User Migration from 3rd Party to Azure

Chandan Panchloria 1 Reputation point
2021-08-24T12:03:47.163+00:00

We are moving from 3rd party Access Management to Azure and I am ready to move all the users (300ish) to Azure AD and I have few questions -

1) The users will only use Azure for SSO and nothing else, do I need to assign them our Azure subscription?
2) How do I make sure the users do not access Azure Portal or misuse it? I am aware I can deny their access to Azure AD.
3) Currently users are part of many Groups, is there a way we can import groups to Azure or I would have to manually create them on Azure?

Thanks, feel free to ask follow up questions if required.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,909 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Siva-kumar-selvaraj 15,571 Reputation points
    2021-10-07T17:59:11.63+00:00

    Hello @Chandan Panchloria ,

    Thanks for reaching out and apologies for delayed response.

    Please find inline answers.

    1) The users will only use Azure for SSO and nothing else, do I need to assign them our Azure subscription?

    [Ans] User doesn't require any Azure subscription assignment when just leveraging Azure AD for SSO purpose but user may require Azure AD premium license when user start leveraging Azure AD premium features like: Conditional Access , Identity protection or Privileged Identity Management etc..,. To know more about Azure AD premium pricing an features, refer.

    2) How do I make sure the users do not access Azure Portal or misuse it? I am aware I can deny their access to Azure AD.

    [Ans] As as administrator you can restrict access to Azure AD administration portal as shown below, for Azure portal you can restrict access by using Condition Access Policy, which is a feature included with Azure AD Premium P1 License. Here is similar ask for your reference.

    138625-image.png

    3) Currently users are part of many Groups, is there a way we can import groups to Azure or I would have to manually create them on Azure?

    [Ans] If you are planning to setup hybrid identity with Azure Active Directory in addition to that users and groups are part of synchronization scope then you would start seeing user along with membership updated to Azure AD.

    Or, if you are planning to only have all users managed from Azure AD Cloud instead through On-premises (Hybrid) then you will have to create group and users manually.

    Hope this helps.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments