In today’s bustling digital landscape, keeping your Entra ID (Azure AD) user data in shipshape is more vital than ever. Think of it as tidying up your digital space – a bit of housekeeping to ensure things run smoothly and everyone can navigate the digital landscape in a natural language. It is about time to supercharge your Entra ID user data!
The ABCs of Keeping Entra ID User Data Shipshape
Now, let’s break down why it’s not just a chore, but a smart move for a flourishing digital ecosystem.
A – Accuracy Amplifies Efficiency
Imagine a bustling office where everyone knows their roles and responsibilities. Accurate user data in Entra ID is like having a well-organized office. Admins can swiftly assign roles and permissions, reducing the hassle and boosting security. It’s like having a clear desk – everything is in its place and easy to find.
B – Better Dynamics with Dynamic Groups
Dynamic groups are your digital buddies for effortless management. When user attributes are accurate, dynamic groups work like a charm. People are automatically added or removed from groups based on their roles and projects. Picture a group chat that always has the right people – no more digital ‘Where’s Waldo?’
C – Clear Contacts, Clear Communication
Have you ever tried reaching someone without a working phone number or a wrong email address? Frustrating, right? Updated contact information ensures that your colleagues are just a message or call away. It’s like having a well-maintained address book that saves you from the ‘lost in translation’ scenario. This is more important than ever before now that Microsoft Copilot is entering the ring.
The Microsoft Copilot revolution
In this digital age, where Microsoft Copilot is upping the efficiency game, keeping Entra ID user profile attributes current and accurate is the ultimate power move. It’s not just about neatness; it’s about elevating collaboration, streamlining processes, and steering your organization toward success in the vast ocean of the digital world. So, grab that digital mop and broom, and let’s keep things spick and span in Entra ID!
housekeeping of the user attribute data can be related to Microsoft Copilot. Microsoft Copilot is an AI-powered productivity tool that uses large language models (LLMs) and integrates your data with the Microsoft Graph and Microsoft 365 apps and services. It works alongside popular Microsoft 365 apps such as Word, Excel, PowerPoint, Outlook, Teams, and more.
One of the benefits of Microsoft Copilot is that it can provide real-time intelligent assistance, enabling users to enhance their creativity, productivity, and skills. For example, Copilot can help users write a great article, draft a presentation, do more with data, create an agenda, and more. To do this, Copilot needs to access and analyze the user’s data, such as documents, emails, calendars, contacts, and preferences.
Therefore, it is important to keep the user attribute data up to date, so that Copilot can provide accurate and relevant suggestions and content based on the user’s context and needs. For instance, if the user’s name, email address, or role changes, Copilot should reflect these changes in its interactions with the user. Similarly, if the user’s preferences, interests, or goals change, Copilot should adapt to these changes and offer personalized and tailored assistance.
Updated user attributes allow CoPilot to offer precise and pertinent recommendations and content that align with the user’s current context. For instance, if the user’s name, email address, or role undergoes any changes, CoPilot should reflect these updates in its interactions.
Microsoft Intune and Security Copilot
In a recent blogpost, Microsoft describes how Microsoft Intune will integrate with Microsoft Security Copilot. The integration of Microsoft Intune data into Security CoPilot is a game-changer. It will transform the way you handle security threats, providing comprehensive device context, and bolstering your enterprise’s security stance with AI-powered insights and actions.
This seamless integration with Intune in Security CoPilot offers customers the ability to effortlessly retrieve information about devices and user properties using natural language. It simplifies the process and ensures that you can access the data you need swiftly and efficiently, as long as the data is current.
It’s Time to Supercharge Your Entra ID User Data
Whether data is sourced externally, such as from an HR feed, or managed manually, individuals and Copilot rely on directory information to locate colleagues and gain insights into the organization’s structure. If the data in your directory is incorrect, certain features may not function correctly or might not work at all.
HR-driven provisioning has associated costs, which are detailed in the Microsoft Entra Plans and Pricing. As a result, some companies opt for manual data management to save on expenses. However, this approach often leads to inaccuracies. This is where my scripted routine for maintaining up-to-date user accounts becomes invaluable.
With my 3-step routine, you can get all user data in Microsoft Entra ready and set for Microsoft CoPilot!
Export Users to CSV
Manually updating users in the Microsoft Entra admin center is a tough task if you have many users, and the danger of making mistakes is certainly present. That’s why I have created a PowerShell script that will export information about users’ accounts in your Entra ID to CSV.
