{
	"id": "7f7d4e55-7d91-464d-8934-ecbf15440577",
	"created_at": "2026-04-06T15:53:43.289339Z",
	"updated_at": "2026-04-10T13:11:21.491152Z",
	"deleted_at": null,
	"sha1_hash": "c5754dc4889da6ad19545073e81cfd39c80d6e3b",
	"title": "How to create or delete users in Microsoft Entra ID - Microsoft Entra",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 290182,
	"plain_text": "How to create or delete users in Microsoft Entra ID - Microsoft\r\nEntra\r\nBy shlipsey3\r\nArchived: 2026-04-06 15:32:10 UTC\r\nMicrosoft Entra ID allows you to create several types of users in your tenant, which provides greater flexibility in\r\nhow you manage your organization's users.\r\nThis article explains how to create a new user, invite an external guest, and delete a user in your workforce tenant.\r\nIt also includes information about creating users in an external tenant for Microsoft Entra External ID scenarios.\r\nBefore you create or invite a new user, take some time to review the types of users, their authentication methods,\r\nand their access within your Microsoft Entra workforce tenant. For example, do you need to create an internal\r\nguest, an internal user, or an external guest? Does your new user need guest or member privileges?\r\nA Microsoft Entra workforce tenant has the following user types:\r\nInternal member: These users are most likely full-time employees in your organization.\r\nInternal guest: These users have an account in your tenant, but have guest-level privileges. It's possible\r\nthey were created within your tenant prior to the availability of B2B collaboration.\r\nExternal member: These users authenticate using an external account, but have member access to your\r\ntenant. These types of users are common in multitenant organizations.\r\nExternal guest: These users are true guests of your tenant who authenticate using an external method and\r\nwho have guest-level privileges.\r\nFor more information about the differences between internal and external guests and members, see B2B\r\ncollaboration properties.\r\nAuthentication methods vary based on the type of user you create. Internal guests and members have credentials in\r\nyour Microsoft Entra tenant that can be managed by administrators. These users can also reset their own\r\npassword. External members authenticate to their home Microsoft Entra tenant and your Microsoft Entra tenant\r\nauthenticates the user through a federated sign-in with the external member's Microsoft Entra tenant. If external\r\nmembers forget their password, the administrator in their Microsoft Entra tenant can reset their password. External\r\nguests set up their own password using the link they receive in email when their account is created.\r\nReviewing the default user permissions may also help you determine the type of user you need to create. For more\r\ninformation, see Set default user permissions.\r\nA Microsoft Entra tenant in an external configuration is used exclusively for Microsoft Entra External ID\r\nscenarios. An external tenant can include the following user types:\r\nhttps://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-users-azure-active-directory\r\nPage 1 of 10\n\nInternal user: These users authenticate internally, and are typically admins with assigned Microsoft Entra\r\nroles in your external tenant.\r\nExternal user: These users are consumers and business customers of the apps registered in your external\r\ntenant. They have a local account with default user privileges and authenticate via a local account or via\r\nexternal identity providers. See how to create a new external user.\r\nExternal guest: These users sign in with their own external credentials and are typically admins with\r\nassigned Microsoft Entra roles in your external tenant.\r\nFor more information, see Default user permissions for external tenants.\r\nThe required role of least privilege varies based on the type of user you're adding and if you need to assign\r\nMicrosoft Entra roles at the same time. Whenever possible you should use the least privileged role.\r\nTask Role\r\nCreate a new user User Administrator\r\nInvite an external guest Guest Inviter\r\nAssign Microsoft Entra roles Privileged Role Administrator\r\nFollow these steps:\r\n1. Sign in to the Microsoft Entra admin center as at least a User Administrator.\r\n2. Browse to Entra ID \u003e Users.\r\nScreenshot of the All users page in Microsoft Entra ID.\r\n3. Select New user \u003e Create new user.\r\nhttps://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-users-azure-active-directory\r\nPage 2 of 10\n\n4. Complete the remaining tabs in the New user page.\r\nBasics\r\nThe Basics tab contains the core fields required to create a new user. Before you begin, review the\r\nguidance on user name properties.\r\nUser principal name: Enter a unique username and select a domain from the menu after the @\r\nsymbol. Select Domain not listed if you need to create a new domain. For more information, see\r\nAdd your custom domain name.