Purpose
Identity administration manages identity objects (users, groups, service accounts, etc.)
throughout their lifecycle —from creation to deletion. It ensures that accounts are properly
provisioned, updated, and deprovisioned when users join, move, or leave the
organization.
Why It Matters – “The Life of Juan” Story
1. Juan joins a company and is given an account with admin rights to deploy an app.
2. After several years, he leaves the company. His manager forgets to close the
account.
3. The account remains active but unused.
4. Later, Juan’s personal credentials are stolen. Because he reused similar passwords,
attackers can now log into the company’s system using Juan’s still-active account.
5. The system is compromised by what appears to be a legitimate identity.
Lesson: Without proper identity administration and governance, inactive accounts become
serious security risks.
Benefits of Identity Administration
Highly configurable to align with business processes.
Agile and scalable —handles thousands of identities dynamically.
Cost-eƯective through automation.
Flexible synchronization and change control between multiple directories.
Common Identity Administration Tasks
Task Description Example
Identity Proliferation Storing identities across
multiple systems like Active
Directory, HR apps, and SaaS
tools. HR creates a new employee; that
record must exist in AD and payroll.
Provisioning /
Deprovisioning Creating or removing accounts
and access. A new hire automatically gets
access to Teams and SharePoint.
When they leave, their access is
revoked.
Identity Updates Keeping identity data current
(e.g., job title, department). Promotions trigger automatic role
and access updates.
Synchronization Ensuring all systems reflect
the latest identity info. Changes in HR flow to AD and
Entra ID in near real time.
Password
Management Handling password resets
securely. Self-service password reset via
Microsoft Entra ID reduces
helpdesk calls.
Group Management Managing groups that define
access permissions. Marketing group automatically
includes all users in the marketing
department.
Application
Entitlement
Management Controlling how users are
granted app access. Assign HR app access based on
department attributes.
User Interface How end users request
updates. A self-service portal to update
phone numbers or request access.
Change Control Managing how identity
changes are processed. Automated workflows replace
manual email requests.
Automation Tools
Tool Platform Example Command
PowerShell Best for Windows
environments. Uses verb-
noun syntax and returns
objects. New-MgUser -DisplayName "New User" -
UserPrincipalName "newuser@contoso.com"
Azure CLI Cross-platform tool ideal for
Linux or macOS. az ad user create --display-name "New User" --
password "Password" --user-principal-name
newuser@contoso.com
Choosing a Tool:
If you work in Windows , PowerShell feels natural.
If you work in Linux/macOS , Azure CLI feels more intuitive.
Microsoft Graph Overview
Microsoft Graph is a REST API that unifies access to data across Microsoft cloud services
such as Entra ID, Microsoft 365 , Intune, and Windows 10 .
Endpoint: https://graph.microsoft.com
What It Provides
One endpoint for all Microsoft cloud services.
Access to people-centric data: users, groups, devices, and insights.
Tools for automation, analytics, and app development.
Microsoft Graph Connectors
Bring external data (Box, Google Drive, Jira, Salesforce) into Microsoft Graph for
unified search and visibility.
Microsoft Graph Data Connect
Delivers Graph data securely into Azure data stores for analysis and intelligent app
building.
Example Use Case:
An admin uses Microsoft Graph API to list all inactive users for 90 days, automatically
disable their accounts, and trigger compliance alerts.