LogoLogo
Get CIPPJoin Discord
  • ☕CIPP Documentation
  • 🦸Setup
    • Self Hosting Guide
      • Prerequisites
      • Installation
      • Setup Automatic API Updates
      • Configuring Automatic Updates
      • Adding Users and Managing Roles
      • Updating Versions
      • Migrating to Hosted CIPP
      • Self-hosted API Setup
    • Configuring CIPP
      • Creating the CIPP Service Account
      • Conditional Access Best Practices
      • Adding Users and Managing Roles
      • Executing the Setup Wizard
      • Tenant Onboarding
      • Adding Tenants & Consenting the CIPP-SAM Application
      • Adding a Custom Domain Name
      • I Want to Manage My Own Tenant
      • Recommended Roles
    • Implementing CIPP
      • Recommended First Steps
      • Standards Setup
    • Resources
      • Professional Onboarding Services
      • Sponsor Quick Start
  • 🙋User Documentation
    • Shared Features
      • Menu Bar
        • Tenant Select
        • Display Mode
        • 🔍Search
        • Bookmarks
        • User Preferences
      • Table Features
      • Speed Dial
      • Keyboard Shortcuts
      • Get Help
    • CIPP Dashboard
    • Identity Management
      • Administration
        • Users
          • Bulk Add
          • Invite Guest
          • Add User
          • View Individual User
            • Edit User
            • Exchange Settings
            • Compromise Remediation
            • Conditional Access
        • Risky Users
        • Groups
          • Add Group
          • Edit Group
        • Group Templates
          • Add Group Template
          • Deploy Group Templates
          • Edit Group Template
        • Devices
        • Deleted items
        • Roles
        • JIT Admin
          • Add JIT Admin
        • Offboarding Wizard
      • Reports
        • MFA Report
        • Inactive Users
        • Sign-in Report
        • AAD Connect Report
        • Risk Detections
    • Tenant Administration
      • Administration
        • Tenants
          • Edit Tenant
          • Tenant Groups
            • Add Tenant Group
            • Edit Tenant Group
        • Alert Configuration
          • Add Alert
        • Audit Logs
          • View Audit Log
        • Applications
        • App Registrations
        • Permission Sets
          • Add Permission Set
          • Edit Permission Set
        • Templates
          • Add App Approval Template
          • Edit App Approval Template
        • Secure Score
        • App Consent Requests
        • Authentication Methods
        • Partner Relationships
      • GDAP Management
        • Relationships
          • Relationship Summary
        • Role Mappings
          • Map GDAP Roles
        • Role Templates
          • Add Template
        • Invites
          • New Invite
        • Onboarding
        • Offboarding
      • Configuration Backup
        • Backups
          • Restore Configuration Backup
          • Add Configuration Backup Task
      • Standards
        • List Standards Templates
        • Add Standards Template
        • View Tenant Report
        • Best Practice Analyser
          • Best Practice Templates
          • Custom Reports
        • Domains Analyser
      • Conditional Access
        • CA Policies
          • Deploy CA Policies
        • CA Vacation Mode
          • Add Vacation Schedule
        • CA Templates
        • Named Locations
          • Add Named Location
      • Reports
        • License Report
        • Sherweb License Report
          • Add Subscription
        • Consented Applications
    • Security & Compliance
      • Incidents & Alerts
        • Incidents
        • Alerts
      • Defender
        • Defender Status
        • Defender Deployment
        • Vulnerabilities
      • Reports
        • Device Compliance
    • Intune
      • Applications
        • Applications
          • Add Application
            • Add MSP App
            • Add Store App
            • Add Choco App
            • Add Office App
        • Application Queue
      • Autopilot
        • Autopilot Devices
        • Add Autopilot Device
        • Profiles
          • Add Profile
        • Status Pages
        • Add Status Page
      • Device Management
        • Devices
        • Configuration Policies
        • Compliance Policies
        • Protection Policies
        • Apply Policy
        • Policy Templates
        • Scripts
      • Reports
        • Analytics Device Score
        • Work from Anywhere
    • Teams & SharePoint
      • OneDrive
      • SharePoint
        • Add Site
        • Bulk Add Sites
      • Teams
        • Teams
          • Add Team
        • Teams Activity
        • Business Voice
    • Email & Exchange
      • Administration
        • Mailboxes
          • Add Shared Mailbox
        • Deleted Mailboxes
        • Mailbox Rules
        • Contacts
          • Add Contact
          • Edit Contact
        • Quarantine
        • Tenant Allow/Block Lists
          • Add Entry
      • Transport
        • Transport Rules
          • Deploy Transport Rule Template
        • Transport Templates
        • Connectors
          • Deploy Connector Templates
        • Connector Templates
      • Spamfilter
        • Spamfilter
          • Deploy Spamfilter
        • Spamfilter Templates
        • Connection Filter
          • Deploy Connection Filter
        • Connection Filter Templates
        • Quarantine Policies
          • Edit Global Settings
          • Deploy Custom Policy
        • Quarantine Policies
          • Add Quarantine Policy
      • Resource Management
        • Rooms
          • Add Room
          • Edit Room
        • Room Lists
      • Reports
        • Mailbox Statistics
        • Mailbox Client Access Settings
        • Anti-Phishing Filters
        • Malware Filters
        • Safe Link Filters
        • Safe Attachment Filters
        • Shared Mailbox with Enabled Account
        • Global Address List
    • Tools
      • Tenant Tools
        • Graph Explorer
        • Application Approval
        • Tenant Lookup
        • IP Database
        • Individual Domain Check
      • Email Tools
        • Message Trace
        • Mailbox Restores
        • Message Viewer
      • Dark Web Tools
        • Tenant Breach Lookup
        • Breach Lookup
      • Template Library
      • Community Repositories
        • View Repository Templates
      • Scheduler
        • Add Job
    • CIPP
      • Application Settings
        • Permissions
        • Tenants
        • Backend
        • Notifications
        • Partner Webhooks
        • Licenses
        • CIPP Backup
        • Global Variables
      • Logbook
      • Setup Wizard
      • Integrations
        • Integration Sync
        • CIPP-API
        • Sherweb
        • Gradient
        • Halo PSA Ticketing
        • NinjaOne
        • Hudu
        • Password Pusher
        • Have I Been Pwned?
        • Cloudflare
        • GitHub
      • Custom Data
        • Directory Extensions
          • Add Directory Extension
        • Schema Extensions
          • Add Schema Extension
        • Mappings
          • Add Mapping
          • Edit Mapping
      • Advanced
        • Super Admin
          • Tenant Mode
          • Function Offloading
          • CIPP Roles
          • SAM App Roles
          • SAM App Permissions
        • Exchange Cmdlets
        • Timers
        • Table Maintenance
  • 📂Troubleshooting
    • Error codes
    • Troubleshooting instructions
      • Refreshing a Specific Tenant's Permissions via CPV API
    • Frequently Asked Questions
      • I Got a "Potential Phishing page detected" Alert. What Do I Do With That?
  • 🔐Security
    • CIPP Security and Compliance
      • Security Policy
      • Security reports
    • CIPP Community Vulnerability Disclosure Policy
  • 👩‍💻👩💻 Dev Documentation
    • CIPP Dev Guide
      • Setting Up for Local Development
      • Executing Local Development
      • Project Structure
      • Development Tips
      • CIPP v7 Developer Brief
    • Contributing to the Code
    • Contributing to the Documentation
  • ⚙️API Documentation
    • Setup & Authentication
    • Endpoints
  • 🧰MSP Adoption Toolkit
    • Building a CIPP Business Case
  • ☕Sip & CIPP
    • Conditional Access
    • Autopilot & Intune
Powered by GitBook
On this page
  • Action Buttons
  • Table Columns
  • Table Actions:
  • Add User Query String Support

