Azure AD (Entra ID) Lab Setup Step-by-Step – Beginner Guide

 If you’ve heard the term “Azure AD” and felt confused, you’re not alone. The good news is that setting up a basic lab environment is much easier than it sounds — even if you’re not from a technical background.

First, let’s clarify something important:

Azure AD is now called Microsoft Entra ID.

You may still hear people say Azure AD, but the official name today is Microsoft Entra ID. Throughout this guide, we’ll explain everything in simple terms.

This guide will walk you through creating your own safe testing environment (lab) where you can practice without affecting any real business systems.


What Is Microsoft Entra ID (Azure AD)?

Think of Microsoft Entra ID as a digital security guard for organizations. It:

  • Stores user accounts
  • Manages passwords
  • Controls who can access apps
  • Protects company data

If you use email at work (like Outlook), log into Microsoft Teams, or access company apps, Entra ID is usually working behind the scenes.

For our lab, we’ll create a small “mini company” in the cloud and practice managing users and security.

What You Need Before Starting

Don’t worry — you don’t need coding skills.

You just need:

  • A personal email address (like Gmail or Outlook)
  • A credit/debit card (for identity verification — we’ll use the free tier)
  • 45–60 minutes of quiet time
  • A computer with internet access

We’ll be using the platform called Microsoft Azure, which is Microsoft’s cloud service.

Create a Free Azure Account

  1. Open your web browser.
  2. Go to the Microsoft Azure website.
  3. Click on Start Free.
  4. Sign in using your existing Microsoft account.
    • If you don’t have one, you can create one using your email.

Why They Ask for a Card

Microsoft verifies your identity using a card, but:

  • You get free credits.
  • You won’t be charged if you stay within free limits.
  • We are not creating expensive resources.

After completing the signup, you’ll reach the Azure dashboard.

Congratulations — you now have access to Microsoft’s cloud platform!

Understand What a “Tenant” Is (Simple Explanation)

Before moving forward, let’s understand one word:

What is a Tenant?

A tenant is like your company’s private building inside Microsoft’s cloud.

Inside this building, you will:

  • Create users
  • Manage security
  • Control access

When you create your Azure account, Microsoft automatically creates one tenant for you.

I’m giving my blog name as Tenant Name: Techstack

This tenant runs Microsoft Entra ID in the background.

1. First Understand What We Are Building

Before touching anything, let’s understand the goal.

We are building a digital office for a company named:

Techstack

Inside this digital office, we will:

  • Create employees
  • Give them usernames and passwords
  • Assign job roles
  • Create departments
  • Add security rules
  • Monitor login activity

All of this will happen in the cloud using Microsoft Azure.

2. Create a Free Microsoft Azure Account

To build Techstack’s cloud office, we first need access to Azure.

 a).Sign Up

  1. Open your browser.
  2. Search for Microsoft Azure free account.
  3. Click Start Free.
  4. Sign in with your Microsoft account.
    • If you don’t have one, create it.

Why They Ask for Card Details

  • It is only for identity verification.
  • You receive free credits.
  • We are not creating expensive services.
  • You can cancel anytime.

After sign-up, you will reach the Azure dashboard.

Think of this dashboard as the “control room” of Techstack.

3. Create the Tenant Named “Techstack”

When you create an Azure account, Microsoft automatically creates a tenant for you.

But now we will make sure the name reflects our company: Techstack.

b).Open Microsoft Entra ID

  1. In Azure portal, use the search bar.
  2. Type:

Microsoft Entra ID

  1. Click it.

Now you are inside the identity management system.

c).Check Tenant Name

  1. Click Overview
  2. Look for:
    • Tenant Name
    • Primary Domain

If needed, you can rename it to:

Techstack

Your default domain will look like:

techstack.onmicrosoft.com

That means your cloud company is officially created.

Congratulations
Techstack now exists in the cloud.

4. Create Your First Employee in Techstack

Every company has employees.

Let’s create one.

d).Go to Users

  1. Click Users
  2. Click + New User
  3. Select Create new user

e).Fill in Details

Name: Harsh vardhan
Username: Harsh

harsh@techstack.onmicrosoft.com

Set a password or auto-generate.

Click Create.

Now Harsh is officially an employee of Techstack.

5. Create a Second Employee

Let’s add another person to make the company realistic.

Repeat the same steps.

Name: Shru So
Username: Shru

shru@techstack.onmicrosoft.com

Click Create.

Now Techstack has two employees.

6. Understand Roles (Who Has Power?)

In a company:

  • Not everyone should be the boss.
  • Not everyone should manage security.

