Microsoft Azure Entra ID
Microsoft Azure Entra ID is the service that manages all identities in Azure. It was formerly called Azure Active Directory or Azure AD.
Microsoft Azure Entra ID is the service that manages all identities in Azure. It was formerly called Azure Active Directory or Azure AD.
I'm going to work us through the following below:
Creating a new user in Azure Entra ID
Granting the user Global Administrator access
Using the newly promoted account, create another new user in Azure Entra ID
After creating the second user, revoke the Global Administrator access from the first user account.
1. Creating a new user in Azure Entra ID
Login into your Azure account. Search for Microsoft Entra ID as shown below
The user environment looks like this below:
Note: when you click on the "New user", Azure will show you two options
i. Create a new internal user in your organization
ii. Invite an external user to collaborate with your organization.
Choose option 1
Go through each tabs below to enter the user details.
When you have gone through these four tabs click on "Create"
It will show Successfully created user at the top right corner of your screen
Now do either hard refresh or soft refresh so that you can see the new user you just created
2. Granting the user Global Administrator access
In Microsoft Microsoft Azure, granting a newly created user “Global Administrator” access means:
You are giving that user the highest level of administrative permission in the organization’s Microsoft cloud environment (tenant).
The user will now be able to control and manage almost everything in the organization’s:
i. Azure services
ii. Microsoft Entra ID
iii. Microsoft 365 services
iv. User accounts
From your own dashboard that created the user Michael John, search for this name by typing the name in the search bar if you already have multiple names
Then click on the Add button
It shows Successfully added. To confirm, login as the user on another device or New Incognito window.
Use the authentication app on your phone to gain access. If you don't have the authentication app download it. The user when logged in goes to Assign roles, there the user will see that he has been assigned a role. In this case, the role assigned to the user is Global administrator.
3. Using the newly promoted account, create another new user in Azure Entra ID
This means that, the user that was given global administrator can now also create user(s). Below is Michael John MS Azure account interface/dashboard
Michael John, search for Microsoft Entra ID in his Azure account.
![](file:///C:\Users\USER\AppData\Local\Temp\msohtmlclip1\01\clip_image001.gif align="center")
Click on Microsoft Entra ID, toggle the Manage tab and select Users.
Click on + New User
Note: when you click on the "New user", Azure will show you two options
i. Create a new internal user in your organization
ii. Invite an external user to collaborate with your organization.
Choose option 1
Go through this four tabs above to fill in the user details. You can scroll up to number 1 above (Creating a new user in Azure Entra ID) to see how to create user.
Below is the newly user that Michael John just created because he was given permission/assign a role as a global administrator from the owner (i.e. from the Management group/level)
4. After creating the second user, revoke the Global Administrator access from the first user account.
In Microsoft Azure or Microsoft Entra ID, to revoke Global Administrator from the first user (Michael John) means:
You are removing the Global Administrator role/permission from Michael John.
After revoking it, Michael John will no longer have full control over the organization’s Azure or Microsoft environment.
Simple Meaning
Before revoking:
- Michael John can manage everything.
After revoking:
- Michael John becomes a normal user or keeps only lower permissions assigned to him.
From the owner account/company account go to Users, search for Michael ...., click on his name.
This takes you to Michael environment. click on the Revoke sessions.
It shows the message below
click "yes"
