Microsoft entra helps you protect all your identities and secure network access everywhere and enter ID is the foundation for the entire Cloud because it's Microsoft's identity solution and no matter if you're using Azure InTune M365 services or Dynamics you're still signing in with an identity and all of your IDs get managed right here in the enter admin Center which you can find at entra.microsoft.com now your intra ID environment is called a tenant and a tenant is just like you renting the place where you live you don't have to maintain the building or go fix the water heater you just use it here on the overview tab you'll find your tenant ID and that's the unique identifier that keeps your stuff separate from everybody else you'll also get a domain name which you can customize like I have and I'll show you how to do that a little bit later you've also got a license type now enter ID has multiple license levels and P2 has some of the most advanced features but the cool thing is that these are not an All or Nothing choice you can have P1 licenses for all of your general users and then P2 for your admins which you would need if you want to use privileged identity management which is a type of just-in-time access that lets your admins have the rights of just normal users day to day but they can go through a process and Elevate their user permissions to admin level for a short time so they can do a specific task this can be a real Lifesaver if your admin credentials ever get compromised and you can read this Doc and all the other details in the description below back on the overview we've got a count here for all the users groups apps and devices that are managed in this tenant and scrolling down you'll have an alert section with the things that enter ID service thinks you should be aware of scroll further down and you'll see some highlighted features so that you can get the most out of your enter ID tenant scroll back up to the top and go to the properties tab this is where you can give your tenant a name and you also have your region and data location now enter ID is a globally load balanced SAS service with endpoints across all of the Azure regions but your tenants data location could be really important if you've got data sovereignty requirements and if for some reason your tenant's not in the right place you can put in a support ticket and get that moved next you've got your technical contact which those support folks would want to know and they can also reach back out to you with any tenant-wide problems scroll down and you'll see the access management for Azure resources now this is a feature that is quite misunderstood so let me explain like I said in the beginning every cloud service requires an identity Azure is a subscription-based resource provider and it has its own permissions model but the identities still come from enter ID which means that every subscription is connected to one enter ID tenant but your tenant could be connected to many different subscriptions and this toggle switch can only be accessed by the enter ID Global admins and its purpose is to give their account the rights to the root of the Azure subscriptions that way they can control permissions inside Azure and that shows up on the Azure side as the user access administrator role and you need this if you're setting up a subscription for the first time or if something has gone terribly wrong and you've lost access to your descriptions and you need to reclaim it once you do by the way you should add yourself as the subscription owner and then you can go back and remove the access administrator and this is the beginning of a whole intra ID Series so that you can learn everything that you're interested in so it'd be a really big help if you would click the like button on this video so our wonderful YouTube overlords would know that you found this video helpful and it should be shared with more viewers now let's take a look at your users on the left and you basically manage users and groups kind of the same way there are several different kinds of user accounts the ones you create here in the portal are known as Cloud native users then we also have synced users and also guest users which also calls in B2B and b2c accounts now when you create a user you have to choose if that should be Cloud native or if you want to invite a guest and every user will need a UPN a display name and a password which has been auto-generated for you then click click next and there is a ton of metadata that you can assign to your users as it has value in your environment just like active directory so fill out the stuff here as you need to and click next and this is where you assign permissions to your users and you can add that by administrative unit which is actually a deep dive into itself so if you want more on that comment below and let me know or you can do it through a group that could have permissions assigned to it already or a direct role assignment and these roles here are enter ID roles not any permission in Azure or any other Cloud once you've got that done click next and then review all of your details just to be sure it's right and then click create now the other way to bring in a user into enter ID is to sync them so on the left click show more and open hybrid management here you can connect active directory domains to enter ID using Cloud sync or connectsync now connect sync is is the older brother it's been around for a long time and has a lot of features in it it's a thick application that you'll install on a server in your domain and then you manage it from on premise Cloud sync is the new kit on the Block and it does still have some growing up to do but the biggest benefit is that the agent is very small and it can be installed on any one of your domain servers and then you manage everything here in the cloud and I've got a deep dive for each one of those back on my channel that you can watch after this now groups are handled in much the same way as users they could be Cloud native or synced and if we create a group you've got two types to choose from security which are the permissions type groups and then M365 groups which are generally used more for collaboration and your group is going to need a name and a description wouldn't hurt either and then you can choose to add an enter ID role to this group for example you could give a role like directory reader and then you just drop new users into that group and that makes management easier since you manage permissions on one group instead of 10 000 individual users speaking of management your groups should have an owner so if anyone has a problem or a question about your group they know who to talk to and of course your group will need some members and those members could be users groups or applications and that's assigning things directly if we toggle off the enter ID role you have the option of choosing a dynamic user or device group then you just click here and add your query which could be something like a company for the property an operator is equals and the value is Cookie Co since I'm syncing my cookie code domain users into my enter ID tenant and then you can switch over here to the validate Tab and then just click here and select some users and you see all of my cookie users would be in this group but Iron Man Would Not which kind of goes to show Money Can't buy everything just be aware that when you're creating a dynamic group it could take several hours before that group actually gets populated once you're done click save at the top and then create your group and now that you have users and groups which control access into your environment what about authentication and security well I've got a deep dive on that right over here and happy learning