β Weak or commonly breached password detected. Microsoft's protection list blocks passwords like "Password123!" even if they meet complexity rules. Choose something unique.
Reset password
Requirements: 12+ characters, uppercase, lowercase, number, special character.
Assigned licenses
No licenses assigned.
Group memberships
No groups assigned.
Dynamic group membership preview
Simulated
Groups below use membership rules. This user would automatically qualify based on their current attributes.
βΉ Dynamic groups are managed by Entra ID automatically β you cannot manually add or remove members.
Multi-factor authentication
MFA enforcement
Controls whether MFA is required at sign-in.
Registered authentication methods
βΉ In a real tenant, users register methods themselves via aka.ms/mfasetup. This simulation lets you manage enforcement and view registered methods.
Sign-in status
Block sign-in
Prevent this user from signing in to Microsoft services.
Revoke sign-in sessions
Force reauthentication on all devices immediately.
β In a real tenant, revoking sessions does not reset passwords and can take up to 60 minutes to propagate.
Assigned admin roles
No admin roles assigned. This user has standard member permissions only.
βΉ Admin roles grant elevated permissions across the tenant. Follow the principle of least privilege β assign only the roles required for the user's job function.
Sign-in logs
Showing recent activity
Date / timeStatusApplicationLocationFailure reason
βΉ Sign-in logs are simulated based on user state. In a real tenant, logs are retained for 30 days (P1/P2) or 7 days (free tier).
Audit logs
Showing 0 events
No audit events yet. Perform actions on this user to generate log entries.
HomeβΊProtect & SecureβΊConditional Access
Conditional Access
Contoso β Policies that control access to resources
β policies
Filter by state:
βΉ Policies are evaluated at sign-in time. Changes may take a few minutes to propagate and will not terminate existing sessions.
Scenario
Entra ID β Multi-User Administration
Mission Brief
Manage three Contoso user accounts
Three helpdesk tickets have arrived. Work through each user in the Entra portal to complete all tasks and close the tickets.
Tenant: contoso.com8 tasks to complete
1
Ticket #1001 β Jane Smith (Marketing)
Jane has forgotten her password and needs MFA enabled for compliance.
ActionsReset password β Enable MFA β Assign M365 Business Premium
2
Ticket #1002 β Mike Sales (Sales)
Mike has left the company. Block his sign-in and revoke his active sessions immediately.
ActionsBlock sign-in β Revoke sessions
3
Ticket #1003 β Sarah HR (Human Resources)
Sarah needs to be added to the HR Team group and assigned an Exchange Online license.
ActionsAdd to HR Team group β Assign Exchange Online Plan 2
0/8 completed
0%
β
Open Jane Smith from the Users list.
β
Reset Jane's password (keep Require change at sign-in enabled).
β
Enable MFA for Jane Smith.
β
Assign Microsoft 365 Business Premium to Jane.
β
Open Mike Sales and block his sign-in.
β
Revoke Mike's sign-in sessions.
β
Add Sarah HR to the HR Team group.
β
Assign Exchange Online Plan 2 to Sarah.
Ticks update automatically as you complete each action.
Navigation
Click any row in the Users table to open that user.
Use the search bar to filter by name or UPN.
Use the β All users button to return to the list.
Password policy
Minimum 12 characters
At least one uppercase letter
At least one lowercase letter
At least one number
At least one special character
MFA
Open the user β MFA tab β Enable MFA.
Registered methods are shown below the toggle.
Sign-in & sessions
Block sign-in before revoking sessions.
Revoking sessions forces reauthentication.
Audit logs record every action you perform.
Assign licenses
β
Select license plan
βΌ Details
β Exchange Onlineβ SharePoint Onlineβ Microsoft Teamsβ Defender for Businessβ Intuneβ Azure AD P1
Add to group
β
Invite guest user
Guest users are added with type Guest and must accept the invitation before sign-in.
Delete user
β This action cannot be undone within this lab session. The user account will be permanently removed.
You are about to delete:
β
β
Add admin role
β
Select a role to assign. Each role grants specific permissions within the tenant.
Assign license
β
Select license plan
Deleted users
Users deleted within the last 30 days can be restored
Display nameUPNDepartmentAction
No deleted users.
App registrations
Contoso β Applications registered in this directory
Application nameApplication IDCreated
Export users
Download a list of users in this directory
Preparing exportβ¦
Querying directoryβ¦
β Export complete β 0 users exported. In a real tenant this file would download automatically.
βΊ Reset Lab
All progress will be lost and all users will be restored to their initial state.