Microsoft Entra ID Unified Identity Management and User Import Tutorial

In enterprise IT architecture, there is a common nightmare for all network management and security leaders:

Employee identity crummy.

When new employees join the company, they must manually create accounts in seven or eight systems such as OA, mail, finance, and cloud platforms. When an employee leaves office, once the account number of any system is deleted, it is equivalent to leaving the enterprise with a potential bomb that may be detonated by hackers at any time. Not to mention the pain of employees who can't remember more than a dozen sets of passwords and urge IT to reset them every day.

To completely end this confusion, you need a tough unified identity management center. Today we will talk about the absolute core of Microsoft's cloud ecosystem--

Microsoft Entra ID (formerly known as Azure Active Directory, or Azure AD)

.

This tutorial does not beat around the bush, uses the most down-to-earth writing style, takes you through the core architecture of Entra ID, and teaches you how to efficiently and safely import the accounts of hundreds of employees into the cloud step by step.

1. Core Concepts: What is Entra ID Unified Identity Management?

Many people simply understand Entra ID as "cloud address book", which completely underestimates it. Entra ID is the entire enterprise cloud ecosystem

"Gentry ID Card Issuing Authority"

.

Its core logic is

Single Sign-On (SSO)

and

Centralized identity governance

:

-----> [Azure/Microsoft Cloud Resources]

│

[Employee Single Account Number] ─ ─ ─ ─(SSO)─> [Office Software (O365 / Teams)]

(Entra ID managed) │

├── ─ ─ ─> [Enterprise self-research system/external SaaS (if Salesforce)]

│

_(Security Policy)-> [Trigger MFA Two-Step Verification/Block Abnormal Login]]

When an employee has an Entra ID account, he only needs to log in once to seamlessly access all the systems authorized by the company. However, IT administrators only need to freeze all the access rights of the former employees with one click in the background of Entra ID, so as to truly achieve "one man at a time, ten thousand men at a time".

2. readiness: user types and planning for Entra ID

Before moving the entire employee book to the cloud, we need to divide users into two categories based on business scenarios:

Internal User: A regular employee of your company. They own the company

The mailbox of the domain name (such as a [email protected]) can access internal core resources and applications.

External users (guests): Suppliers, partners, or external consultants of the company. They use their own public mailbox (such as Gmail or other corporate mailboxes). You "invite" them to join temporarily. They can only access specific files or items specified, and their permissions are strictly restricted.

Today, our focus is to solve the problem of how to import a large number of "internal regular employees" in batches when new employees are employed or the computer room is on the cloud ".

3. Core Combat: Two Ways to Import Users in Batch

In the face of hundreds of users, clicking "new user" one by one on the console will obviously make people socially dead. We focus on two of the most commonly used bulk import methods in production environments.

Method A: One-Click Batch Import with CSV Template (Best for SMB)

If your company currently uses Excel to manage employee lists, or has just exported a roster from another niche system, batch import with CSV is the fastest and most intuitive way to do it.

Step 1: Download the official standard template

Sign in to the Microsoft Entra admin center (or the Entra ID interface of the Azure portal).

In the left menu, click Users-> All users ".

At the top, click Bulk operations-> Bulk create ".

In the pop-up sidebar, click the "Download (Download)" button to get the official. csv template file.

Step 2: Accurately fill in the CSV matrix (Pit Avoidance Guide)

Open the downloaded CSV file with Excel or a text editor. You'll see that the first few lines are instructions and examples that Microsoft comes,

Do not delete the first two lines of the title line, otherwise the system identification will report an error!

Fill in your employee data from the third line:

Name [DisplayName] (required): The employee's name, such as Zhang San or San Zhang.

User principal name [UserPrincipalName] (required): This is the cloud login account of the employee and must be in email format. For example, [email protected] (if you bind the company's independent domain name, it is [email protected]).

Initial Password [Password] (required): Give the employee an initial password (must meet complexity requirements). It is strongly recommended to check "User must change password when logging in next time" in subsequent settings to ensure initial security.

Block Login [B

lockSignin] (Required): Enter No (if Yes, the employee's account is frozen and cannot log in).

Step 3: Upload and Verify

Once completed, save the file

UTF-8

Encoded CSV format (to prevent garbled Chinese names). Go back to the Entra ID upload page, drag the file into it, and click

"Submit"

.

Wait a moment and click "Batch Operation Results". If there are all green ticks, the import is successful. Employees can now sign in to Microsoft 365 or Azure resources using your assigned account.

Method B: Advanced hybrid cloud gameplay-Entra Connect synchronization (most suitable for large traditional enterprises)

If your company has a long history, there is already a set of running in the local computer room for many years.

Windows Server AD(Active Directory Domain Server)

, daily by HR or network management in the local maintenance, then do not use CSV repeated import.

You should use Microsoft's Ace Sync Tool:

Microsoft Entra Connect

.

[Local Room] [Microsoft Cloud]

--------------------------------------------------------------------------------------------------

│ Local Windows Server │ │ │ Microsoft Entra ID │

│ Active Directory │ │ │ (Cloud Identity Center) │

│ (local AD) │ │ │ │

│ │ │ Entra Connect │ ▲ │

│ ▼ │ │ │ │ │ │

(Incremental automatic synchronization)

│ │ Entra Connect Synchronous Machine │-----------------------------------------------------------------------------------

── ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─

│ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ │ │ │ │ │ │

NBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB

Operational logic:

Find a network-connected server in the local data center, download and install the Microsoft Entra Connect software.

The configuration wizard will let you enter the administrator credentials for the on-premises AD and the global administrator account for the cloud Entra ID.

Once the connection is established, the software acts as a "mouthpiece", automatically scanning for changes in the local AD every 30 minutes.

If you create a new user in the local computer room or change the password of an employee, the Entra ID in the cloud will be automatically updated within half an hour. Employees can even use the same password to boot locally and log in to the cloud (password hash synchronization, Password Hash Synchronization).

This is the ultimate form for large enterprises to move towards hybrid cloud and achieve unified identity management.

The golden safety iron law after 4. import: don't miss this step!

Users were imported in batches and passwords were sent out. At this time, as an administrator, your work has just begun. In order to prevent an employee from trying to save trouble, the password is set

12345678

To cause a total collapse, you must immediately install two safety barriers:

1. Enforce conditional access (Conditional Access) and multi-factor authentication (MFA)

Simple "account password" is equivalent to streaking today. Find in the Entra ID menu

"Protection (Protection)"

->

Conditional Access (Conditional Access)"

.

Create a policy that requires all employees to perform secondary confirmation (MFA) on their mobile phones through Microsoft Authenticator App when logging in to non-company intranet IP.

In this way, even if the employee's password is leaked on the Internet, hackers can't step into the system without the employee's mobile phone.

2. Properly configure Self-Service Password Reset (SSPR)

Don't waste your IT team's time on chores like "helping employees change their passwords.

In the Entra ID Password reset tab, set Self-Service Password Reset Enabled to All ".

As long as the employee binds his mobile phone number or personal email address and forgets his password, he can click "forget password" on the login page to pass

The verification code is retrieved by itself, saving time and effort.

Summary

Microsoft Entra ID is not simply a cloud user database, it is the foundation of enterprise digital transformation and zero trust security (Zero Trust).

Through

CSV Batch Import

Small and medium-sized enterprises can make all employees embrace cloud office smoothly within half an hour. Through

Entra Connect

Large enterprises can perfectly bridge on-premises assets with modern cloud-native applications. Do a good job in the unified management of identity, let the authority go with people, safe to carry, your enterprise digital building to lay the most stable foundation.