\r\nMail nickname: If you need to enter an email nickname that is different from the user principal\r\nname you entered, uncheck the Derive from user principal name option, then enter the mail\r\nnickname.\r\nDisplay name: Enter the user's name, such as Chris Green or Chris A. Green\r\nPassword: Provide a password for the user to use during their initial sign-in. Uncheck the Auto-generate password option to enter a different password.\r\nAccount enabled: This option is checked by default. Uncheck to prevent the new user from being\r\nable to sign-in. You can change this setting after the user is created. This setting was called Block\r\nsign in in the legacy create user process.\r\nEither select the Review + create button to create the new user or Next: Properties to complete the next\r\nsection.\r\nhttps://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-users-azure-active-directory\r\nPage 3 of 10\n\nEither select the Review + create button to create the new user or Next: Properties to complete the next\r\nsection.\r\nProperties\r\nThere are six categories of user properties you can provide. These properties can be added or updated after\r\nthe user is created. To manage these details, go to Entra ID \u003e Users and select a user to update.\r\nIdentity: Enter the user's first and last name. Set the User type as either Member or Guest.\r\nJob information: Add any job-related information, such as the user's job title, department, or\r\nmanager.\r\nContact information: Add any relevant contact information for the user.\r\nParental controls: For organizations like K-12 school districts, the user's age group may need to be\r\nprovided. Minors are 12 and under, Not adult are 13-18 years old, and Adults are 18 and over. The\r\ncombination of age group and consent provided by parent options determine the Legal age group\r\nclassification. The Legal age group classification may limit the user's access and authority.\r\nSettings: Specify the user's global location.\r\nhttps://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-users-azure-active-directory\r\nPage 4 of 10\n\nEither select the Review + create button to create the new user or Next: Assignments to complete the next\r\nsection.\r\nAssignments\r\nYou can assign the user to an administrative unit, group, or Microsoft Entra role when the account is\r\ncreated. You can assign the user to up to 20 groups or roles. You can only assign the user to one\r\nadministrative unit. Assignments can be added after the user is created.\r\nTo assign a group to the new user:\r\n1. Select + Add group.\r\n2. From the menu that appears, choose up to 20 groups from the list and select the Select button.\r\n3. Select the Review + create button.\r\nTo assign a role to the new user:\r\n1. Select + Add role.\r\n2. From the menu that appears, choose up to 20 roles from the list and select the Select button.\r\n3. Select the Review + create button.\r\nTo add an administrative unit to the new user:\r\n1. Select + Add administrative unit.\r\n2. From the menu that appears, choose one administrative unit from the list and select the Select\r\nbutton.\r\n3. Select the Review + create button.\r\nReview and create\r\nThe final tab captures several key details from the user creation process. Review the details and select the\r\nCreate button if everything looks good.\r\n1. Sign in to the Microsoft Entra admin center as at least a User Administrator.\r\n2. Make sure you're signed in to your external tenant. Use the Settings icon in the top menu to switch to\r\nyour external tenant from the Directories + subscriptions menu.\r\nhttps://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-users-azure-active-directory\r\nPage 5 of 10\n\n3. Browse to Entra ID \u003e Users.\r\n4. Select New user \u003e Create new external user.\r\nScreenshot of the create new external user menu in Microsoft Entra ID.\r\n5. On the Create new user page, complete the Basics tab as described earlier in this article, but with these\r\nvariations:\r\nInstead of a user principal name and mail nickname, specify the user's email for sign-in. Next to\r\nIdentities, under Sign-in method, choose Email. Under Value, enter the user's email address.\r\nTo add multiple emails for the user, select the Add button.\r\n6. (Optional) Select Next: Properties. Complete the Properties tab as described earlier in this article, but note\r\nthese variations:\r\nIn the Identity section, the User type setting doesn't affect external users and can be left at the\r\ndefault Member setting.\r\nThe Authorization info field is unavailable for external users.\r\nUnder Job Information, the employee and manager-related information is unavailable for external\r\nusers.\r\n7. (Optional) Select Next: Assignments. Complete the Assignments tab as described earlier in this article, but\r\nnote that the Add administrative unit and Add role options are unavailable for external users.