WEBVTT 0:00:02.780000 --> 0:00:06.560000 Hi, I'd like to take the next several minutes to talk to you about creating 0:00:06.560000 --> 0:00:09.060000 and managing users in Azure AD. 0:00:09.060000 --> 0:00:13.640000 The topics that we're going to cover include the following. 0:00:13.640000 --> 0:00:17.060000 Looking at the different types of users that we've got, looking at the 0:00:17.060000 --> 0:00:24.100000 process of creating users, how we can add guest users, also how we can 0:00:24.100000 --> 0:00:26.940000 manage users in general, what are our management points. 0:00:26.940000 --> 0:00:31.380000 And in terms of topics, finally, we'll take a look at performing bulk 0:00:31.380000 --> 0:00:35.760000 updates. And then I'm going to go ahead and demonstrate creating and managing 0:00:35.760000 --> 0:00:40.080000 users. So let's go ahead and let's jump right into this. 0:00:40.080000 --> 0:00:44.060000 When we talk about creating and managing users, we're really talking about 0:00:44.060000 --> 0:00:46.760000 three basic types of users. 0:00:46.760000 --> 0:00:55.940000 All right, so if we think about Azure AD, I've got Azure AD. 0:00:55.940000 --> 0:00:59.740000 The simplest type of users, what we call a cloud user. 0:00:59.740000 --> 0:01:04.620000 And a cloud user is just a user that is created directly within Azure 0:01:04.620000 --> 0:01:07.580000 AD. Pretty simple. 0:01:07.580000 --> 0:01:14.300000 Now the next type of user that I want to discuss, a common use case for 0:01:14.300000 --> 0:01:22.680000 Azure AD is a hybrid solution with an on-premises Active Directory. 0:01:22.680000 --> 0:01:26.760000 So I've got Active Directory over here, you pick it with this triangle, 0:01:26.760000 --> 0:01:29.060000 we'll just say AD. 0:01:29.060000 --> 0:01:34.780000 And I use Azure Active Directory Connect. 0:01:34.780000 --> 0:01:47.620000 Say AADCOIN. And that's going to take our users from Active Directory. 0:01:47.620000 --> 0:01:50.660000 And it's going to synchronize them. 0:01:50.660000 --> 0:01:55.200000 And they're going to become synchronized users. 0:01:55.200000 --> 0:02:03.840000 You can also hear them referred to as Active Directory users, replicated 0:02:03.840000 --> 0:02:09.220000 users. Those are users that are synchronized over from the on-premises. 0:02:09.220000 --> 0:02:11.180000 Now the other thing that we can do, that's pretty cool. 0:02:11.180000 --> 0:02:16.900000 Let's say we have an Azure AD tenant and we are working on a joint project 0:02:16.900000 --> 0:02:19.420000 with another organization. 0:02:19.420000 --> 0:02:22.920000 And they have their own Azure AD tenant. 0:02:22.920000 --> 0:02:25.360000 And we need to include one of their users. 0:02:25.360000 --> 0:02:28.500000 We'll call that user Bob. 0:02:28.500000 --> 0:02:34.660000 And we need Bob to be able to use some of our Azure or maybe even our 0:02:34.660000 --> 0:02:37.600000 cloud application capabilities. 0:02:37.600000 --> 0:02:43.240000 So what we want to do is to create what we call a guest user. 0:02:43.240000 --> 0:02:53.240000 And a guest user is simply a user from some other Azure AD tenant. 0:02:53.240000 --> 0:02:55.420000 It can be any other Azure AD tenant. 0:02:55.420000 --> 0:02:58.800000 Does not have to be associated with your company or your subscription. 0:02:58.800000 --> 0:03:04.620000 And myself will also create shadow tenants for Microsoft identities such 0:03:04.620000 --> 0:03:08.880000 as hotmail.com and Gmail identities. 0:03:08.880000 --> 0:03:11.800000 And so all of those would go in as guest users. 0:03:11.800000 --> 0:03:12.920000 Pretty straightforward. 0:03:12.920000 --> 0:03:15.840000 Those are our types of users. 0:03:15.840000 --> 0:03:21.460000 Now let's talk about the process of actually getting these users. 0:03:21.460000 --> 0:03:25.260000 When you create the users, simplest way to create the users is to go through 0:03:25.260000 --> 0:03:29.460000 the portal. And that's of course going to be one at a time. 0:03:29.460000 --> 0:03:31.780000 I wouldn't want to do this for thousands of users. 