User management in Azure AD

In today's world, helping people connect in a secure manner is crucial, especially as everyone moves to the cloud. Companies need to be cognizant about how to secure their resources, identify their users, figure out which users can access which resources, etc. They need to be empowered to provide their users with just enough permissions to do their job and when their job is done remove their access.

Security is a complex space to navigate. With that in mind, Azure attempts to solve these complex problems using Azure AD, part of Microsoft Entra - Microsoft's Identity and Access management service which provides customers with a solution to manage their users, and control their access centrally. Azure AD provides multiple interfaces to manage users to cater to various personas including the Microsoft Graph APIs, PowerShell commandlets, and administration UX in the Azure Portal.

Couple years ago I joined the Identity division at Microsoft to run the engineering team focused on User and tenant management. The past few months the team has been focused on enhancing our UX capabilities for user management which has just gone into public preview. This seemed like a good time for me to get out of my hiatus and blog about it, so here goes.

Getting started

To get started, if you haven't already, you'll need to sign up your organization to Azure Active Directory. Below documentation can help you with that: Sign up your organization to use Azure Active Directory

You can now connect to https://portal.azure.com and navigate to "Azure Active Directory" > "User". Or simply go here: Users - Azure Active Directory

The All Users List experience

This is the entry point to user management and provides a single pane to view and manage all users in your organization. Among other things, you can create new users, invite external users to join your organization as guests, view and manage user properties, and perform operations such as revoking sessions, resetting passwords, disabling users or deleting them.

In this public preview we've listened to feedback and made a bunch of enhancements to address top asks from our customers.

Usability improvements

To get to a more snappier UX and to pave the way for faster iteration of our UX going forward, we've re-written it using React. Also, as part of this re-write the "load more" link at the bottom of the page is now gone and replaced with an infinite scrollign experience where we keep fetching additional users as you scroll down.

Infinite scroll experience on Users List

Additonal support for user properties

The list previously supported 14 columns and 9 filters. We've significantly increased the capabilities here to support 40+ columns and filters. Additionally, for each filter we now support multiple types of conditions such equals, not equals, in, starts with, ends with, greater than, and less than based on the data type of property being filtered on.

You can now re-order columns in the view through the column chooser button, and also by simply drag-dropping columns in the list. The filtering UX has been enhanced to support various kinds of filters for each attribute such as 'equals', 'not equals', 'starts with', 'ends with', etc. to filter the results that are most relevant.

Once you've customized your view, you can share it with team mates by simply clicking the "Copy link to current view" button in the upper right corner and sharing the copied link.

Managing deleted users

From the left menu, you can click on "Deleted users" to view users that have been soft-deleted from the system. We've applied the same enhancements to this view as well to make it a seamless experience for admins.

The user profile

Clicking on individual users in the "All users" list will take you to that user's profile. One of the top complaints we've received from customers was that the profile was cluttered with everything including viewing and editing in a single view. We've re-thought this experience to make it easier for admins by grouping various aspects of the user profile into tabs.

Overview tab

This is the default tab that is displayed when a user's profile is loaded. This is meant to provide admins with a quick glance to key information about the user. This include basic information about the user.

Also, based on the target user and the permissions you have, this tab displays a dynamic set of cards to highlight relevant items such as account status, last sign-in time, invitation status for external users, and MFA status.

User profile overview tab

What would you like to see on the overview tab? What would be most useful to you? Leave a comment below or post on your feedback website: Share your ideas - Azure AD

Monitoring tab

This is the new home for showing sign-in activity for the user.

User profile monitoring tab

Properties tab

Previously, we only allowed customers to view and manage a subset of properties on the user object. The properties tab changes that by providing a view that encapsulates most of the properties for the user that are available to customers. These are conveniently grouped into the following categories - Identity, Job information, Contact information, Parental controls, Settings, and On-premises (for users synced from an on-premises Active Directory).

User profile properties tab

You can go to the following documentation to get a better understanding of each of these properties: https://docs.microsoft.com/en-us/graph/api/resources/user

Edit experience

Editing user properties

Clicking on the pencil icon on each of the Categories in the Properties tab will take you to an editor view. You can also get to the editor by clicking the "Edit properties" quick action on the overview tab.

The tabbed editor matches the categories from the user profile and also adds a search bar to make it easier to find the property you want to modify.

User profile editor

Uploading photos

You can upload a profile photo that will reflect in various Microsoft services and products.

User photo editor

Wrapping up

As customers adopt the new public preview experience we're actively listening to feedback on the new experience and iterating on it. So keep it coming.