This flow shows how you start with an Azure account, create an Azure AD tenant (which is a directory), add users, assign roles, and then use it to manage cloud services.
Execution Sample
Azure
1. Create Azure AD tenant named 'Contoso'2. Add user 'Alice' to Contoso tenant
3. Assign 'Global Administrator' role to Alice
4. Use Contoso tenant to manage Azure resources
This example shows creating a tenant, adding a user, assigning a role, and using the tenant to manage resources.
Process Table
Step
Action
Result
State Change
1
Create Azure AD tenant 'Contoso'
Tenant 'Contoso' created
Tenant list: ['Contoso']
2
Add user 'Alice' to 'Contoso'
User 'Alice' added
Users in 'Contoso': ['Alice']
3
Assign 'Global Administrator' role to 'Alice'
Role assigned
Roles for 'Alice': ['Global Administrator']
4
Use 'Contoso' tenant to manage Azure resources
Management enabled
Tenant 'Contoso' active for resource management
5
End of process
No further actions
Process complete
💡 Process ends after tenant setup, user addition, role assignment, and resource management enabled
Status Tracker
Variable
Start
After Step 1
After Step 2
After Step 3
After Step 4
Final
Tenants
[]
['Contoso']
['Contoso']
['Contoso']
['Contoso']
['Contoso']
Users in 'Contoso'
[]
[]
['Alice']
['Alice']
['Alice']
['Alice']
Roles for 'Alice'
[]
[]
[]
['Global Administrator']
['Global Administrator']
['Global Administrator']
Tenant Active
None
None
None
None
'Contoso'
'Contoso'
Key Moments - 3 Insights
Why is the Azure AD tenant called a directory?
Because the tenant acts like a container that holds users, groups, and roles, similar to a directory that organizes files. See Step 1 in execution_table where creating a tenant sets up this container.
Can a user exist without being assigned a role?
Yes, a user can be added without a role, but they won't have permissions to manage resources until a role is assigned. Step 2 shows user added, Step 3 shows role assignment.
What happens if you try to manage resources without an active tenant?
You cannot manage resources without an active tenant because the tenant defines the security boundary. Step 4 shows enabling management after tenant and roles are set.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, after which step is the user 'Alice' added to the tenant?
AStep 1
BStep 3
CStep 2
DStep 4
💡 Hint
Check the 'Action' and 'Result' columns in execution_table row for Step 2.
At which step does the tenant become active for resource management?
AStep 2
BStep 4
CStep 3
DStep 5
💡 Hint
Look at the 'State Change' column in execution_table for when tenant is active.
If the role assignment in Step 3 was skipped, what would be the roles for 'Alice' after Step 4?
A[]
B['Global Administrator']
C['User']
D['Contributor']
💡 Hint
Refer to variable_tracker row 'Roles for Alice' and imagine skipping Step 3.
Concept Snapshot
Azure AD tenant is a directory that holds users and groups.
Create a tenant to start managing identities.
Add users to the tenant to give access.
Assign roles to users to grant permissions.
Use the tenant to control access to Azure resources.
Full Transcript
Azure AD tenants and directories start with creating a tenant, which acts as a container for users and groups. After creating the tenant, you add users like 'Alice'. Then you assign roles such as 'Global Administrator' to users to give them permissions. Finally, the tenant is used to manage Azure resources securely. This process ensures organized identity and access management in Azure.