This is the second of a three-part step-by-step series on Microsoft Endpoint Manager. See the first article in the series here for how to set up Microsoft Endpoint Manager and optimize it’s settings to get you up-and-running fast. In this post, we’ll expand on that first article to show you how to set up users, groups and licenses. Let’s go!
Before enrolling devices into Microsoft Intune and accessing company data we need to have users in Azure Active Directory and assign Intune licenses to them. We have two options – we can create new users in Azure AD or synchronize them from on-premise Active Directory if it exists or it is required.
Let me explain how to create users manually. Go to Microsoft Endpoint Manager (MEM) admin center and select Users – All users (Preview) – New user:

Provide information about the user and choose the domain – your Intune subscription onmicrosoft.com domain or custom domain we configured previously:

You can auto-generate a password or create your own:

If you need to assign a specific role you can click on User and choose one or more from 70 available built-in roles:

In this case I leave it as default. Then we need to configure location and job info if needed:

At the end click Create.
Later we will assign objects like apps or policies on Azure AD security group, not on users, so we need to create at minimum, one security group. Go to Groups – All groups (Preview) – New group:

We can assign a Intune license on a user one by one, but a more optimal way is to create a security group and assign a license on a group means all members will be licensed. If you do not assign an Intune license on a user, this user cannot enroll his device into your Intune tenant. Give the group a name, membership type – Assignment, and group type – Security:

Click on No members selected and search for the user you created:

Click Select, then Create. In All groups you can find a security group you created:

The next step is to assign Intune licenses. Select the group you created, Licenses – Assignments:

Deselect licenses you do not need and leave Intune license:

Then click Save.
If you check Licenses of the user we created, you will see the Microsoft Intune license is inherited from the group:

You can also create multiple users by importing them from .csv. Go to All users (Preview) – Bulk operations – Bulk create:

Download pre-configured .csv:

Add information about users you want to create:

Save the file and upload it by clicking Submit:

Then click Refresh and you will see all imported users:

If you prefer PowerShell run the command below:
Install-Module MSOnline
Connect-MsolService
New-MsolUser -DisplayName “Michael Jones” -FirstName Michael -LastName Jones -UserPrincipalName user5@sccm.pro -Password Power1234

Don’t forget to add them as a member of the Intune licensed group.
That takes care of Part II of our series. Join us for Part III where we pick back up and get into some more advanced items with Microsoft Endpoint Manager. See you again in a few days!
If you want to be the first to know when the next article is published, get on our email list using the form at the bottom of the page. Have a more specific question about this topic or something else? Hit the Live Chat button and you’ll be talking to one of experts in seconds!