Microsoft Entra setup guides
Microsoft Entra features help you manage and secure your organization. These setup guides will help you integrate those features in a simple way. In the following sections, we’ll briefly describe the setup guides and share links to the guides.
Who are these setup guides for?
These setup guides are designed for small to medium-sized organizations that typically might not have a dedicated identity team. You don’t need to be an identity expert to use them.
What to expect and what you’ll need
The setup guides help you configure the core functionality of Microsoft Entra ID. If you need to set up a more advanced configuration, the setup guide will point you to the appropriate location in the Microsoft Entra admin center.
Required permissions
You must be a member of the following administrative roles:
Global administrator: allows you to use integrated tools in the setup guides to make changes in your Microsoft 365 organization.
Global reader: allows you to view the setup guides but not make changes in your tenant.
Identity security for Teams
Microsoft Entra ID is our cloud-based identity and access management service, which helps your employees sign in and access apps and services. This catalog contains some basic security features you can use to ensure your users are safe and have the most productive time using Teams.
Licensing
Using features in this catalog requires either Microsoft Entra ID Governance or Microsoft Entra ID P2 license. To find the right license for your requirements, see Compare generally available features of Microsoft Entra ID.
Open the Identity security for Teams catalog.
Identity Governance
This catalog is designed to help customers with Microsoft Entra ID Governance or Microsoft Entra ID P2 functionality, including access reviews, PIM, entitlement management (ELM), Access Reviews, HR-driven user provisioning, and life cycle workflows.
PIM
Manage users’ time-bound admin access with our automated system that allows eligible users to complete privileged tasks through an approval workflow without risking exposure of sensitive data or critical configuration settings.
ELM
We offer a curated list of docs and a pointer to the Microsoft Entra admin center, where the admin can configure entitlement management.
Access reviews
We offer a fully automated experience that allows you to first test and then enable the most common access review settings. This allows group owners to approve guest usage in all Microsoft 365 groups.
HR-driven user provisioning
Respond faster to identity changes in your HR app and eliminate manual provisioning. Sync worker profile changes with your business apps. This includes the ability to writeback managed attributes directly from the app, whether it's a hire, name, title, manager change, or termination.
Lifecycle workflows
Easily manage your users' lifecycle in Microsoft Entra ID by creating custom workflows to automate repetitive onboarding and offboarding tasks, eliminating the need for manual processes. Lifecycle workflows automatically execute configured tasks when users join or leave your org and provide insights for easy troubleshooting.
Open the Identity Governance setup guide.
Note
A Microsoft Entra ID Governance or Microsoft Entra ID P2 license is required to utilize the security features in this catalog.
Microsoft Entra deployment
The Microsoft Entra setup guide will help you set up the most common Microsoft Entra features in a recommended order. The setup guide is split into three sections: Initial, Core, and Advanced. Each section recommends a set of features you should turn on.
The setup guides contain a checklist of the tasks you need to complete, and you can track your progress as you go through the guides. The guides will also link to the other setup guides when necessary.
Open the Microsoft Entra setup guide.
Add or sync users to Microsoft Entra ID
This guide helps you set up user accounts setup in Microsoft Entra ID and Microsoft 365. Based on your environment and needs, you can choose to add users individually, migrate your on-premises directory with Microsoft Entra Connect Cloud Sync or Microsoft Entra Connect, or troubleshoot existing sync issues.
Licensing
Using Microsoft Entra ID Sync tools is free and included with all Microsoft 365 subscriptions.
Open the Add or Sync users setup guide.
Secure your cloud apps with Single Sign On (SSO)
This guide is designed to help you add cloud apps to Microsoft 365. In our guide, you can add an application to your tenant, add users to the app, assign roles, and more. If the app supports single sign-on (SSO), we’ll walk you through that configuration.
Licensing
Every paid subscription to Microsoft 365 comes with a free subscription to Microsoft Entra ID. You can use Microsoft Entra ID to manage your apps and create and manage user and group accounts.
Open the Add a cloud app to Microsoft 365 setup guide.
Azure Self-Service password reset (SSPR) guide
This setup guide is designed to help you enable and configure self service password reset. The setup guide will walk you through recommended options, including password write-back and admin notifications.
Licensing
SSPR requires one of the following licenses:
Microsoft Entra ID Governance
Microsoft Entra ID P1 or P2
Microsoft 365 Business Premium
Microsoft 365 Enterprise E3 or E5
Enterprise Mobility and Security E3 or E5
Open the self-service password reset setup guide.
Configure multifactor authentication (MFA)
The Configure multifactor authentication (MFA) guide provides customers who have the Microsoft Entra ID P1 or Microsoft Entra ID P2 license with customizable Conditional Access templates that include the most common and least intrusive security standards. Customers with the P2 license can also use risk-based Conditional Access policies.
Customers without a P1 or P2 license can use a one-click solution to enable security defaults, a baseline protection policy for all users. They can also enable legacy (per-user) MFA.
Licensing
Conditional Access requires Microsoft Entra ID Governance or a Microsoft Entra ID P1 or P2 license. Security defaults and per-user MFA are included with all Microsoft 365 subscriptions.
Open the multifactor authentication (MFA) guide.
Plan your passwordless setup guide
Upgrade to an alternative sign-in approach that allows users to access their devices securely with one of the following passwordless authentication methods:
Windows Hello for Business
The Microsoft Authenticator app
Security keys
Temporary Access Pass (TAP)
Use the passwordless deployment guide to discover the best authentication methods to use and receive guidance on how to deploy them.
Licensing
Every paid subscription to Microsoft 365 comes with a free subscription to Microsoft Entra ID. You can use Microsoft Entra ID to manage your apps and create and manage user and group accounts.
Open the passwordless setup guide.
Migrate from ADFS to Microsoft Entra ID
We offer custom guidance for migrating from ADFS to Microsoft Entra ID. Answer a few questions about your Active Directory Federation Services (AD FS) infrastructure and then implement either pass-through authentication (PTA) or password hash sync (PHS) to give users a streamlined experience while accessing your org's apps.