0:03:31.780000 --> 0:03:35.100000 But I can go through the portal and I can set up the basics for my users. 0:03:35.100000 --> 0:03:39.340000 A couple things to note when you're adding a user via the portal. 0:03:39.340000 --> 0:03:43.400000 First of all, you're going to pick the type. 0:03:43.400000 --> 0:03:46.140000 You can either create a user which is going to give you a cloud user or 0:03:46.140000 --> 0:03:47.580000 invite a guest user. 0:03:47.580000 --> 0:03:51.040000 You're going to have the user name that you need to set and the name. 0:03:51.040000 --> 0:03:55.600000 And the user name is going to include the domain name. 0:03:55.600000 --> 0:04:00.000000 And if you have multiple domains associated with a tenant, then you're 0:04:00.000000 --> 0:04:03.140000 going to choose which of those you want or need. 0:04:03.140000 --> 0:04:06.580000 Now, in addition to that, you can see there's other information here. 0:04:06.580000 --> 0:04:07.600000 A couple things are important. 0:04:07.600000 --> 0:04:10.960000 First of all, groups and roles, particularly roles. 0:04:10.960000 --> 0:04:15.520000 If you want any sort of elevated permissions for the user, for example, 0:04:15.520000 --> 0:04:18.540000 global administrator would be the highest level or other levels underneath 0:04:18.540000 --> 0:04:21.860000 of that, then you can set that through roles. 0:04:21.860000 --> 0:04:25.960000 And then also another one that can be important is usage location right 0:04:25.960000 --> 0:04:32.500000 here. And usage location can be useful in things like MFA for how you 0:04:32.500000 --> 0:04:34.500000 can be contacted, etc. 0:04:34.500000 --> 0:04:40.500000 So that is the easiest way to create your users. 0:04:40.500000 --> 0:04:44.740000 If you're creating them one at a time, of course, you can also script 0:04:44.740000 --> 0:04:46.900000 out the creation of your users. 0:04:46.900000 --> 0:04:52.180000 For example, here is an Azure PowerShell commandlet approach. 0:04:52.180000 --> 0:04:57.820000 I create a password and then I use that password in a PowerShell commandlet, 0:04:57.820000 --> 0:05:05.540000 new AZ-80 user. One thing to note, there are three different Azure, excuse 0:05:05.540000 --> 0:05:09.920000 me, well, yeah, Azure PowerShell modules that you can use. 0:05:09.920000 --> 0:05:14.740000 There's the AZ, there's the Azure AD, and there's the MSOL. 0:05:14.740000 --> 0:05:17.220000 Each one slightly different just to add to your phone. 0:05:17.220000 --> 0:05:24.000000 In this case, this is the latest of the three, which is just the AZ module. 0:05:24.000000 --> 0:05:28.700000 Now in addition to that, we of course also have the Azure CLI. 0:05:28.700000 --> 0:05:31.640000 And I've got an Azure AD user create. 0:05:31.640000 --> 0:05:36.980000 Again, the information I'm setting is essentially the same, albeit a different 0:05:36.980000 --> 0:05:42.360000 syntax. Now what about adding our guest users? 0:05:42.360000 --> 0:05:45.100000 There's a couple of different ways that you can add a guest user. 0:05:45.100000 --> 0:05:48.840000 One way that you can add a guest user is through the same interface that 0:05:48.840000 --> 0:05:51.700000 you would use at a standard user. 0:05:51.700000 --> 0:05:55.600000 All right, I've got this create user or invite user. 0:05:55.600000 --> 0:05:59.120000 Now there are some slight differences. 0:05:59.120000 --> 0:06:02.600000 Instead of login, I've got name and email address. 0:06:02.600000 --> 0:06:05.540000 Not a big deal. And notice the only one that's actually necessary here 0:06:05.540000 --> 0:06:06.920000 is email address. 0:06:06.920000 --> 0:06:08.720000 Notice the personal message. 0:06:08.720000 --> 0:06:11.760000 You could write a personal message because it's going to send an email. 0:06:11.760000 --> 0:06:15.780000 And then you also have the groups and roles. 0:06:15.780000 --> 0:06:20.740000 And other than that, actually similar characteristics to the create user. 0:06:20.740000 --> 0:06:27.200000 Now in addition to that, a shortcut that you can take is you can actually 0:06:27.200000 --> 0:06:35.580000 invite a user directly by assigning a role to that user in your Azure 0:06:35.580000 --> 0:06:39.500000 environment. So let's say, for example, you've got a resource group and 0:06:39.500000 --> 0:06:44.860000 you're working on a project and you've got a partner organization that 0:06:44.860000 --> 0:06:46.540000 has their own Azure AD. 0:06:46.540000 --> 0:06:50.500000 And you want to give Bob from that partner organization rights in the 0:06:50.500000 --> 0:06:56.340000 resource group. Rather than going and first adding Bob as a guest user 0:06:56.340000 --> 0:07:00.320000 and then coming in and giving Bob the appropriate rights, you can actually 0:07:00.320000 --> 0:07:05.820000 come directly in and just say, all right, I'm going to go ahead and assign 0:07:05.820000 --> 0:07:10.260000 a role here. Here I've got the example of the contributor role and I'm 0:07:10.260000 --> 0:07:16.340000 assigning it to some user that is somewhere else. 0:07:16.340000 --> 0:07:20.780000 Now notice also that it says here this user will be sent an email that 0:07:20.780000 --> 0:07:24.160000 enables them to collaborate with INE Inc. 0:07:24.160000 --> 0:07:27.100000 Just because you've invited that person does not mean they're immediately 0:07:27.100000 --> 0:07:28.320000 going to have access. 0:07:28.320000 --> 0:07:30.480000 They have to accept the invitation. 0:07:30.480000 --> 0:07:34.000000 And that of course is a security thing because you're integrating their 0:07:34.000000 --> 0:07:39.620000 identity information into your active direct your Azure AD. 0:07:39.620000 --> 0:07:41.900000 So those are guest users. 0:07:41.900000 --> 0:07:46.200000 Now as far as managing users, if you've ever managed users in any environment, 0:07:46.200000 --> 0:07:50.140000 the options that you're going to have here are pretty similar to what 0:07:50.140000 --> 0:07:54.460000 you would have in, like is it pretty much any kind of identity management. 0:07:54.460000 --> 0:07:57.640000 You'll have things like profile, right? 0:07:57.640000 --> 0:07:59.980000 So things like their job title, etc. 0:07:59.980000 --> 0:08:04.700000 where they are, city, state, so standard profile information, assigned 0:08:04.700000 --> 0:08:08.180000 roles. These are going to be your Azure AD roles. 0:08:08.180000 --> 0:08:13.000000 That's not going to show you all of the roles, but it will show you the 0:08:13.000000 --> 0:08:14.980000 ones that are associated with Azure AD. 0:08:14.980000 --> 0:08:20.200000 The groups that you belong to in this Azure AD tenant, any applications 0:08:20.200000 --> 0:08:23.860000 that you have been assigned rights to, any licenses that you have been 0:08:23.860000 --> 0:08:28.840000 granted, any devices that are registered for you. 0:08:28.840000 --> 0:08:31.520000 And authentication methods that are available for you. 0:08:31.520000 --> 0:08:35.540000 And also if there are registered resources associated with that user. 0:08:35.540000 --> 0:08:44.000000 In terms of actively managing the user, really these top three are the 0:08:44.000000 --> 0:08:47.260000 ones where you're going to actively manage a user. 0:08:47.260000 --> 0:08:54.540000 Now another user management in area that really has a better story than 0:08:54.540000 --> 0:09:01.160000 it used to is the concept of bulk user updates. 0:09:01.160000 --> 0:09:05.240000 Now when we think about bulk user updates, we're thinking about inserts, 0:09:05.240000 --> 0:09:06.940000 updates, deletes. 0:09:06.940000 --> 0:09:10.960000 I realize it's a little bit repetitive on the word updates, but user modification 0:09:10.960000 --> 0:09:13.220000 maybe would have been a better way to put that. 0:09:13.220000 --> 0:09:16.340000 I can insert a lot of users. 