\r\n8. Select the Review + create button to create the new user.\r\nThe overall process for inviting an external guest user is similar, except for a few details on the Basics tab and the\r\nemail invitation process. You can't assign external users to administrative units.\r\nNote\r\nThis feature applies to both workforce and external tenants, but is currently in preview for external tenants.\r\n1. Sign in to the Microsoft Entra admin center as at least a User Administrator.\r\n2. Browse to Entra ID \u003e Users.\r\n3. Select New user \u003e Invite external user.\r\nhttps://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-users-azure-active-directory\r\nPage 6 of 10\n\n4. Complete the remaining tabs in the New user page (as shown below).\r\nBasics for external users\r\nIn this section, you're inviting the guest to your tenant using their email address. If you need to create a\r\nguest user with a domain account, use the create new user process but change the User type to Guest.\r\nEmail: Enter the email address for the guest user you're inviting.\r\nDisplay name: Provide the display name.\r\nInvitation message: Select the Send invite message checkbox to customize a brief message to the\r\nguest. Provide a Cc recipient, if necessary.\r\nhttps://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-users-azure-active-directory\r\nPage 7 of 10\n\nGuest user invitations\r\nWhen you invite an external guest user by sending an email invitation, you can check the status of the\r\ninvitation from the user's details.\r\n1. Browse to Entra ID \u003e Users.\r\n2. Select the invited guest user.\r\n3. In the My Feed section, locate the B2B collaboration tile.\r\nIf the invitation state is PendingAcceptance, select the Resend invitation link to send\r\nanother email.\r\nYou can also select the Properties for the user and view the Invitation state.\r\nhttps://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-users-azure-active-directory\r\nPage 8 of 10\n\nAdd other users\r\nThere might be scenarios in which you want to manually create consumer accounts in your Azure Active\r\nDirectory B2C (Azure AD B2C) directory. For more information about creating consumer accounts, see\r\nCreate and delete consumer users in Azure AD B2C.\r\nIf you have an environment with both Microsoft Entra ID (cloud) and Windows Server Active Directory\r\n(on-premises), you can add new users by syncing the existing user account data. For more information\r\nabout hybrid environments and users, see Integrate your on-premises directories with Microsoft Entra ID.\r\nYou can delete an existing user using the Microsoft Entra admin center.\r\n1. You must have at least the User Administrator role assignment to delete users in your organization.\r\n2. Those with the Privileged Authentication Administrator role can delete any users including other\r\nadministrators.\r\n3. User Administrators can delete any non-admin users, Helpdesk Administrators, and other User\r\nAdministrators.\r\n4. For more information, see Administrator role permissions in Microsoft Entra ID.\r\nTo delete a user, follow these steps:\r\n1. Sign in to the Microsoft Entra admin center as at least a User Administrator.\r\nhttps://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-users-azure-active-directory\r\nPage 9 of 10\n\n2. Browse to Entra ID \u003e Users.\r\n3. Search for and select the user you want to delete.\r\n4. Select Delete user.\r\nThe user is deleted and no longer appears on the All users page. The user can be seen on the Deleted users\r\npage for the next 30 days and can be restored during that time. For more information about restoring a user,\r\nsee Restore or remove a recently deleted user using Microsoft Entra ID.\r\nWhen a user is deleted, any licenses consumed by the user are made available for other users.\r\nNote\r\nTo update the identity, contact information, or job information for users whose source of authority is\r\nWindows Server Active Directory, you must use Windows Server Active Directory. After you complete the\r\nupdate, you must wait for the next synchronization cycle to complete before you'll see the changes.\r\nLearn about B2B collaboration users\r\nReview the default user permissions\r\nAdd a custom domain\r\nSource: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-users-azure-active-directory\r\nhttps://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-users-azure-active-directory\r\nPage 10 of 10",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-users-azure-active-directory"
	],
	"report_names": [
		"add-users-azure-active-directory"
	],
	"threat_actors": [],
	"ts_created_at": 1775490823,
	"ts_updated_at": 1775826681,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c5754dc4889da6ad19545073e81cfd39c80d6e3b.pdf",
		"text": "https://archive.orkl.eu/c5754dc4889da6ad19545073e81cfd39c80d6e3b.txt",
		"img": "https://archive.orkl.eu/c5754dc4889da6ad19545073e81cfd39c80d6e3b.jpg"
	}
}