Hey everyone! ๐ Just wrapped up the “Manage Roles and Administrative Units [Guided]” lab on Skillsoft. This one took about 45 minutes and focused on creating users, assigning roles, and setting up administrative units in Microsoft 365. I thought I’d share how it went, step by step.
Step 1: Creating Users
The lab kicked off by asking me to create a few new users. Here’s the breakdown:
-
Jim Mills → Licensed with Microsoft Entra Suite. (If you are looking for how to create users look at my previous blog here.)
-
June Craig → Also licensed with Microsoft Entra Suite.
-
Employee 01 → Created without a license (check the "create user without product license").
Then, I had to generate a Temporary Access Pass (TAP) for June Craig, which is super handy for secure sign-ins (Make sure you have enabled TAP in Microsoft entra authentication methods).
- First step to go to the entra.microsoft.com and then go to users' section from left hand menu.
- Then click on the user's name (not the checkbox) and go to "Authentication methods" and "Add authentication methods".
- On the Add authentication methods page, I selected "Temporary Access Pass." The lab instructions say to leave the rest as default — which is fine for practice — but in a real production environment, it’s always better to follow the least privilege principle.
๐ญ My takeaway: User creation is becoming second nature now. The TAP part was new and cool — it’s like giving someone a quick one-time key to get started.
Step 2: Managing Global Role Assignments
Next, switched back to the admin center to assign roles, then tested with an Incognito window.
- Assigned Global Administrator to Jim Mills: On Microsoft 365 admin page selected Active users, selected Jim, manage admin roles, chose Admin center access, checked Global Administrator, saved.
- Assigned User Administrator to June Craig: Same process for June, checked User Administrator, saved.
- In another browser window went to admin.microsoft.com, signed in as June.Craig with her TAP.
- As June, assigned Microsoft Entra Suite license to Employee 01: Found Employee 01, Manage product licenses, selected Entra Suite, saved.
- My thoughts: Roles propagate with a delay – waited a bit for June's access. Least privilege principle is smart here.
Step 3: Creating and Managing an Administrative Unit
Final part: Created another user, set up the AU, added members and roles, created a group, assigned owner, and added group to AU.
-
Created AU: on the navigation menu, select Show All, expand Roles, and then select Administrative units. On the Administrative units page, on the command bar, select Add unit.
-
Added members: After entering IT Unit, in Name, on the Basics page, Added Employee 01 and Employee 02.
-
Assigned role: In Roles assignment page selected "User Administrator", added Employee 01 as scoped admin.
-
Reviewed and added.
-
Created security group: Groups > Active groups > Security groups > Add a security group, named Product, description Product department, created (Check here on how to create groups and assign owners).
-
Assigned owner: On Product group, Members > Owners > Add owners, selected Employee 01.
-
Added group to AU: Back to Administrative units > IT Unit > Add groups, selected Product.
-
My thoughts: AUs are great for scoped admin – limits power without global access. Fun linking users and groups.
Post-Lab Wrap-Up: Reflections and Wins
Nailed it with time to spare – outcomes all checked off. What I learned? Roles and AUs are essential for secure delegation; navigation got easier with practice. If I redo, I'll explore more on role propagation times.
This lab felt like a solid continuation from the basics of user/group management. It was hands-on, straightforward, and gave me a peek into how larger orgs organize their admin tasks without losing control.
Next up: I’ll be tackling another Microsoft 365 lab — stay tuned, because this journey is just getting started! ✌️