0:09:16.340000 --> 0:09:17.900000 I can update a lot of users. 0:09:17.900000 --> 0:09:19.720000 I can delete a lot of users. 0:09:19.720000 --> 0:09:24.080000 Now initially this required for a while. 0:09:24.080000 --> 0:09:25.720000 In fact, it's only recently been changed. 0:09:25.720000 --> 0:09:31.720000 In order for you to perform any kind of bulk user manipulation, you would 0:09:31.720000 --> 0:09:34.720000 have to use a PowerShell script. 0:09:34.720000 --> 0:09:37.300000 And there was a bunch of PowerShell scripts out there. 0:09:37.300000 --> 0:09:44.380000 But now we have two of the three means of modifying users that can now 0:09:44.380000 --> 0:09:47.980000 be done by simply uploading a comma separated value file. 0:09:47.980000 --> 0:09:55.280000 You can see here in this screenshot that I've got bulk create and I also 0:09:55.280000 --> 0:09:56.520000 have bulk delete. 0:09:56.520000 --> 0:09:58.060000 Oh, and by the way, I have bulk update. 0:09:58.060000 --> 0:10:02.200000 I kind of consider those two sides of the same coin. 0:10:02.200000 --> 0:10:05.600000 Now I do not have a bulk update directly. 0:10:05.600000 --> 0:10:10.420000 So in other words, I can't just by uploading a file yet at the time of 0:10:10.420000 --> 0:10:15.240000 this recording make updates to multiple users simultaneously. 0:10:15.240000 --> 0:10:20.320000 Now it may well be that you by the time you watch this video, you may 0:10:20.320000 --> 0:10:25.200000 have that same workflow for updating users as well. 0:10:25.200000 --> 0:10:29.840000 But in the meantime, I do want to show you the kind of traditional way 0:10:29.840000 --> 0:10:33.860000 of updating users in Azure AD. 0:10:33.860000 --> 0:10:38.460000 And this will still work across any sort of update that you need to perform. 0:10:38.460000 --> 0:10:41.740000 It's just that it does require a PowerShell script. 0:10:41.740000 --> 0:10:46.200000 Now the good news on the PowerShell script is that there are many examples, 0:10:46.200000 --> 0:10:51.200000 downloadable examples of the kinds of scripts that you would want to run 0:10:51.200000 --> 0:10:55.380000 or you would need to run to either insert update or even delete users 0:10:55.380000 --> 0:10:59.080000 in bulk. Again, the insert and delete, you may not need this because a 0:10:59.080000 --> 0:11:01.760000 lot of this process has been taken care of you. 0:11:01.760000 --> 0:11:05.580000 But let's talk about what you would need to do to perform bulk updates. 0:11:05.580000 --> 0:11:08.880000 So bulk actual modifications of existing records. 0:11:08.880000 --> 0:11:12.780000 Also, I do want to point out when we talk about this, we're really talking 0:11:12.780000 --> 0:11:14.620000 just cloud users. 0:11:14.620000 --> 0:11:17.200000 Because if it's a synchronized user, those are going to be controlled 0:11:17.200000 --> 0:11:19.780000 in Active Directory on-premises. 0:11:19.780000 --> 0:11:23.080000 And if it's a guest user, that of course is going to be controlled by 0:11:23.080000 --> 0:11:30.020000 whatever tenant that is other than the possibility of bulk inviting guests. 0:11:30.020000 --> 0:11:31.940000 So how do you perform bulk updates? 0:11:31.940000 --> 0:11:35.360000 Well, you could go the hard way, if you will. 0:11:35.360000 --> 0:11:38.640000 Not really the hard way. 0:11:38.640000 --> 0:11:43.160000 And there's third party tools because there is a REST API that's available, 0:11:43.160000 --> 0:11:47.200000 which you could also use to code your own solution to do this. 0:11:47.200000 --> 0:11:50.780000 So if you were doing this on an ongoing basis, or maybe you had multiple 0:11:50.780000 --> 0:11:56.080000 clients that you were managing this for, that would be useful. 0:11:56.080000 --> 0:12:00.860000 But you can also just implement a PowerShell script that uses, in this 0:12:00.860000 --> 0:12:05.140000 case, not actually the CLI, but uses PowerShell. 