Tutorial / Cram Notes
To create a user in Microsoft 365, you can do so through the Microsoft 365 admin center or via PowerShell. Here’s a basic example of how to create a single user through the admin center:
- Go to the Microsoft 365 admin center (admin.microsoft.com).
- Navigate to Users > Active users.
- Click on “Add a user.”
- Fill in the necessary information, such as the name, user name, domain, and contact information.
- Set the user’s password. You can auto-generate a password or create one.
- Assign a license if applicable.
- Click “Finish adding” to create the user account.
In contrast, creating a user in PowerShell can be done using the New-MsolUser cmdlet as follows:
New-MsolUser -UserPrincipalName john.doe@example.com -DisplayName “John Doe” -FirstName “John” -LastName “Doe” -LicenseAssignment “example:ENTERPRISEPACK” -UsageLocation “US”
Bulk Creating Users
To create multiple users at once, administrators can use bulk operations:
- In the admin center, navigate to Users > Active users.
- Click on “Bulk add users”.
- Download a sample CSV file and fill it with the new users’ information.
- Upload the filled CSV file and verify the details.
- Assign licenses to the users listed in the CSV file.
- Execute the bulk creation process.
Manage User Roles and Permissions
Once a user is created, it is essential to assign appropriate roles and permissions. Microsoft 365 offers a range of predefined roles:
- Global administrator: Full access to all administrative features.
- Billing administrator: Manage subscriptions, support tickets, and monitor service health.
- User management administrator: Manage user profiles and passwords.
Assign a role in the admin center by:
- Going to Users > Active users.
- Select the user to which you want to assign a role.
- Click on “Roles” and then “Manage roles.”
- Select the role to assign and click “Save changes.”
With PowerShell, you can add roles using the Add-MsolRoleMember cmdlet:
Add-MsolRoleMember -RoleName “User management administrator” -RoleMemberEmailAddress “john.doe@example.com”
User Properties and Profile Information
User properties can be customized to record pertinent information regarding a user. These properties include:
- Contact information: Email, mobile phone, etc.
- Job details: Title, department, manager.
- Office location: Office number or physical address.
Managing User Licenses
Licenses can be assigned to users for access to Microsoft 365 services. You can manage licenses in the admin center:
- Navigate to Users > Active users.
- Choose the user.
- Click on “Licenses and Apps.”
- Assign or unassign licenses as needed.
The PowerShell equivalent for assigning a license is:
Set-MsolUserLicense -UserPrincipalName john.doe@example.com -AddLicenses “example:ENTERPRISEPACK”
Reset User Passwords
Inevitably, there will be times when a user’s password needs to be reset:
- In the admin center, go to Users > Active users.
- Click on the user who needs a password reset.
- Select “Reset password.”
- Choose whether to auto-generate a password or create a new one.
- Optionally, decide whether the user must change their password upon their next sign-in.
- Save the change.
In PowerShell, use the Set-MsolUserPassword cmdlet:
Set-MsolUserPassword -UserPrincipalName john.doe@example.com -NewPassword “NewSecurePassword123” -ForceChangePassword $true
Deleting and Restoring User Accounts
To delete a user:
- Navigate to Users > Active users.
- Select the user.
- Click on “Delete user.”
To restore a user (within the retention period):
- Navigate to Users > Deleted users.
- Select the user you want to restore.
- Click on “Restore user.”
This level of user management is crucial for maintaining a secure and organized Microsoft 365 environment. The MS-100 exam will test one’s understanding of these processes, ensuring that candidates are well-equipped to handle the responsibilities of a Microsoft 365 administrator.
Practice Test with Explanation
True or False: As an admin in Microsoft 365, you can create user accounts using both the Microsoft 365 admin center and PowerShell.
- A) True
- B) False
Answer: A) True
Explanation: Admins can create user accounts using the Microsoft 365 admin center GUI and by using PowerShell for automation or bulk operations.
What is the maximum number of user accounts that an administrator can create at one time in the Microsoft 365 admin center?
- A) 1
- B) 30
- C) 50
- D) 500
Answer: B) 30
Explanation: In the Microsoft 365 admin center, an admin can create up to 30 user accounts at one time using the bulk add feature.
True or False: When managing users in Microsoft 365, license assignment can be done automatically based on group membership.
- A) True
- B) False
Answer: A) True
Explanation: Licenses can be assigned automatically to users based on their group membership using group-based licensing in Azure Active Directory.
Which attribute is required when creating a new user in Microsoft 365?
- A) Address
- B) User Principal Name (UPN)
- C) Job title
- D) Department
Answer: B) User Principal Name (UPN)
Explanation: The User Principal Name (UPN) is a required attribute when creating a new user in Microsoft 365 as it serves as the user’s login name.
True or False: A guest user can be assigned a Microsoft 365 license.
- A) True
- B) False
Answer: A) True
Explanation: Guest users in Microsoft 365 can be assigned licenses to access specific resources, although they typically don’t require a license for basic collaboration purposes.
How can an administrator enforce Multi-Factor Authentication (MFA) for a Microsoft 365 user?
- A) Use Security & Compliance Center
- B) Configure it through the Microsoft 365 admin center
- C) Set it directly in Outlook settings
- D) Set it up in Azure Active Directory
Answer: D) Set it up in Azure Active Directory
Explanation: Multi-Factor Authentication (MFA) is configured in Azure Active Directory, which is part of the Microsoft 365 suite.
