Configure and manage Microsoft Entra tenants, create and manage identities, handle external users and tenants, and implement hybrid identity solutions.
This domain covers the full scope of user identity management within Microsoft Entra ID. It includes configuring and managing a Microsoft Entra tenant — built-in and custom roles, administrative units, effective permissions, domains, company branding, and tenant-level settings for users, groups, and devices. Candidates must be able to create, configure, and manage Microsoft Entra identities including users, groups, custom security attributes, bulk operations via PowerShell and the admin center, device join and registration, and license management. The domain also covers implementing and managing identities for external users and tenants — external collaboration settings, inviting external users, cross-tenant access settings and synchronization, and configuring external identity providers using protocols such as SAML and WS-Fed. Finally, it addresses hybrid identity implementation including Microsoft Entra Connect Sync and Cloud Sync, password hash synchronization, pass-through authentication, seamless SSO, migration from AD FS, and Microsoft Entra Connect Health. (20–25% of exam)
5 minutes
5 Questions
Implementing and managing user identities is a core responsibility of a Microsoft Identity and Access Administrator. This involves creating, configuring, and maintaining user accounts within Microsoft Entra ID (formerly Azure Active Directory) to ensure secure and efficient access to organizational resources.
**User Identity Creation and Configuration:**
Administrators create user accounts either directly in Microsoft Entra ID (cloud-only identities) or synchronize them from on-premises Active Directory using Microsoft Entra Connect. Bulk operations can be performed using PowerShell, Microsoft Graph API, or CSV imports through the Azure portal.
**Managing User Properties:**
This includes configuring user attributes such as display names, job titles, departments, usage locations, and contact information. Administrators assign licenses, roles, and group memberships to control access to Microsoft 365 services and enterprise applications.
**External Identities:**
Administrators manage guest users (B2B collaboration) by inviting external partners and configuring their access permissions. This ensures secure collaboration while maintaining organizational boundaries.
**User Lifecycle Management:**
This encompasses the entire identity lifecycle — from onboarding (provisioning) to offboarding (deprovisioning). Administrators use features like automated provisioning, access reviews, and entitlement management to streamline these processes. Deleted users can be restored within a 30-day soft-delete period.
**Self-Service Capabilities:**
Configuring self-service password reset (SSPR) and self-service group management reduces administrative overhead while empowering users to manage certain aspects of their identities independently.
**Administrative Units:**
Administrators use administrative units to delegate management of specific subsets of users to designated administrators, enabling granular role-based administration.
**Hybrid Identity Management:**
For organizations with on-premises infrastructure, administrators configure directory synchronization, manage password hash sync, pass-through authentication, or federation to ensure seamless identity experiences across environments.
**Monitoring and Auditing:**
Administrators leverage audit logs, sign-in logs, and identity protection features to monitor user activities, detect anomalies, and ensure compliance with security policies.
Effective user identity management forms the foundation of a Zero Trust security model, ensuring that the right people have appropriate access to the right resources.Implementing and managing user identities is a core responsibility of a Microsoft Identity and Access Administrator. This involves creating, configuring, and maintaining user accounts within Microsoft Entra ID (formerly Azure Active Directory) to ensure secure and efficient access to organizational…