0:12:05.140000 --> 0:12:08.220000 And here's the process, big picture. 0:12:08.220000 --> 0:12:13.140000 First of all, you would need to put the updates into a CSV file. 0:12:13.140000 --> 0:12:17.020000 Then you would run the following PowerShell command, let's some of which 0:12:17.020000 --> 0:12:18.420000 are Azure, some of which are not. 0:12:18.420000 --> 0:12:21.000000 And it's really not super complicated. 0:12:21.000000 --> 0:12:22.920000 You would run an import CSV. 0:12:22.920000 --> 0:12:27.680000 And what that does is it allows PowerShell to pull in a comma-separated 0:12:27.680000 --> 0:12:30.360000 value file and loop through it. 0:12:30.360000 --> 0:12:35.560000 So I go through a loop and I can execute each row in that file one at 0:12:35.560000 --> 0:12:42.680000 a time. And then what you would do is use one of these PowerShell commandless. 0:12:42.680000 --> 0:12:46.300000 I am not going to go into every one of these. 0:12:46.300000 --> 0:12:51.160000 Hopefully they are relatively straightforward, Azure AD user for your 0:12:51.160000 --> 0:12:54.920000 standard user information, user extension. 0:12:54.920000 --> 0:13:04.240000 If there's extended metadata licensing, who the user's manager is, their 0:13:04.240000 --> 0:13:07.280000 update their password, or even update their thumbnail. 0:13:07.280000 --> 0:13:09.020000 I guess I did just go through all of them. 0:13:09.020000 --> 0:13:10.280000 Sorry about that. 0:13:10.280000 --> 0:13:13.600000 But how would this actually be used? 0:13:13.600000 --> 0:13:16.500000 You wouldn't use all of those most likely at the same time, although conceptually 0:13:16.500000 --> 0:13:19.880000 you could. Here is an example. 0:13:19.880000 --> 0:13:24.140000 In this example, I have a CSV file. 0:13:24.140000 --> 0:13:29.140000 And the name of the CSV file there would be under some folder, D updates, 0:13:29.140000 --> 0:13:30.260000 department change. 0:13:30.260000 --> 0:13:35.520000 So let's say for example that I work in an organization and we have decided 0:13:35.520000 --> 0:13:41.300000 to change our focus from the concept of customers to the concept of clients. 0:13:41.300000 --> 0:13:45.700000 And so anyone who had the word customer in their title, we now need to 0:13:45.700000 --> 0:13:50.680000 update their department update their title possibly so it reflects what 0:13:50.680000 --> 0:13:52.540000 the new changes are. 0:13:52.540000 --> 0:13:56.640000 And so what I would do is I would have a common server value file that 0:13:56.640000 --> 0:13:59.500000 have all the information I need for my users. 0:13:59.500000 --> 0:14:02.300000 And then I'd pull that in with an import CSV. 0:14:02.300000 --> 0:14:05.720000 I would use a PowerShell for each loop. 0:14:05.720000 --> 0:14:12.820000 And in this case, I would just use a set 80 set Azure 80 user where I'm 0:14:12.820000 --> 0:14:16.260000 going to pull the object idea of update user.upn. 0:14:16.260000 --> 0:14:20.720000 And then the department is the update user department where update user. 0:14:20.720000 --> 0:14:27.620000 That should be user singular is every row gets represented by update user 0:14:27.620000 --> 0:14:30.620000 as it goes through. 0:14:30.620000 --> 0:14:34.240000 And that is how you would perform bulk updates. 0:14:34.240000 --> 0:14:38.840000 Now what I want to do is I want to go through and demonstrate a little 0:14:38.840000 --> 0:14:40.760000 bit how you can manage users. 0:14:40.760000 --> 0:14:47.960000 And I'm going to show you how you can add users into an Azure AD tenant. 0:14:47.960000 --> 0:14:51.700000 I'll show you how you can bulk insert users. 0:14:51.700000 --> 0:14:57.720000 And then I'm also going to show you how you can invite your guest users. 0:14:57.720000 --> 0:15:06.420000 Okay, and so to do that, I'm going to go into an Azure AD tenant. 