![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 28.000000000000004%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECP%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,629 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 5%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Hello @Chandan Panchloria ,
Thanks for reaching out and apologies for delayed response.
Please find inline answers.
1) The users will only use Azure for SSO and nothing else, do I need to assign them our Azure subscription?
[Ans] User doesn't require any Azure subscription assignment when just leveraging Azure AD for SSO purpose but user may require Azure AD premium license when user start leveraging Azure AD premium features like: Conditional Access , Identity protection or Privileged Identity Management etc..,. To know more about Azure AD premium pricing an features, refer.
2) How do I make sure the users do not access Azure Portal or misuse it? I am aware I can deny their access to Azure AD.
[Ans] As as administrator you can restrict access to Azure AD administration portal as shown below, for Azure portal you can restrict access by using Condition Access Policy, which is a feature included with Azure AD Premium P1 License. Here is similar ask for your reference.
3) Currently users are part of many Groups, is there a way we can import groups to Azure or I would have to manually create them on Azure?
[Ans] If you are planning to setup hybrid identity with Azure Active Directory in addition to that users and groups are part of synchronization scope then you would start seeing user along with membership updated to Azure AD.
Or, if you are planning to only have all users managed from Azure AD Cloud instead through On-premises (Hybrid) then you will have to create group and users manually.
Hope this helps.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.