Was this helpful?

Edit on GitHub
Export as PDF
  1. User Documentation
  2. Identity Management
  3. Administration

Users

Interact with Microsoft 365 users.

PreviousAdministrationNextBulk Add

Last updated 24 days ago

Was this helpful?

User management. Equal to and extending .

Action Buttons

Table Columns

The properties returned are for the Graph resource type user. For more information on the properties please see the .

Table Actions:

Account Management Actions

Action
Description
Requirements/Implications
Bulk Action Available

👁 View User

Displays comprehensive user account details in the admin interface

✏️ Edit User

Modifies user account details and settings: - Basic information - License assignments - Group memberships - Contact details

- Write access to user objects - Can copy group memberships from another user - Changes apply immediately

Delete User

Permanently removes user account

- Administrative privileges required - Irreversible action - Consider backup/archival first

Security Actions

Action
Description
Requirements/Implications
Bulk Action Available

Research Compromised Account

Analyzes Indicators of Compromise (IoC): - Sign-in patterns - Mail rules - Suspicious activities

Create Temporary Access Password

Creates temporary password for passwordless enrollment

Re-require MFA registration

Forces new MFA setup by: - Resetting MFA status to Enabled - Requiring new registration

- User must complete new MFA setup - Affects all MFA methods - Authentication Methods must be migrated from legacy - You will need Security Defaults or a CA policy and registration campaign to force registration again

