Users
Interact with Microsoft 365 users.
User management. Equal to and extending Microsoft 365 admin center > Active Users.
Action Buttons
Add User
Basic Information:
User Identity:
First Name,Last Name,Display Name,Username(before the @ symbol),Primary Domain name(select from dropdown)Email Aliases: Add multiple email aliases one per line without domain (added automatically)
Account Settings
Password Options
Create password manually(toggle)When
enabled: Enter custom passwordWhen
disabled: System generates secure password
Require password change at next logon(toggle)
Location Settings
Usage Location(required for licensing)Select
countryfrom dropdown
License Management
License Assignment: Allows you to select license(s) to assign & shows available license count
SherWeb Integration (if enabled): Auto-purchase option appears when licenses unavailable, allows you to select license SKU for purchase for system to handle for you along with onboarding.
When the Sherwebintegration is enabled and a license shows "(0 available)", you'll see an alert stating: "This will Purchase a new Sherweb License for the user, according to the terms and conditions with Sherweb. When the license becomes available, CIPP will assign the license to this user."
Contact Information
Professional Details:
Job Title,Department,Company NameContact Details:
Street Address,City,State/Province,Postal Code,Mobile Phone,Business Phone,Alternate Email AddressManagement:
Set Manager(select from existing users),Copy groups from another userCustom Attributes
Custom attributes can be configured in Preferences > General Settings
These include specific Azure AD attributes that will be available when creating new users:
Available Attributes:
consentProvidedForMinor,employeeId,employeeHireDate,employeeLeaveDateTime,employeeType,faxNumber,legalAgeGroupClassification,officeLocation,otherMails,showInAddressList,stateConfiguration:
Go to Preferences page under your user profile.
Under General Settings
Find Added Attributes when creating a new user
Select desired attributes from dropdown
Selected attributes will appear on Add User form
Notes about Custom Attributes:
Attributes selected will appear as additional fields on the Add User form
Each attribute has its own text field
Values are saved with the user's profile in Azure AD
Must be configured before they appear on the form.
Attributes are standard Azure AD attributes
Values persist in Azure AD and can be queried/updated later
Not all attributes may be relevant for every user
Changes to Preferences affect all new user creation forms
Additional Details
License assignment requires valid usage location
Password complexity rules apply to manual passwords
Group copying includes all accessible groups
Scheduled creation can be monitored in tasks
Bulk Add Users
This wizard will allow you to bulk create new users.
Usage Selection - This is the usage location for the users to create
User Selection - There is an example CSV on the User Selection step of the wizard that you can use to speed up larger bulk creation tasks. Alternatively, you can add individual rows one by one by pressing the "Add User Manually" action just above the table prior to moving to Step 3.
Create Users - Click this button to submit your users.
Invite Guest
This will allow you to add a guest user. Enter the user's "Display Name", "E-mail Address", and an optional "Redirect URL". Toggle the "Send invite via e-mail" option on if you'd like the guest user to receive a Microsoft generated invite e-mail.
Bulk Invite Guests
This wizard will allow you to bulk create new guest users.
Send invite via e-mail - Toggling this controls whether the standard Microsoft guest user invite will be sent.
Guest User Selection - There is an example CSV on the User Selection step of the wizard that you can use to speed up larger bulk creation tasks. Alternatively, you can add individual rows one by one by pressing the "Add User Manually" action just above the table prior to moving to Step 3.
Send Invites - Click this button to submit your users.
Table Columns
The properties returned are for the Graph resource type user. For more information on the properties please see the Graph documentation.