In Entra ID, power is controlled using Roles.

Examples of Roles

  • Global Administrator → Full control
  • User Administrator → Can manage users
  • Security Administrator → Manages protection

f).Assign Role to harsh

  1. Open harsh’s profile.
  2. Click Assigned Roles
  3. Click Add Assignment
  4. Choose User Administrator
  5. Click Add

Now Harsh can create and manage employees in Techstack.

Shru will remain a normal user for now.

This helps you understand permission differences.

7. Create a Department (Group)

In real companies, employees are grouped by departments like:

  • IT
  • HR
  • Sales
  • Finance

Let’s create an IT department for Techstack.

g).Create Group

  1. Click Groups
  2. Click New Group
  3. Choose:
    • Group Type: Security
    • Group Name: Techstack IT Department

Add:

  • Harsh
  • Shru

Click Create.

Now both employees belong to IT Department.

Groups make life easier because:
Instead of giving permissions individually, you assign to the group.

8. Add Multi-Factor Authentication (Extra Security Lock)

Now we add security.

Think of MFA like:

  • Password = First lock
  • Phone code = Second lock

h).Create Conditional Access Policy

  1. Go to Protection
  2. Click Conditional Access
  3. Click New Policy

Name it:

Techstack – Require MFA

Under Assignments:

  • Select Users → Choose Harsh and Shru

Under Access Controls:

  • Grant Access
  • Check “Require multi-factor authentication”

Click Create.

Now Techstack employees must verify using:

  • Password
  • Plus phone/email code

This protects accounts from hackers.

9. Assign Microsoft 365 to Techstack

Most companies use tools like:

  • Email
  • Teams
  • SharePoint

These are part of Microsoft 365.

If you activate a trial:

  1. Go to Licenses
  2. Assign Microsoft 365 trial license to:
    • Harsh
    • Shru

Now they can use:

  • Outlook
  • Teams
  • OneDrive

Techstack now has working cloud productivity tools.

10. Test Login as Techstack Employee

Now let’s simulate real-world login.

i).Open Private Browser

Open Incognito / Private window.

Go to:

portal.office.com

Login with:

harsh@techstack.onmicrosoft.com

Enter password.

If MFA is active, complete verification.

You have now tested:

  • Identity system
  • Security policy
  • App access

This is exactly how real employees log in daily.

11. Monitor Login Activity (Security Camera View)

Every company monitors logins.

To check activity:

  1. Go to Monitoring
  2. Click Sign-in Logs

You will see:

  • Who logged in
  • When
  • From which location
  • Success or failure

Think of this as CCTV footage for Techstack’s digital office.

12. Reset Employee Password (Common IT Task)

Imagine Shru forgot her password.

To reset:

  1. Go to Users
  2. Select Shru
  3. Click Reset Password
  4. Generate new password
  5. Share it securely

Password reset is one of the most common IT helpdesk tasks.

Now you have practiced it.

13. Understand What You Just Built

Let’s simplify everything:

Techstack is your company.

Inside Techstack:

  • Harsh and Shru are employees.
  • IT Department is a group.
  • Roles define power.
  • MFA protects accounts.
  • Microsoft 365 provides apps.
  • Sign-in logs monitor activity.

You built a real cloud identity environment.

14. Why This Lab Is Important

Even if you are not technical, you now understand:

  • How companies create user accounts
  • How access is controlled
  • How security policies work
  • How cloud login protection works

This knowledge is used in:

  • IT Support
  • System Administration
  • Cloud Administration
  • Cybersecurity
  • Identity Management

For someone building IT knowledge or a server-focused YouTube channel, this lab forms a strong foundation topic.

15. Real-World comparison of Techstack

Imagine Techstack is a physical office building.

  • Microsoft Entra ID = Security office
  • Users = Employees
  • Groups = Departments
  • Roles = Job titles
  • MFA = Extra door lock
  • Sign-in logs = CCTV camera
  • Conditional Access = Security rules board

You didn’t write code.
You didn’t configure servers.
You simply managed digital identities.

That’s what modern IT looks like.

16. When You Finish Practicing

If you want to stop the lab:

  • Delete test users
  • Remove policies
  • Cancel trial subscriptions

This avoids unwanted charges.

Final Words

By creating the Techstack tenant, you have successfully:

✔ Built a cloud identity system
✔ Created and managed employees
✔ Applied security rules
✔ Tested login behaviour
✔ Monitored activity

And you did it without needing programming skills.

This is exactly how real companies manage digital access in today’s cloud-first world.


Subscribe to my YouTube channel: www.youtube.com/@Stack_Tech

Comments

Post a Comment