0:15:06.420000 --> 0:15:07.880000 So this is my Azure AD tenant. 0:15:07.880000 --> 0:15:12.760000 This is a tenant that is I think what is it? 0:15:12.760000 --> 0:15:16.800000 I need a D demos dot on Microsoft.com. 0:15:16.800000 --> 0:15:22.180000 This tenant currently hopefully might have I think well it has a few users 0:15:22.180000 --> 0:15:26.620000 because I've replicated over from an on premises environment for another 0:15:26.620000 --> 0:15:30.160000 demo. But what I'm going to do regardless of that is I'm going to go ahead 0:15:30.160000 --> 0:15:33.840000 and create a user. 0:15:33.840000 --> 0:15:37.500000 And I'm going to create this user and this user is going to be Bob. 0:15:37.500000 --> 0:15:42.340000 Now in this particular case, I actually have two different domains that 0:15:42.340000 --> 0:15:45.940000 Bob could be associated with because I've added a custom domain to this. 0:15:45.940000 --> 0:15:48.120000 But we're just going to go with that. 0:15:48.120000 --> 0:15:53.800000 And this will be Bob Roberts. 0:15:53.800000 --> 0:15:57.420000 And I can fill out first name, last name, etc. 0:15:57.420000 --> 0:16:00.820000 And I can auto generate a password. 0:16:00.820000 --> 0:16:06.040000 And I probably want to copy that so I can send that password to Bob. 0:16:06.040000 --> 0:16:08.940000 And then I can set groups and roles. 0:16:08.940000 --> 0:16:12.320000 Possibly set the usage location here. 0:16:12.320000 --> 0:16:19.600000 And any other information I need to set for Bob. 0:16:19.600000 --> 0:16:21.600000 And then go ahead and create Bob. 0:16:21.600000 --> 0:16:24.660000 And Bob has now been added. 0:16:24.660000 --> 0:16:31.880000 And furthermore, I can go in and I can edit Bob. 0:16:31.880000 --> 0:16:38.080000 And here's the identity, first name, last name. 0:16:38.080000 --> 0:16:42.440000 So I want to give Bob a last name here. 0:16:42.440000 --> 0:16:46.160000 And put in all of the other information or any other information that 0:16:46.160000 --> 0:16:47.800000 I need to put in. 0:16:47.800000 --> 0:16:50.220000 And so pretty simple. 0:16:50.220000 --> 0:16:55.240000 And the same thing, I can go ahead and here and assign Bob roles, add 0:16:55.240000 --> 0:17:00.180000 Bob to groups. Which I don't think I have any groups right now. 0:17:00.180000 --> 0:17:03.140000 Go to applications, see the applications, see the licensing. 0:17:03.140000 --> 0:17:05.580000 I actually can assign licensing here. 0:17:05.580000 --> 0:17:11.440000 You have the devices that are associated with Bob, etc. 0:17:11.440000 --> 0:17:15.420000 It doesn't have any user or Azure resources yet. 0:17:15.420000 --> 0:17:20.480000 Now, it is also possible, as I mentioned, to bulk create. 0:17:20.480000 --> 0:17:22.160000 And it's a fairly straightforward process. 0:17:22.160000 --> 0:17:30.960000 I'm going to go in here and I am going to download a CSV template. 0:17:30.960000 --> 0:17:36.820000 Just to show you, you get this great little sample CSV template. 0:17:36.820000 --> 0:17:44.680000 And I am going to open up that template, which opened up on another screen. 0:17:44.680000 --> 0:17:49.340000 And let's go ahead and see if I can't get everything sized right. 0:17:49.340000 --> 0:17:52.520000 There we go. And I can see these columns. 0:17:52.520000 --> 0:17:55.020000 And it should be relatively self-explanatory. 0:17:55.020000 --> 0:18:00.080000 It tells you what it is and the actual property all the way across. 0:18:00.080000 --> 0:18:04.300000 And I can just start adding rows where I am adding these in. 0:18:04.300000 --> 0:18:10.060000 Now, I had already created one for a different. 0:18:10.060000 --> 0:18:14.160000 Oh, that's the same one. 0:18:14.160000 --> 0:18:15.920000 I'm going to go ahead and open this up. 0:18:15.920000 --> 0:18:26.260000 I have another one that already exists that is sort of already set up. 0:18:26.260000 --> 0:18:27.900000 At least it was. 0:18:27.900000 --> 0:18:32.260000 Oh, that's because I want CSV files. 