Purpose of User Accounts
Every user who needs to access Azure or Microsoft 365 resources must have an Entra user account. This account holds:
Upon authentication, Entra issues an access token defining what resources the user can access and what actions they can perform.
User Management in the Azure Portal
Navigation Path: Microsoft Entra admin center → Identity → Users → All Users
Administrators can:
Use the Directory + Subscription panel or Switch Directory button to change tenants.
Types of Users in Microsoft Entra ID
| Type | Description | Source | Example Scenario |
|---|---|---|---|
| Cloud Identities | Users created directly in Microsoft Entra ID. Managed entirely in the cloud. | Microsoft Entra ID | A Contoso HR admin creates admin@contoso.com for a remote HR consultant. |
| Directory-Synchronized Identities | Users synchronized from on-premises AD using Entra Connect. | Windows Server AD | Existing AD users automatically synced to Azure. |
| Guest Users | External users invited to collaborate via B2B. | Invited user / External directory | A Fabrikam vendor logs in to Contoso’s project site. |
Key Insight: Cloud identities are managed in Entra directly, while synced identities are mastered in on-prem AD and cannot be edited in the cloud (except for cloud-only attributes).