Send MFA Push

Sends test MFA prompt to user's devices

- Verifies MFA configuration - Tests user's registered devices

Set Per-User MFA

Configures MFA state: - Enforced - Enabled - Disabled

- Overrides tenant-level settings - Immediate effect on sign-ins

Block Sign In

Prevents account access

- Immediate effect - Doesn't affect existing sessions

Unblock Sign In

Restores account access

- Immediate effect - User can sign in again

Revoke all user sessions

Forces re-authentication on all devices

- Terminates all active sessions - Requires new sign-in everywhere

Password Management

Action
Description
Requirements/Implications
Bulk Action Available

Reset Password (Must Change)

Sets random password and forces change

- User must create new password at next login - Example format: 2WcAu%VMy89P

Reset Password

Sets new random password

- Password immediately active - No change requirement

Set Password Never Expires

Set Password Never Expires state for this user. If the password of the user is older than the set expiration date of the organization, the user will be prompted to change their password at their next login.

Mail and Communication

Action
Description
Requirements/Implications
Bulk Action Available

Convert to Shared Mailbox

Transforms user mailbox to shared type

- Requires Exchange Online license - Maintains data and access

Convert to User Mailbox

Transforms user mailbox to user type

Enable Online Archive

Activates archival mailbox

- Requires appropriate license - Additional storage space

Set Out of Office

Configures automatic replies

- Single message for internal/external - No HTML formatting Note: Setting a different internal and external autoreply is currently not supported

Disable Out of Office

Removes automatic replies

- Immediate effect - Clears all auto-reply settings

Disable Email Forwarding

Removes all email forwarding rules

- Clears ForwardingAddress - Clears ForwardingSMTPAddress

OneDrive Management

Action
Description
Requirements/Implications
Bulk Action Available

Pre-provision OneDrive

Initializes OneDrive storage

- No user login required - Speeds up first access

Add OneDrive Shortcut

Creates SharePoint site shortcut

- Adds to OneDrive root - Requires existing OneDrive

Group and Directory Management

Action
Description
Requirements/Implications
Bulk Action Available

Add to Group

Assigns user to specified group(s)

- Immediate membership - Inherits group permissions

Clear Immutable ID

Breaks on-premises AD sync

- Sets onPremisesImmutableId to null - Stops directory synchronization

Information Access

Action
Description
Requirements/Implications
Bulk Action Available

More info

Opens Extended Info panel showing: - Common profile fields - Additional actions

- Quick access to key information - Alternative action access point

Note that clicking one of these actions will present a confirmation modal dialog.

More Information on "Create Temporary Access Password"

Add User Query String Support

The Add User has the ability to be form filled via URL query strings. This table shows all supported query strings. For example https://yourcipp.app/identity/administration/users/add?customerId=Mydomain.onmicrosoft.com&city=Rotterdam would automatically fill in the city for a user.

QueryString
Field

customerId

Client Tenant ID(Only required field)

businessPhones

Business Phone Number

city

User City Location

companyName

Company Name

country

Country

department

Department

displayName

Display Name

givenName

First Name

jobTitle

Job Title

mailNickname

Username before the email address part(User<@domain.com>)

mobilePhone

Mobile Phone Number

addedAliasses

Added Aliasses, Multiple allowed via linebreak(%0A)

postalCode

Zip or post code

streetAddress

Address information

surname

Last Name

usageLocation

User location for license, can be left blank for default.

primDomain

User Primary Domain (User<@domain.com>)

MustChangePass

Boolean, default is false.

AutoTask LiveLink

If you want to create your own LiveLink you can use the QueryString below.

?city=<CITY>&country=<COUNTRY>&customerId=<UDF-TenantId(tblCustomers)>&primDomain=<ACCOUNTWEBSITEADDRESS>&usageLocation=NL&streetAddress=<ACCOUNTADDRESS1>&companyName=<ACCOUNTNAME>&businessPhones=<ACCOUNTPHONE>&postalCode=<ACCOUNTPOSTALCODE>&givenName=<CONTACTFIRSTNAME>&surname=<CONTACTLASTNAME>


- Read access to user objects - Shows all available user information - Display advanced user account details. []

- Security admin rights - Provides comprehensive security review - Single pane of glass review of common indicators of compromise (IoC) []

- Time-limited access - Create a temporary password to allow full passwordless enrollment. []

Create a temporary access password for a user to enroll in .

Both passwordless authentication and the temporary access password function must be enabled on the tenant. See

🙋
Microsoft 365 admin center > Active Users
Bulk Add
Invite Guest
Add User
Graph documentation
passwordless for Azure Active Directory
AzureAD: Configure Temporary Access Pass in Azure AD to register Passwordless authentication methods
More information
More information
More information

Feature Requests / Ideas

We value your feedback and ideas. Please raise any on GitHub.

feature requests