0:18:32.260000 --> 0:18:34.280000 Where's my text files? 0:18:34.280000 --> 0:18:37.680000 Oh, text file. There we go. 0:18:37.680000 --> 0:18:38.640000 All right, there we go. 0:18:38.640000 --> 0:18:40.740000 Demo user upload. 0:18:40.740000 --> 0:18:45.540000 All right, now the only issue that I have here is when I did this, it 0:18:45.540000 --> 0:18:47.200000 was just I-any demo. 0:18:47.200000 --> 0:18:54.040000 So what we're going to do, go through here, and place I-any demo with 0:18:54.040000 --> 0:19:02.020000 I-any 80 demos. Place all that. 0:19:02.020000 --> 0:19:08.520000 And I've got data for four different users. 0:19:08.520000 --> 0:19:14.620000 All right, if I can go and see I've got Amy Yuma and information, the 0:19:14.620000 --> 0:19:17.540000 incredibly robust password that I'm setting. 0:19:17.540000 --> 0:19:19.040000 I'm not blocking them. 0:19:19.040000 --> 0:19:21.640000 And you can see the different titles and everything else. 0:19:21.640000 --> 0:19:28.440000 They are all in the sales department and the rest of the information. 0:19:28.440000 --> 0:19:31.600000 And I'm going to go ahead and save that. 0:19:31.600000 --> 0:19:39.420000 All right, so I now have a CSV file that I can use to bulk create. 0:19:39.420000 --> 0:19:43.200000 So I'm going to go ahead and upload my CSV file. 0:19:43.200000 --> 0:19:49.460000 And over to demos. 0:19:49.460000 --> 0:19:53.220000 My demo user upload. 0:19:53.220000 --> 0:19:55.820000 And the file was uploaded successfully, and I'm going to submit. 0:19:55.820000 --> 0:19:58.820000 And it's going to take a moment or two for that to process. 0:19:58.820000 --> 0:20:01.580000 And once it's done processing, we'll take a look at the users that are 0:20:01.580000 --> 0:20:11.460000 generated. All right, it appears as though the process has completed successfully. 0:20:11.460000 --> 0:20:13.160000 We'll go ahead and refresh. 0:20:13.160000 --> 0:20:17.980000 And now we can see that we have these new users. 0:20:17.980000 --> 0:20:25.180000 They're added. You can see that their identity is I-any 80 demos. 0:20:25.180000 --> 0:20:28.080000 And there are, there's us. 0:20:28.080000 --> 0:20:29.020000 There's four of them. 0:20:29.020000 --> 0:20:30.500000 There we go. There's the fourth one. 0:20:30.500000 --> 0:20:33.360000 All right, and so I've now bulk created. 0:20:33.360000 --> 0:20:36.000000 You can do a similar thing with bulk invite, bulk delete. 0:20:36.000000 --> 0:20:41.080000 In each case, you can download a sample CSV file and put the data you 0:20:41.080000 --> 0:20:44.020000 need into that CSV file and process it up. 0:20:44.020000 --> 0:20:51.200000 Last thing that I want to show you is I want to show you inviting a user 0:20:51.200000 --> 0:20:55.560000 into a guest user, inviting a guest user. 0:20:55.560000 --> 0:20:59.100000 So to do this, I'm going to go in. 0:20:59.100000 --> 0:21:03.060000 First thing I'm going to do is I am going to log in as Bob, and hopefully 0:21:03.060000 --> 0:21:09.560000 I still have his login credentials. 0:21:09.560000 --> 0:21:16.820000 I'm going to go to the Azure AD user portal, which is myapps.martself 0:21:16.820000 --> 0:21:30.780000 .com. And we're going to log in as Bob at i-neadimos.armersuff.com. 0:21:30.780000 --> 0:21:44.980000 And I did remember Bob, remember to keep Bob's original password. 0:21:44.980000 --> 0:21:50.300000 And log Bob in, and then I'm going to immediately close Bob back out. 0:21:50.300000 --> 0:21:55.660000 All right, so Bob's in, Bob has a good password. 0:21:55.660000 --> 0:22:04.600000 Now what I'm going to do is I'm going to shift over to my standard subscription. 0:22:04.600000 --> 0:22:09.060000 So I'm actually on my standard Azure AD tenant associated with my demo 0:22:09.060000 --> 0:22:15.000000 subscription. And what I'm going to do is go ahead and create a resource. 