Lab 01: Users & Groups Management

Time: 45 minutes
Difficulty: Intermediate
Portal Location: Entra ID → Users / Groups

---

Lab Overview

You are the identity administrator for Contoso Ltd. The HR department has sent you requirements for setting up user accounts and organizing them into groups for a new project team.

---

Task 1: Create User Accounts

Objective

Create three new user accounts with specific attributes for the project team.

Requirements

User	Display Name	Job Title	Department	Usage Location
User A	Alex Johnson	Project Manager	Operations	United States
User B	Maria Garcia	Developer	Engineering	United States
User C	James Wilson	Security Analyst	Security	United Kingdom

Additional Requirements:

• All users must have auto-generated passwords
• All users must change password at first sign-in
• User A should have a mobile phone number: +1-555-0101
• User C should have "Company Name" set to "Contoso Security"

Validation

• [ ] Navigate to Entra ID → Users
• [ ] Verify all three users appear in the user list
• [ ] Click each user and confirm:
  • Job title matches requirement
  • Department matches requirement
  • Usage location is set correctly
  • User A has mobile phone populated
  • User C has company name set

---

Task 2: Create Security Groups

Objective

Create security groups to organize users by function and project membership.

Requirements

Create the following groups:

Group Name	Group Type	Membership Type	Description
SG-ProjectAlpha-Members	Security	Assigned	All members of Project Alpha
SG-ProjectAlpha-Admins	Security	Assigned	Administrators for Project Alpha
SG-Engineering-All	Security	Assigned	All Engineering department staff

Membership Requirements:

• SG-ProjectAlpha-Members: Add User A, User B, User C
• SG-ProjectAlpha-Admins: Add User A only
• SG-Engineering-All: Add User B only

Validation

• [ ] Navigate to Entra ID → Groups
• [ ] Verify all three groups exist
• [ ] Click SG-ProjectAlpha-Members → Members → Confirm 3 members
• [ ] Click SG-ProjectAlpha-Admins → Members → Confirm 1 member (Alex)
• [ ] Click SG-Engineering-All → Members → Confirm 1 member (Maria)

---

Task 3: Create a Microsoft 365 Group

Objective

Create a Microsoft 365 group for team collaboration with email capability.

Requirements

Property	Value
Group name	M365-ProjectAlpha-Team
Group email	projectalpha@yourdomain.onmicrosoft.com
Group type	Microsoft 365
Privacy	Private
Owners	User A (Alex Johnson)
Members	User A, User B, User C

Validation

• [ ] Navigate to Entra ID → Groups
• [ ] Find M365-ProjectAlpha-Team
• [ ] Verify group type shows "Microsoft 365"
• [ ] Click Owners → Verify Alex Johnson is owner
• [ ] Click Members → Verify all 3 users are members
• [ ] Verify the group email address is correct

---

Task 4: Configure User Properties in Bulk

Objective

Update multiple user properties efficiently using the portal.

Requirements

For ALL three users created in Task 1:

• Set "Employee ID" to a unique 6-digit number (e.g., 100001, 100002, 100003)
• Set "Employee Type" to "Employee"
• Set "Sponsor" to your own admin account

Validation

• [ ] Open each user's profile
• [ ] Navigate to Properties → Job Information
• [ ] Verify Employee ID is set
• [ ] Verify Employee Type shows "Employee"
• [ ] Verify Sponsor shows your admin account

---

Task 5: Manage Group Membership via Group Settings

Objective

Configure group settings to control who can manage group membership.

Requirements

For group SG-ProjectAlpha-Members:

1. Add a second owner (in addition to default)
   • Make User A (Alex Johnson) an owner of this group
2. Configure group so that owners can manage membership

For group M365-ProjectAlpha-Team:

1. Enable "Allow external senders to email this group" = No
2. Enable "Send copies of group conversations and events to group members" = Yes

Validation

• [ ] SG-ProjectAlpha-Members → Owners → Verify User A is listed
• [ ] M365-ProjectAlpha-Team → Properties → Verify email settings

---

Task 6: Self-Service Group Management

Objective

Configure tenant-wide settings for self-service group management.

Requirements

Navigate to Entra ID → Groups → General settings and configure:

Setting	Value
Owners can manage group membership requests in My Groups	Yes
Restrict user ability to access groups features in My Groups	No
Users can create security groups in Azure portals, API or PowerShell	No
Users can create Microsoft 365 groups in Azure portals, API or PowerShell	Yes

Validation

• [ ] Navigate to Groups → General
• [ ] Screenshot or note current settings
• [ ] Verify each setting matches requirements
• [ ] Consider: What is the security impact of each setting?

---

Task 7: User Sign-In and Account Status

Objective

Manage user account states - enable, disable, and understand the impact.

Requirements

1. Block sign-in for User C (James Wilson)

   • Set "Block sign in" to Yes

2. Verify the blocked state by checking:

   • The user's profile shows blocked status
   • Sign-in logs show appropriate entries (if user attempted to sign in)

3. Unblock the user after verification

   • Set "Block sign in" back to No

Validation

• [ ] User C profile → Block sign in = Yes initially
• [ ] Check user list - blocked users should show indicator
• [ ] After unblocking, verify user can access portal (test if possible)

---

Task 8: Delete and Restore User

Objective

Understand the user deletion and recovery process.

Requirements

1. Delete User C (James Wilson)
2. Locate the deleted user in the deleted users section
3. Note the deletion timestamp and calculate when permanent deletion occurs
4. Restore the user before permanent deletion
5. Verify all user properties are intact after restoration

Validation

• [ ] User C no longer appears in active users list
• [ ] User C appears in Entra ID → Users → Deleted users
• [ ] After restore: User C appears in active users
• [ ] After restore: All properties (job title, department, group memberships) are intact
• [ ] Understand: Deleted users are permanently removed after __ days?

---

Cleanup Instructions

After completing all tasks:

1. Delete all three test users (Alex, Maria, James)
2. Wait 1 minute, then permanently delete from "Deleted users"
3. Delete all four groups created
4. Revert any tenant-wide settings you changed in Task 6

---

Key Concepts Tested

• User creation with required attributes
• Security groups vs Microsoft 365 groups
• Group ownership and membership management
• Self-service settings impact
• User lifecycle (create → disable → delete → restore)
• Usage location requirement for licensing