Joanne: This guest post is written by my mentee, Sheldon Appleyard. I’ve invited Sheldon to be a guest blogger at joannecklein.com and encouraged him to write content and share knowledge about practical things he’s learned for an audience just starting out in Microsoft 365. Creating user accounts is a fundamental task and the focus of this post by Sheldon.
Sheldon: Hello, my name is Sheldon Appleyard and I’m an IT Pro who has worked in the IT industry for 10 years. Like many, I have been branching out into the Microsoft Cloud over the past 4 years and have been learning as much as I can as I go along. Joanne has graciously offered to mentor me and has invited me to post blogs on her site as I start my adventures in the Microsoft Cloud. Join me as I post about the things I learn and how to implement them for your own use. Feel free to reach out to me on my LinkedIn profile.
A big part of Microsoft 365 and the tools and platforms it provides is the user accounts and the licenses you assign to them. Without an account, you can’t login to Microsoft 365 and without the proper licenses assigned to these accounts you won’t have access to any of the platforms or tools available. Even if you are set up as a hybrid environment where you create your user accounts in your on-premises Active Directory (AD) and replicate them into Microsoft 365, there will be occasions when you will want to create an account only in Microsoft 365. This post will show how to do this using the GUI. My next post will show how to do the same thing using PowerShell!
You can create the account in two different locations in Microsoft 365:
- Microsoft 365 admin portal
- Azure AD from the Azure portal
It doesn’t matter which method you use since all accounts are stored in Azure AD regardless of the location they’re created in. This post will show the steps to create an account in the Microsoft 365 admin portal.
Permissions… to add an account on the Admin portal, you will need either the Global Admin role or User Admin role.
Licenses… you will need licenses available to assign the user account you are creating (although you do not have to assign licenses at the time of account creation, it’s a good time to assign the needed licenses. You are always able to add more licenses later) If your tenant does not have the needed licenses, you will need to purchase them.
Creating a user account
The Admin portal is the simplest and quickest way to create a new user in Microsoft 365. To get started you will need to sign into Microsoft 365 and click on the admin portal icon in either your favourite apps launcher or through the app launcher.
On the Admin page, click on Users… Active users on the left menu bar. The Active users page allows you to create, update and delete user accounts in your Azure AD. To create a new user account, click on “Add a user”.
The Add a user wizard will be displayed with steps to take you through user creation. The wizard breaks the creation of a new user into 4 sections.
This is where the basic information for the new account is entered:
- first and last name
- display name
- default domain name (for those companies with multiple domain names)
- password (allow Microsoft to auto generate a password for the account or select to enter in a password manually)
In most cases, I recommend auto generating a password for the account but for some accounts such as service accounts or temporary accounts you may want to manually enter in a password that you will share. I recommend selecting the “Require this user to change their password when they first sign in” option in conjunction with the auto-generate password option.
Users should be using a password that is unique to them and follows your organizations password rules. The last option available in this section is to send the password to the user via email upon completion of creating the account and should be used on a case by case scenario.
The Product Licenses section is for assigning the licenses you have available to the new user so they can start accessing their needed products right away. You can assign them at the time of user creation or at a later time. Any license you assign here can be removed later or new ones can be added.
A key option in this section is setting the user’s location. This will apply restrictions to the user based on the location assigned so it’s important to set this up correctly.
As you assign licenses to the new account, the wizard will show you all the products available to the user based on those licenses. You can remove certain products from the list if you need to restrict what the user can use. For example, perhaps there are products you don’t want users to have access to or maybe you have security or compliance reasons to remove certain products for a user. Whatever the reason is, this is the section to apply those special permissions.
Note: There are rare circumstances when you may want to create a user account without assigning a license. The most common one is if you do not have the correct product license available and you wish to complete the creation of the account and come back later to assign it after you have purchased the correct license.
The Optional Settings section is used for assigning admin roles to the account (if needed) and additional profile data. This section can be skipped entirely if you don’t need to do either of these things. For most users, admin roles are not required and each company will have different requirements for the profile section.
If you need to assign a role to your new account, click on Roles to expand the area and then click on Admin center access radio button to change the account from a basic user account to an admin account.
You can now select one or more admin roles to add to the account. I highly recommend following Microsoft’s recommendation of Least Privilege model and assign only the roles required for the user to do their job function. For an explanation of the different admin roles, click on the link in the wizard or refer to Microsoft 365 Admin roles. The first admin roles displayed are the most common roles used. For the full list, scroll down and expand the Show all by category section.
If you are required to enter in profile information, expand the Profile section and fill in the required details.
This section is used to review what you’ve entered and go back to any previous sections to fix anything that is incorrect. The wizard has an edit link for each section to quickly jump back to that page so you can correct any mistake prior to completing the creation of the user account.
One more step ahead
Thank you for joining me and learning about doing one of the fundamental steps in Microsoft 365… creating user accounts. This is one of the first things you will need to do. Join me in my next post where I’ll show how to create a user account in Azure AD and assign a license to it using PowerShell.