You're reading from Microsoft Intune Cookbook

Product typeBook

Published inJan 2024

PublisherPackt

ISBN-139781805126546

Edition1st Edition

Concepts

Cloud Security

Author (1)

Andrew Taylor

Creating a user

Now that our tenant has been set up, we can create our first user. This recipe will run through how to create your first user and then look at what is happening in the Graph API underneath.

Getting ready

Navigate to the Microsoft Entra portal at https://entra.microsoft.com/#home.

Here, you will find an overview of your tenant, including your tenant ID, which you will find yourself needing when setting up policies such as OneDrive within Intune. You cannot display it within Intune directly, so you will have to navigate back to Entra ID to find it.

Within Entra ID, click on Users, then All users; you will see the user you set up when enrolling the tenant. This user will have Global Administrator access across the whole tenant, so we will create a new user to test role assignment, license assignment, and group membership.

How to do it…

Follow these steps to create an additional non-admin user in your tenant. The new user screen runs across a few pages, so we will concentrate on cropped screenshots of the appropriate areas:

Click on + New user and then Create new user.
Fill in the basic details. You will be prompted to change your password on your first login, but if you are auto-generating, click the eye icon to show the password so that you can use it to log in later:

Figure 1.2 – Entra user details

Leave Groups and Roles empty for now; we will run through those in the Creating Entra ID groups recipe.
Add a Usage location value on this screen; it will not let you assign a license without one set:

Figure 1.3 – Entra user license details

Optionally, you can fill in Job Info, but this is not a requirement at this stage.
Finally, click Create.

With that, you have created your first account in your new tenant.

Automating it

Now, we can learn how to automate user creation.

You will need the PowerShell ISE or VS Code running for this, as we will be setting variables to send to Microsoft Graph.

Follow these steps in a new PowerShell script to create your user with Microsoft Graph:

First, create the variables to populate – in this case, this is everything we set in the GUI. Setting these as variables instead of hardcoding them within the JSON gives us the option to run within a loop and change the variables each time in the future:
```
$displayname = "User One"
$givenname = "User"
$surname = "One"
$usageLocation = "GB"
$mailNickname = "user1"
$password = "PASSWORD HERE"
$domainname = "DOMAIN HERE"
```
Now, populate the JSON with these variables:
```
$json = @"
{
    "accountEnabled": true,
    "displayName": "$displayname",
    "givenName": "$givenname",
    "mailNickname": "$mailNickname",
    "passwordProfile": {
        "forceChangePasswordNextSignIn": true,
        "password": "$password"
    },
    "surname": "$surname",
    "usageLocation": "$usageLocation",
    "userPrincipalName": "$mailnickname@$domainname"
}
"@
```
As you can see, the JSON is a fairly straightforward array. Watch the names of the items as they are case sensitive; as an example, accountEnabled will fail if it is listed as AccountEnabled or accountenabled. The error will be a standard malformed request, so it is always a good idea to start here with any troubleshooting.
You can also see that passwordProfile is a nested array as it has further child items.
Next, tell it where to send the request. There are two versions of the Graph API – V1.0 and Beta. The Beta API receives the latest features ahead of the general release. In this case, either will work, but when creating groups, some aspects, such as being able to assign roles to them, require the beta version.
Next, we must point to the Users section of the Graph API:
```
$uri = "https://graph.microsoft.com/beta/users"
```
Finally, send the request to Microsoft Graph. There are different types of requests you can use; we will run through them quickly so that you understand the difference:
- GET: This simply retrieves values from Graph to manipulate, export, and more
- POST: This sends new values to Graph that do not currently exist (a new user, new policy, and so on)
- PATCH: This updates an existing record
- PUT: This is similar to PATCH but needs a full URL, including the ID being created
- DELETE: This deletes whatever you are pointing it at
This is a new account we are creating, and a PUT request is more complex than a POST request, so we will stick with POST:
```
Invoke-MgGraphRequest -Method POST -Uri $uri -Body $json -ContentType "application/json"
```
This command sends a POST request to the URL we specified earlier (in this case, users) to pass the JSON we wrote. The content type tells it to look for JSON.

