How to create users in Microsoft Azure using Microsoft Entra ID

Introduction

Managing user identities is one of the most fundamental tasks in any cloud environment. Microsoft Azure handles this through Microsoft Entra ID (formerly known as Azure Active Directory or Azure AD), a cloud-based identity and access management service.

Whether you're onboarding a new employee, creating a service account, or setting up a guest collaborator, Entra ID gives you a centralized place to manage who has access to your organization's resources.

In this guide, we'll walk through everything you need to know to create users in Microsoft Azure using Microsoft Entra ID — from prerequisites to post-creation best practices.

What Is Microsoft Entra ID?

Microsoft Entra ID is Azure's identity platform. It acts as the central directory for your organization, storing user accounts, groups, and application registrations. Every Azure subscription is tied to an Entra ID tenant, making it the backbone of access control across Microsoft 365, Azure resources, and thousands of third-party SaaS applications.

Key capabilities include:

• Single Sign-On (SSO) — One identity for multiple applications
• Multi-Factor Authentication (MFA) — Enhanced security for sign-ins
• Role-Based Access Control (RBAC) — Fine-grained permissions management
• Conditional Access — Policies that enforce security conditions at sign-in

Prerequisites

Before creating users, make sure you have the following:

• An active Azure subscription
• An account with one of these roles in Entra ID:
  • User Administrator
  • Global Administrator
• Access to the Azure Portal at https://portal.azure.com

Method 1: Create a User via the Azure Portal (GUI)

This is the most beginner-friendly approach and works well for creating users one at a time.

Step 1 — Sign In to the Azure Portal

Navigate to https://portal.azure.com and sign in with your administrator account.

Azure Portal home page

Step 2 — Open Microsoft Entra ID

In the left-hand navigation menu (or by using the search bar at the top), search for "Microsoft Entra ID" and click on it.

Searching for Microsoft Entra ID in the portal

Step 3 — Navigate to the Users Section

In the Entra ID blade, look at the left sidebar and click on "Users" under the Manage section.

Users option in Entra ID left menu

Step 4 — Click "New User"

At the top of the Users page, click the "+ New user" button. A dropdown will appear with two options:

• Create new user — For members of your organization
• Invite external user — For guest/B2B collaborators

Select "Create new user" for internal accounts.

Step 5 — Fill In the User Details

You'll now see the Create new user form. Fill in the required fields:

Identity

Password

• Choose Auto-generate password to let Azure create a secure temporary password, or
• Select Let me create the password to define one yourself

The user will be prompted to change the password on their first sign-in.

Create new user form — Identity section

Step 6 — Configure Properties (Optional but Recommended)

Click on the "Properties" tab to fill in additional details:

• First name / Last name
• Job title
• Department
• Company name
• Office location
• Usage location (required if you plan to assign Microsoft 365 licenses)
• 

Properties tab with optional fields]

Step 7 — Assign Roles (Optional)

Click on the "Assignments" tab to assign:

• Directory roles — e.g., User Administrator, Global Reader
• Groups — Add the user to existing security or Microsoft 365 groups
• Administrative units — Scope the user to a specific unit

For most standard users, no directory role is needed at this stage.

Assignments tab — Roles and Groups

Step 8 — Review and Create

Click the "Review + create" tab to see a summary of the user configuration. If everything looks correct, click "Create".

Azure will provision the user account within seconds.

Review + Create summary page

Step 9 — Retrieve the Temporary Password

Once the user is created, a confirmation page will show the temporary password. Make sure to copy this and share it securely with the new user — this is the only time it will be displayed.

Method 2: Create a User via Azure CLI

For admins who prefer automation or need to create multiple users quickly, the Azure CLI is a powerful alternative.

Prerequisites

• Azure CLI installed
• Logged in via az login

Command

az ad user create \
  --display-name "Jane Smith" \
  --user-principal-name jane.smith@yourdomain.com \
  --password "TempP@ssword123!" \
  --force-change-password-next-sign-in true

Verify the User Was Created

az ad user show --id jane.smith@yourdomain.com

Post-Creation Checklist

After creating a user, here are the next steps to complete their setup:

• [ ] Assign licenses — Navigate to the user's profile → Licenses → Add assignment (e.g., Microsoft 365 Business)
• [ ] Add to groups — Place the user in the appropriate security or distribution groups
• [ ] Configure MFA — Enable multi-factor authentication for enhanced security
• [ ] Set usage location — Required before license assignment
• [ ] Share credentials — Securely communicate the temporary password and sign-in URL
• [ ] Verify sign-in — Confirm the user can log in and reset their password

Types of Users in Microsoft Entra ID

Understanding user types helps you choose the right creation method:

Common Issues and Troubleshooting

"You don't have permission to create users" → Ensure your account has the User Administrator or Global Administrator role.

"User principal name is already taken" → The UPN must be unique across your tenant. Try a different alias or domain.

"Usage location not set" when assigning licenses → Go to the user's profile → Properties → Edit → Set the Usage location field.

User not receiving the welcome email → Check spam/junk folders. Guest invitation emails come from invites@microsoft.com.

Best Practices

• Use a naming convention for UPNs (e.g., firstname.lastname@domain.com) for consistency
• Always set the usage location before assigning Microsoft 365 licenses
• Enforce MFA from day one — especially for admin accounts
• Use groups for access management rather than assigning permissions directly to individual users
• Regularly audit inactive accounts and disable or delete them to reduce security risks
• Use Privileged Identity Management (PIM) for time-limited, just-in-time admin role assignments

Conclusion

Microsoft Entra ID makes user management in Azure straightforward, whether you're working through the portal GUI, the CLI, or automating via PowerShell and the Graph API. With the steps outlined in this guide, you can confidently create and configure users, assign them to the right groups and roles, and follow security best practices from the start.

As your organization grows, exploring features like dynamic groups, lifecycle workflows, and automated provisioning will help you scale identity management efficiently.

Have questions or feedback? Drop them in the comments below. Don't forget to share this guide with your team!