cloud security breaches.
Azure role-based access control (RBAC) works in tandem with Entra ID to enforce the principle of least privilege. By assigning built-in roles like Reader, Contributor, or specific resource-level roles at different scopes, administrators can precisely control what each user or group is authorized to do. In this lab, you will create user accounts and security groups in Microsoft Entra ID, assign Azure RBAC roles at the resource group scope, add users to groups that inherit role assignments, and verify that the resulting permissions work as expected.
Objectives
Upon completion of this beginner level lab, you will be able to:
- Create new user accounts in Microsoft Entra ID with appropriate profile information
- Create security groups and add users as members to organize identity management
- Assign Azure RBAC built-in roles (Reader, Contributor) to users at the resource group scope
- Assign Azure RBAC roles to a security group and observe inherited member permissions
- Verify effective permissions by reviewing role assignments in the Azure portal
Who is this lab for?
This lab is designed for:
- Aspiring cloud administrators learning identity management fundamentals
- IT professionals managing access controls in Azure environments
- Security analysts who need to understand Azure RBAC and Entra ID
Prerequisites
- Azure Account: An active Azure subscription with access to a Microsoft Entra ID tenant
- Directory Role: User Administrator role (or Global Administrator) in your Entra ID tenant for creating users and security groups
- Resource Group: An existing resource group where you have User Access Administrator or Owner permissions for managing RBAC role assignments
Real-Time Validation
Our platform uses an automated validation engine to verify your configurations as you work through the lab modules. No multiple choice—just real-world proficiency.