Now that we have our user, we can assign a role to it.

You have been reading a chapter from

Microsoft Intune Cookbook

Published in: Jan 2024Publisher: PacktISBN-13: 9781805126546

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

undefined

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at €14.99/month. Cancel anytime

Author (1)

Andrew Taylor

Andrew Taylor is an End-User Compute architect with 20 years IT experience across industries and a particular interest in Microsoft Cloud technologies, PowerShell and Microsoft Graph. Andrew graduated with a degree in Business Studies in 2004 from Lancaster University and since then has obtained numerous Microsoft certifications including Microsoft 365 Enterprise Administrator Expert, Azure Solutions Architect Expert and Cybersecurity Architect Expert amongst others. He currently working as an EUC Architect for an IT Company in the United Kingdom, planning and automating the products across the EUC space. Andrew lives on the coast in the North East of England with his wife and two daughters.
Read more about Andrew Taylor

Personalised recommendations for you

Based on your interests and search pattern

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Attacks will help you understand how to identify attack surfaces and detect vulnerabilities. This book takes a hands-on approach to implementation and associated methodologies and equips you with the knowledge and skills needed to effectively combat web attacks.

BookAug 2023338 pages

Automotive Cybersecurity Engineering Handbook

This Automotive Cybersecurity Engineering Handbook untangles the complexities of building secure automotive products and helps you to comply with cybersecurity standards. It provides practical tools, tips, and techniques coupled with real-world examples to enable you to create cyber-resilient automotive products with ease.

BookOct 2023392 pages

Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

This book will help you to design, develop, and operate security controls on Google Cloud as well as discover best practices for relevant security domains, including identity and access management, network, and data.

BookAug 2023496 pages

Cloud Penetration Testing for Red Teamers

The advent of cloud networks and the AWS, Azure, and GCP platforms has revolutionized how companies of all sizes in all industries do business online. This book will help you meet the emerging demand for pentesting as it guides you through the tools, techniques, and security measures used by pentesters and red teamers in the 2020s and beyond.

BookNov 2023298 pages

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Certification Guide is an enterprise IT risk management professional’s dream. With its in-depth approach and various self-assessment exercises, this book arms you with knowledge of every single aspect of the certification, and is a fantastic career companion after you’re certified.

BookSep 2023316 pages5

Burp Suite Cookbook

Burp Suite is an immensely powerful and popular tool for web application security testing. This book provides a collection of recipes that address vulnerabilities in web applications and APIs. It offers guidance on how to configure Burp Suite, make the most of its tools, and explore into its extensions.

BookOct 2023450 pages

Building and Automating Penetration Testing Labs in the Cloud

This hands-on guide will help you design and build a variety of penetration testing labs that mimic modern cloud environments running on AWS, Azure, and GCP. In addition to these, you will explore a number of practical strategies on how to manage the complexity, cost, and security risks involved when setting up vulnerable cloud lab environments.

BookOct 2023562 pages

Ethical Hacking Workshop

As cyber-attacks grow and APT groups advance their skillset, you need to be able to protect your enterprise against cyber-attacks. In order to limit your attack surface, you need to ensure that you leverage the same skills and tools that an adversary may use to hack your environment and discover the security gaps. This book will teach you how to think like a hacker, use state-of-the-art hacking tools, and protect yourself and your organizaiton.

BookOct 2023220 pages

Windows Forensics Analyst Field Guide

This book contains step-by-step processes to guide you in any investigation related to Windows OS. You’ll find out how to acquire evidence using multiple tools as well as examine and analyze the collected artifacts, while discovering multiple techniques used in real-world forensic incidents.

BookOct 2023318 pages

Implementing DevSecOps Practices

This book is a comprehensive, hands-on guide for individuals new to DevSecOps who want to implement DevSecOps practices successfully and efficiently. With its help, you’ll be able to shift security toward the left, enabling you to merge security into coding in no time.

BookDec 2023258 pages