True or False: When a user is deleted from Microsoft 365, their data is immediately and permanently removed from the system.
- A) True
- B) False
Answer: B) False
Explanation: When a user is deleted, their data is retained for 30 days by default; it can be recovered during this retention period.
Which of the following actions is NOT possible through the Microsoft 365 admin center?
- A) Resetting a user’s password
- B) Creating a new user group
- C) Configuring hybrid Active Directory
- D) Assigning a license to a user
Answer: C) Configuring hybrid Active Directory
Explanation: Configuring a hybrid Active Directory environment typically involves additional steps and tools beyond the Microsoft 365 admin center, like Azure AD Connect.
True or False: The Global Administrator role in Microsoft 365 has permissions to create and manage all aspects of user accounts, including assigning licenses.
- A) True
- B) False
Answer: A) True
Explanation: The Global Administrator has the highest level of permissions and can manage all aspects of user accounts, including the assignment of licenses.
How can an administrator recover a user account that has been accidentally deleted?
- A) By creating a new account with the same UPN
- B) Through the Active Users section in the Microsoft 365 admin center
- C) By using the PowerShell cmdlet Restore-MsolUser
- D) By contacting Microsoft Support
Answer: C) By using the PowerShell cmdlet Restore-MsolUser
Explanation: The PowerShell cmdlet Restore-MsolUser can be used by administrators to recover a recently deleted user account within the retention period.
True or False: Customized user properties and attributes cannot be synced to Microsoft 365 from an on-premises Active Directory using Azure AD Connect.
- A) True
- B) False
Answer: B) False
Explanation: Azure AD Connect allows for the synchronization of custom attributes from an on-premises Active Directory to Microsoft 365, though this might require configuration adjustments.
In Microsoft 365, what happens when a user’s license is removed?
- A) The account is immediately deleted.
- B) Access to licensed services is immediately cut off.
- C) The user has read-only access to licensed services for 30 days.
- D) The user’s data is archived for 90 days.
Answer: B) Access to licensed services is immediately cut off.
Explanation: When a user’s license is removed, their access to services that require a license is revoked, though the account itself is not deleted.
Interview Questions
What is Azure Active Directory (Azure AD)?
Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service.
How do you create a new user in Azure AD?
You can create a new user in Azure AD by signing in to the Azure portal, selecting Azure Active Directory, and then selecting Users > New User.
What is the difference between a work or school account and a Microsoft account?
A work or school account is an account provided by an organization that is used for work or school-related activities, while a Microsoft account is a personal account that can be used for various Microsoft services, such as Xbox Live, OneDrive, and Skype.
How do you assign a role to a user in Azure AD?
You can assign a role to a user in Azure AD by signing in to the Azure portal, selecting Azure Active Directory, and then selecting Roles and administrators > Add assignment.
What is a security group in Azure AD?
A security group in Azure AD is a group of users that are granted specific permissions to access resources.
How do you reset a user’s password in Azure AD?
You can reset a user’s password in Azure AD by signing in to the Azure portal, selecting Azure Active Directory, and then selecting Users > All users > the user > Reset password.
What is the difference between a user and a guest user in Azure AD?
A user is a member of an organization and has a work or school account in Azure AD, while a guest user is someone outside of the organization who is invited to collaborate on specific resources or applications.
How do you delete a user in Azure AD?
You can delete a user in Azure AD by signing in to the Azure portal, selecting Azure Active Directory, and then selecting Users > All users > the user > Delete.
What is the maximum number of users that can be added to Azure AD?
The maximum number of users that can be added to Azure AD depends on the subscription and licensing model, but the default limit is 500,000 users.
Can you use Azure AD to manage on-premises users?
Yes, you can use Azure AD to manage on-premises users by configuring Azure AD Connect to synchronize on-premises users to Azure AD.
How do you add a user to a group in Azure AD?
You can add a user to a group in Azure AD by signing in to the Azure portal, selecting Azure Active Directory, and then selecting Groups > the group > Members > Add members.
What is a multi-factor authentication in Azure AD?
Multi-factor authentication in Azure AD is a security feature that requires users to provide more than one form of authentication to access resources, such as a password and a phone number.
Can you customize the sign-in page for Azure AD users?
Yes, you can customize the sign-in page for Azure AD users by signing in to the Azure portal, selecting Azure Active Directory, and then selecting Company branding.
What is self-service password reset in Azure AD?
Self-service password reset in Azure AD is a feature that allows users to reset their own passwords without the need for an administrator’s assistance.
Can you manage users in Azure AD using PowerShell?
Yes, you can manage users in Azure AD using PowerShell by installing the Azure Active Directory PowerShell for Graph module and using the cmdlets provided by the module.
Creating and managing users in Microsoft 365 is straightforward if you understand the admin center layout.
I just passed the MS-100 exam. This blog post is a great resource for aspiring candidates!
Using PowerShell scripts can automate user creation, but it requires some scripting knowledge.
Managing licenses efficiently can help control costs in large organizations.
Thanks for compiling this information! Very helpful.
User management via the Azure portal offers more advanced options than the Microsoft 365 admin center.
Azure AD Connect syncs on-premises AD with Azure AD. Is it covered in the MS-100 exam?
Role-based access control (RBAC) is a must-know for managing users efficiently.