Now, if you've been in IT very long, then you know to get access to resources, we need to have users. Then we take and gather these users into groups. We can manage users in groups within the portal using PowerShell and also Azure CLI. So we're going to go ahead and look at PowerShell first. So I'm just going to say get-azaduser. That gives me a listing of users. Now if I wanted to see what other commands I have, I can go ahead and just say get-command noun azad* That gives me all the listings for when it deals with AD. So I got my groups in there also if I wanted to see user, so there are all the command-lets for that. Now if I need help on one of them, I'll just go ahead and say maybe I want to see what new azaduser and go ahead and do examples here. There's an example. Now I also have the CLI installed on here. So if I want to use the CLI, just do az ad user and go ahead and list. Now I like using PowerShell. Let's go into the portal now. So we'll switch over to the portal here and you can see that I'm in Azure Active Directory, and let's go ahead and go back in here. So we go into the user's blade and this is where we can go and work with our users. Now we have the ability of going and creating a new user. When we create a new user, what we do is we decide if we're going to create a user or we can also invite them. Now if we have a hybrid, we'll talk about Azure AD Connect later on, and this allows us to be able to sync up from our active directory domain services on-premises to Azure AD. What you do is you select and put in a username, and then you select what is going to be the authorize suffix and so you can see I have a bunch of custom domains, which we'll talk about that later on. You put in a name, put in the first name, last name, just like you would do if you're doing through active directory. Then you have the groups, you can see the role. Then we can block sign on. Now, why would you want to do that? Because when you're bringing up a new user, maybe you don't want somebody to be able to access it right away while you're in the process of giving them permissions and other things like that, so you can block it, and then you have the usage location. Now this is very important because this is going to make a determination of locale, the time, all of the different settings and that, it also connects with your license too. Then you have the job title and you have the department. Now once you've created it, you will have a listing. So if I were to go in and look at my own account, here is the user and so you got the profile, the identity, the job information, your settings, your contact. I can look at it and see what assign roles, I'm actually a global admin because I'm the one that created the Microsoft 365 in Azure environment. I can see what groups I'm currently connected with. I can see the applications that I have associated with me. I can see the licenses that are associated, and then I have my devices that are connected with me. So what happens is each time that I add a new device, a new laptop or phone or whatever, I can connect it and you can see I've multiple Windows phones here and then I have some other devices also. So Windows 10 device and then I have another device, the desktop here. Then I have my Azure role assignments, and so you can see that it does require some additional configuration here and authentication methods. So Michael idea Hotmail is my other alternative name, or alternative e-mail, and then we have our sign-ins. So the activities, so that way we can keep track of when I was signed in, if I had any interrupted ones or if there are ones that there's a possibility that my account had gotten compromise. Then audit logs so that way I can keep track of what's going on up the information, so forth, and it's the same as if you're doing an Event Viewer. Remember, we talked about activity logs, and so this just gives us another area that we can look at. That's how will we go in and work with our users. Now. we're going in and also looking at one other area is that we can do bulk administration. So we can go and select a bunch of accounts and then we can go in and do things like bulk invite, we can do bulk create, we can also do bulk delete. So the bulk invite would be from a CSV file and also bulk create would be from a CSV file. So that's working with the users. Let's look at the groups real quick. So groups are pretty much same. You can create a new group, just put in a group type. So you got security and then we have Office 365. Security is just going to give me access to resources, and Office 365 is giving access to SharePoint for SharePoint reasons for doing like Teams and other things like that, and really it's for more of giving access for e-mail purposes and other things. We have the group name we can put in and what the description is. So that's working with users and groups. There are times when you want to give external users access to resources within your environment. To provide you with the ability to grant outsiders access, we have the guest account. Now these are used for Azure B2B scenarios. You probably have companies that you do business with and you might want to give them access to resources. This is what we can use. Now, this does not have to be a work account or a personal account, this can be anything external, it could be a Gmail or other account. So you can see I'm back in a portal and we have new guest user. So when I click on a new guest user, I can create one or I can invite somebody. So all you do is you put in a name, you put it into e-mail address, first name, last name, and then you can put a personal greeting. Then you can add them to a group so that I can give them access to information, put them into a role, you can block the sign in. You have a user location, a job title, and department, just like you have with the regular user. So you can create the user, like I said, and do pretty much the same as what you did before or you can invite them. So it's up to you, it all depends on what type of account or type of user that in your B2B scenarios