Table Actions
Account Management Actions
👁 View User
Displays comprehensive user account details in the admin interface
- Read access to user objects - Shows all available user information - Display advanced user account details. [More information]
✏️ Edit User
Modifies user account details and settings: - Basic information - License assignments - Group memberships - Contact details
- Write access to user objects - Can copy group memberships from another user - Changes apply immediately
Delete User
Permanently removes user account
- Administrative privileges required - Irreversible action - Consider backup/archival first
Security Actions
Research Compromised Account
Analyzes Indicators of Compromise (IoC): - Sign-in patterns - Mail rules - Suspicious activities
- Security admin rights - Provides comprehensive security review - Single pane of glass review of common indicators of compromise (IoC) [More information]
Create Temporary Access Password
Creates temporary password for passwordless enrollment
- Time-limited access - Create a temporary password to allow full passwordless enrollment. [More information]
Re-require MFA registration
Forces new MFA setup by: - Resetting MFA status to Enabled - Requiring new registration
- User must complete new MFA setup - Affects all MFA methods - Authentication Methods must be migrated from legacy - You will need Security Defaults or a CA policy and registration campaign to force registration again
Send MFA Push
Sends test MFA prompt to user's devices
- Verifies MFA configuration - Tests user's registered devices
Set Per-User MFA
Configures MFA state: - Enforced - Enabled - Disabled
- Overrides tenant-level settings - Immediate effect on sign-ins
Set Sign In State
Allows you to set the sign in state for the selected user(s) to either Enabled or Disabled
- Immediate effect - Doesn't affect existing sessions
Revoke all user sessions
Forces re-authentication on all devices
- Terminates all active sessions - Requires new sign-in everywhere
Password Management
Reset Password
Sets new random password. Optionally you can set the toggle for "Must Change Password at Next Logon"
- Password immediately active - No change requirement
Set Password Expiration
Set password expiration state for this user.
If set to Enable then if the password of the user is older than the set expiration date of the organization, the user will be prompted to change their password at their next login.
Mail and Communication
Convert Mailbox
Transforms mailbox to selected type: Shared, User, Room, or Equipment.
- Requires Exchange Online license - Maintains data and access
Enable Online Archive
Activates archival mailbox
- Requires appropriate license - Additional storage space
Set Out of Office
Configures automatic replies
- Single message for internal/external - No HTML formatting Note: Setting a different internal and external autoreply is currently not supported
Disable Out of Office
Removes automatic replies
- Immediate effect - Clears all auto-reply settings
Disable Email Forwarding
Removes all email forwarding rules
- Clears ForwardingAddress - Clears ForwardingSMTPAddress
OneDrive Management
Pre-provision OneDrive
Initializes OneDrive storage
- No user login required - Speeds up first access
Add OneDrive Shortcut
Creates SharePoint site shortcut
- Adds to OneDrive root - Requires existing OneDrive
Group and Directory Management
Manage Licenses
Allows for bulk license management of the selected user(s)
Add to Group
Assigns user to specified group(s)
- Immediate membership - Inherits group permissions
Clear Immutable ID
Breaks on-premises AD sync
- Sets onPremisesImmutableId to null - Stops directory synchronization
Set Source of Authority
Allows you to select if the user should be "Cloud Managed" or "On-Premises Managed"
Reprocess License Assignments
This will force Entra to check the user's group assignments for any group-based license(s) to add/remove
Information Access
More info
Opens Extended Info panel showing: - Common profile fields - Additional actions
- Quick access to key information - Alternative action access point
Note that clicking one of these actions will present a confirmation modal dialog.
More Information on "Create Temporary Access Password"
Create a temporary access password for a user to enroll in passwordless for Azure Active Directory.
Both passwordless authentication and the temporary access password function must be enabled on the tenant. See AzureAD: Configure Temporary Access Pass in Azure AD to register Passwordless authentication methods
Add User Query String Support
The Add User has the ability to be form filled via URL query strings. This table shows all supported query strings. For example https://yourcipp.app/identity/administration/users/add?customerId=Mydomain.onmicrosoft.com&city=Rotterdam would automatically fill in the city for a user.
customerId
Client Tenant ID(Only required field)
businessPhones
Business Phone Number
city
User City Location
companyName
Company Name
country
Country
department
Department
displayName
Display Name
givenName
First Name
jobTitle
Job Title
mailNickname
Username before the email address part(User<@domain.com>)
mobilePhone
Mobile Phone Number
addedAliasses
Added Aliasses, Multiple allowed via linebreak(%0A)
postalCode
Zip or post code
streetAddress
Address information
surname
Last Name
usageLocation
User location for license, can be left blank for default.
primDomain
User Primary Domain (User<@domain.com>)
MustChangePass
Boolean, default is false.
AutoTask LiveLink
If you want to create your own LiveLink you can use the QueryString below.
Feature Requests / Ideas
We value your feedback and ideas. Please raise any feature requests on GitHub.
Last updated
Was this helpful?