Microsoft Entra ID - Create Users, Groups and Assign Roles
Create users and groups in Microsoft Entra ID, assign Azure RBAC roles at different scopes, and verify permissions.
Lab overview
Microsoft Entra ID is the cloud-based identity and access management service at the heart of every Azure subscription. It acts as the organizational directory where user accounts, groups, and role assignments define who can access what across your cloud environment. Understanding how to manage identities and assign the right level of access is foundational to cloud security - misconfigured permissions are consistently among the top causes of cloud security breaches.
Azure role-based access control (RBAC) works in tandem with Entra ID to enforce the principle of least privilege. By assigning built-in roles like Reader, Contributor, or specific resource-level roles at different scopes, administrators can precisely control what each user or group is authorized to do. In this lab, you will create user accounts and security groups in Microsoft Entra ID, assign Azure RBAC roles at the resource group scope, add users to groups that inherit role assignments, and verify that the resulting permissions work as expected.
Objectives
Upon completion of this beginner level lab, you will be able to:
- Create new user accounts in Microsoft Entra ID with appropriate profile information
- Create security groups and add users as members to organize identity management
- Assign Azure RBAC built-in roles (Reader, Contributor) to users at the resource group scope
- Assign Azure RBAC roles to a security group and observe inherited member permissions
- Verify effective permissions by reviewing role assignments in the Azure portal
Who is this lab for?
This lab is designed for:
- Aspiring cloud administrators learning identity management fundamentals
- IT professionals managing access controls in Azure environments
- Security analysts who need to understand Azure RBAC and Entra ID
Prerequisites
- Azure Account: An active Azure subscription with access to a Microsoft Entra ID tenant
- Directory Role: User Administrator role (or Global Administrator) in your Entra ID tenant for creating users and security groups
- Resource Group: An existing resource group where you have User Access Administrator or Owner permissions for managing RBAC role assignments
Verified against your live environment
An automated validation engine inspects your actual resources and configurations as you work. Completion means the task was performed — not multiple choice, real-world proficiency.
More labs like this
Configure Conditional Access Policies and MFA in Microsoft Entra ID
Create Conditional Access policies in Microsoft Entra ID, enforce MFA requirements, define named locations, and analyze sign-in logs.
Managing Email with Microsoft 365 Copilot in Outlook
Use Copilot in Outlook to summarize email threads, draft context-aware replies, and extract action items from your inbox.
Creating Presentations with Microsoft 365 Copilot in PowerPoint
Use Microsoft 365 Copilot to generate a full PowerPoint presentation, customize slides with AI images, and adjust tone for an executive audience.
Related reading
Environment
Every lab includes
- Real environment, pre-credentialed
- Automated checks on every step
- Isolated sandbox, auto cleanup
- AI-recommended next steps
Lab curriculum
- 01
Getting Started with Microsoft Entra ID
1 automated check
- 02
Create User Accounts in Microsoft Entra ID
1 automated check
- 03
Create Security Groups and Add Members in Entra ID
1 automated check
- 04
Assign Azure RBAC Roles at Resource Group Scope
1 automated check
- 05
Verify Role Assignments and Effective Access in Azure
1 automated check
Skills validated
Not the lab you were looking for?
Browse 150+ hands-on labs across AWS, Azure, Kubernetes, Docker, and cloud security.