0:22:15.000000 --> 0:22:27.060000 So I'm going to create a resource group. 0:22:27.060000 --> 0:22:38.680000 And this is going to be demo AD, QAAD, just AAD, guess. 0:22:38.680000 --> 0:22:43.260000 And though I'm allergic to putting things anywhere other than East US, 0:22:43.260000 --> 0:22:44.860000 in this case we will. 0:22:44.860000 --> 0:22:49.220000 Now what I'm going to do is I'm going to go to the resource group and 0:22:49.220000 --> 0:22:52.960000 I'm going to go to access control. 0:22:52.960000 --> 0:22:56.720000 And I am going to add a role assignment. 0:22:56.720000 --> 0:22:59.940000 So I'm going to go here and to add a role assignment. 0:22:59.940000 --> 0:23:03.480000 And we're going to go Bob at. 0:23:03.480000 --> 0:23:12.220000 Now notice it's not coming up right now. 0:23:12.220000 --> 0:23:14.720000 But once I type that in, there we go. 0:23:14.720000 --> 0:23:17.420000 I've got Bob in there, Bob is a guest. 0:23:17.420000 --> 0:23:27.760000 Now it just so happens that Bob is associated with a tenant that is connected 0:23:27.760000 --> 0:23:32.680000 by the account administrator, but that's immaterial. 0:23:32.680000 --> 0:23:37.820000 This would work literally for any account anywhere in Azure AD. 0:23:37.820000 --> 0:23:39.900000 And I'm simply going to save that. 0:23:39.900000 --> 0:23:45.120000 Now at this point, an invitation has been sent out to the user, Bob at 0:23:45.120000 --> 0:23:47.560000 iNedemos.om.com. 0:23:47.560000 --> 0:23:50.200000 However, I don't have an email address for that. 0:23:50.200000 --> 0:23:56.640000 So I'm going to fake it by opening, or let's just copy that link, or how 0:23:56.640000 --> 0:23:59.140000 about we just open it in private. 0:23:59.140000 --> 0:24:02.260000 So open that link up in private. 0:24:02.260000 --> 0:24:05.380000 So this is what Bob would see. 0:24:05.380000 --> 0:24:10.540000 And notice it's going to Bob at iNedemos.om.com. 0:24:10.540000 --> 0:24:22.300000 And I log in. Now here it is going to tell me if I'm doing this, the organization 0:24:22.300000 --> 0:24:25.820000 would like to sign you in and read your name, email address, and photo, 0:24:25.820000 --> 0:24:30.300000 which is not to the user. 0:24:30.300000 --> 0:24:31.340000 Prohibitively Invasive. 0:24:31.340000 --> 0:24:36.080000 Remember, I'm logging in as Bob right now. 0:24:36.080000 --> 0:24:40.400000 And with my other hat, I had given Bob access. 0:24:40.400000 --> 0:24:43.960000 Now I'm going to go ahead and notice that Bob is here. 0:24:43.960000 --> 0:24:45.620000 Bob is in the portal. 0:24:45.620000 --> 0:24:50.060000 And if you can look over here, Bob is connected to iNedemos. 0:24:50.060000 --> 0:24:55.800000 And if I go to resource groups, the only resource group that Bob can see 0:24:55.800000 --> 0:24:58.740000 is the resource group that I gave him access to. 0:24:58.740000 --> 0:25:03.860000 So not only in this case have I granted access to a user, but I've also 0:25:03.860000 --> 0:25:06.480000 invited them as a guest user. 0:25:06.480000 --> 0:25:11.640000 And really, those are the front to back processes that you're going to 0:25:11.640000 --> 0:25:14.680000 use to manage Azure AD users. 0:25:14.680000 --> 0:25:19.100000 Provisioning the users, creating them, whether it's individually or in 0:25:19.100000 --> 0:25:24.940000 bulk, being able to update the user properties, their profile information, 0:25:24.940000 --> 0:25:28.780000 their picture even, what roles they have in Azure AD. 0:25:28.780000 --> 0:25:32.240000 Being able to work with guest users, whether I invite them directly through 0:25:32.240000 --> 0:25:38.300000 Azure AD or I invite them indirectly by assigning them rights within a 0:25:38.300000 --> 0:25:44.220000 subscription. And then also being able to really manage the experience 0:25:44.220000 --> 0:25:46.420000 of an invited user. 0:25:46.420000 --> 0:25:51.000000 And that really rounds out what you might think about for managing Azure