Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Microsoft Intune Cookbook

You're reading from   Microsoft Intune Cookbook Over 75 recipes for configuring, managing, and automating your identities, apps, and endpoint devices

Arrow left icon
Product type Paperback
Published in Jan 2024
Publisher Packt
ISBN-13 9781805126546
Length 574 pages
Edition 1st Edition
Languages
Tools
Arrow right icon
Author (1):
Arrow left icon
Andrew Taylor Andrew Taylor
Author Profile Icon Andrew Taylor
Andrew Taylor
Arrow right icon
View More author details
Toc

Table of Contents (17) Chapters Close

Preface 1. Chapter 1: Getting Started with Microsoft Intune FREE CHAPTER 2. Chapter 2: Configuring Your New Tenant for Windows Devices 3. Chapter 3: Securing Your Windows Devices with Security Policies 4. Chapter 4: Setting Up Enrollment and Updates for Windows 5. Chapter 5: Android Device Management 6. Chapter 6: iOS Device Management 7. Chapter 7: macOS Device Management 8. Chapter 8: Setting Up Your Compliance Policies 9. Chapter 9: Monitoring Your New Environment 10. Chapter 10: Looking at Reporting 11. Chapter 11: Packaging Your Windows Applications 12. Chapter 12: PowerShell Scripting across Intune 13. Chapter 13: Tenant Administration 14. Chapter 14: Looking at Intune Suite 15. Index 16. Other Books You May Enjoy

Creating a user

Now that our tenant has been set up, we can create our first user. This recipe will run through how to create your first user and then look at what is happening in the Graph API underneath.

Getting ready

Navigate to the Microsoft Entra portal at https://entra.microsoft.com/#home.

Here, you will find an overview of your tenant, including your tenant ID, which you will find yourself needing when setting up policies such as OneDrive within Intune. You cannot display it within Intune directly, so you will have to navigate back to Entra ID to find it.

Within Entra ID, click on Users, then All users; you will see the user you set up when enrolling the tenant. This user will have Global Administrator access across the whole tenant, so we will create a new user to test role assignment, license assignment, and group membership.

How to do it…

Follow these steps to create an additional non-admin user in your tenant. The new user screen runs across a few pages, so we will concentrate on cropped screenshots of the appropriate areas:

  1. Click on + New user and then Create new user.
  2. Fill in the basic details. You will be prompted to change your password on your first login, but if you are auto-generating, click the eye icon to show the password so that you can use it to log in later:
Figure 1.2 – Entra user details

Figure 1.2 – Entra user details

  1. Leave Groups and Roles empty for now; we will run through those in the Creating Entra ID groups recipe.
  2. Add a Usage location value on this screen; it will not let you assign a license without one set:
Figure 1.3 – Entra user license details

Figure 1.3 – Entra user license details

  1. Optionally, you can fill in Job Info, but this is not a requirement at this stage.
  2. Finally, click Create.

With that, you have created your first account in your new tenant.

Automating it

Now, we can learn how to automate user creation.

You will need the PowerShell ISE or VS Code running for this, as we will be setting variables to send to Microsoft Graph.

Follow these steps in a new PowerShell script to create your user with Microsoft Graph:

  1. First, create the variables to populate – in this case, this is everything we set in the GUI. Setting these as variables instead of hardcoding them within the JSON gives us the option to run within a loop and change the variables each time in the future:
    $displayname = "User One"
    $givenname = "User"
    $surname = "One"
    $usageLocation = "GB"
    $mailNickname = "user1"
    $password = "PASSWORD HERE"
    $domainname = "DOMAIN HERE"
  2. Now, populate the JSON with these variables:
    $json = @"
    {
        "accountEnabled": true,
        "displayName": "$displayname",
        "givenName": "$givenname",
        "mailNickname": "$mailNickname",
        "passwordProfile": {
            "forceChangePasswordNextSignIn": true,
            "password": "$password"
        },
        "surname": "$surname",
        "usageLocation": "$usageLocation",
        "userPrincipalName": "$mailnickname@$domainname"
    }
    "@

    As you can see, the JSON is a fairly straightforward array. Watch the names of the items as they are case sensitive; as an example, accountEnabled will fail if it is listed as AccountEnabled or accountenabled. The error will be a standard malformed request, so it is always a good idea to start here with any troubleshooting.

    You can also see that passwordProfile is a nested array as it has further child items.

  3. Next, tell it where to send the request. There are two versions of the Graph API – V1.0 and Beta. The Beta API receives the latest features ahead of the general release. In this case, either will work, but when creating groups, some aspects, such as being able to assign roles to them, require the beta version.
  4. Next, we must point to the Users section of the Graph API:
    $uri = "https://graph.microsoft.com/beta/users"
  5. Finally, send the request to Microsoft Graph. There are different types of requests you can use; we will run through them quickly so that you understand the difference:
    • GET: This simply retrieves values from Graph to manipulate, export, and more
    • POST: This sends new values to Graph that do not currently exist (a new user, new policy, and so on)
    • PATCH: This updates an existing record
    • PUT: This is similar to PATCH but needs a full URL, including the ID being created
    • DELETE: This deletes whatever you are pointing it at

    This is a new account we are creating, and a PUT request is more complex than a POST request, so we will stick with POST:

    Invoke-MgGraphRequest -Method POST -Uri $uri -Body $json -ContentType "application/json"

    This command sends a POST request to the URL we specified earlier (in this case, users) to pass the JSON we wrote. The content type tells it to look for JSON.

Now that we have our user, we can assign a role to it.

You have been reading a chapter from
Microsoft Intune Cookbook
Published in: Jan 2024
Publisher: Packt
ISBN-13: 9781805126546
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime