Azure Active Directory Premium: Users and Groups

This is part of a continuing series on Azure Active Directory Premium and Microsoft’s Enterprise Mobility Suite. This post will focus on user and group management from Azure AD.

First, anyone can sign up for a 90-day trial of Azure AD Premium. To do so, log in to your Azure account, select your Azure Active Directory, then select “Azure Active Directory Premium” under the “Explore” area.


This will guide you through enabling the trial.

From here, you can either begin creating your users and groups, or set up a directory sync to your local directory. I am going to walk through creating user and groups manually in this post. A later post will deal with setting up the directory sync.

Creating Users

To create a new user, click “Add User” at the bottom of the page. There are three options – new user, user with existing Microsoft account, and user in another Azure AD. I’m going to stick with new user. Type in a username for the user and click next.


Next, fill out the relevant personal information for the user, including first, last, and display name. Next, select the user’s role. The user role is a regular user. The rest of the roles give the user some sort of management rights over the Azure AD. First is global administrator. This type of user is similar to a domain admin; they can basically do whatever they want in the Azure AD. Next is billing administrator. This user role allows users to make purchases and manage subscriptions. A service administrator can manage service requests and service health within the Azure portal. A user administrator can create and modify users, and a password administrator can reset all user’s passwords. I am going to create a simple user. Fill out this information and proceed to the next page.


Finally, click the “Create” button. This will create the account and assign the user a temporary password. After the account is created, you can email the temporary password to the user. They will be required to change it at their first logon.

After you create the account, you can select the username and view all of the information about the user. Administrators can also modify the information. Included with this information is the Activity tab. Here, you can see all of the places where this user has logged in. This information includes devices and linked SaaS applications.


Just as in on-premises Active Directory, you can create groups for delegating access to things, such as file storage, website access, and database access. With Azure AD, you can also use groups to grant rights to SaaS applications. This is especially helpful if you only have a certain number of licenses for a SaaS application.

To create a group, select the “Groups” tab and click “Add a Group”. Give your group a name and description. You can now select the group and add members. You can also change the group name or description from the “Configure” tab.



All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistant.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.