The script is available at my GitHub repo:
Community-By-SSkotheimsvik/Microsoft/AAD/AAD-Users-ExportAttributesToCSV.ps1 at main · SimonSkotheimsvik/Community-By-SSkotheimsvik (github.com)
If you are using synced ID from Active Directory, you should use my older script to export user data from AD: Community-By-SSkotheimsvik/Microsoft/AD/ExportADResourcesToCsv.ps1 at main · SimonSkotheimsvik/Community-By-SSkotheimsvik (github.com)
<#
.NOTES
===========================================================================
Created on: 28.09.2023
Created by: Simon Skotheimsvik
Filename: AAD-Users-ExportAttributesToCSV.ps1
Instructions: https://skotheimsvik.no
===========================================================================
.DESCRIPTION
This script will export information about user accounts in AAD to CSV
#>
# Install and import the Microsoft Graph module
#Install-Module -Name Microsoft.Graph
Import-Module Microsoft.Graph.Users
# Authenticate interactively (remember to aka.ms/pim first)
Connect-MgGraph -Scopes "User.Read.All"
# Define the output CSV file path
$csvFilePath = "c:\temp\EntraID-Users-Attributes.csv"
# Retrieve all users from Azure AD using Microsoft Graph
$users = Get-MgUser -All -Property Id, UserPrincipalName, GivenName, Surname, JobTitle, Department, CompanyName, MobilePhone, OfficeLocation, PostalCode, City, Country, UsageLocation -Expand Manager | Select-Object Id, UserPrincipalName, GivenName, Surname, JobTitle, Department, CompanyName, MobilePhone, OfficeLocation, PostalCode, City, Country, UsageLocation, @{Name='Manager'; Expression={$_.Manager.AdditionalProperties.userPrincipalName}}
# Export the user details to a CSV file
$users | Export-Csv -Path $csvFilePath -NoTypeInformation
# Display a message indicating the export is complete
Write-Host "User details exported to $csvFilePath."
PowerShellThe output of this script will be a CSV file.
Manipulate The CSV Data
You can now manipulate the users’ attributes in your favorite CSV editor. If you plan to outsource this job to the HR department, it can be good to prepare the data in an Excel workbook.
Open the CSV in Excel, mark the first column, and click on Data – Text to Columns. Select the data delimiter.
Mark all cells and columns holding users and format this as a Table for easy sorting and filtering.
If you fancy, you can add conditional formatting to mark all empty cells.
Now you are ready to fill in the missing information on all users. Remove lines for service accounts etc before sending to the HR department for assistance on the details.
Pay special attention to the OfficeLocation attribute, as this can give great value to your end users, and also Microsoft Copilot.
Read my previous blog covering how you should use this field for your users: Simon does Locating Colleagues Made Easy: Microsoft Search Functionality on Floor Plans (skotheimsvik.no)
Once filled in, you can save the document as CSV to use with the import routine.
The CSV file is now ready to be imported.
Import Updated Data From CSV To The Users
You should now grab the following script from my GitHub to import the values from the CSV to your user accounts: Community-By-SSkotheimsvik/Microsoft/AAD/AAD-Users-ImportAttributesFromCSV.ps1 at main · SimonSkotheimsvik/Community-By-SSkotheimsvik (github.com)
If you are using synced ID from Active Directory, and you used my older script to export user data from AD, you should also use my older script to import changes to AD: Community-By-SSkotheimsvik/Microsoft/AD/ImportADResourceDetailsFromCSV.ps1 at main · SimonSkotheimsvik/Community-By-SSkotheimsvik (github.com)
<#
.NOTES
===========================================================================
Created on: 28.09.2023
Created by: Simon Skotheimsvik
Filename: AAD-Users-ImportAttributesFromCSV.ps1
Instructions: https://skotheimsvik.no
===========================================================================
.DESCRIPTION
This script will import information about user accounts in AAD from CSV
#>
# Install and import the Microsoft Graph module
#Install-Module -Name Microsoft.Graph
Import-Module Microsoft.Graph.Users
# Authenticate interactively (remember to aka.ms/pim first)
Connect-MgGraph -Scopes "User.ReadWrite.All"
# Define the CSV file path
$csvFilePath = "c:\temp\AAD-Users-Attributes.csv"
# Read the CSV file
$csvUsers = Import-Csv -Path $csvFilePath -Delimiter ";"
# Attributes to check and update
$attributesToUpdate = @("GivenName", "Surname", "JobTitle", "Department", "CompanyName", "MobilePhone", "OfficeLocation", "PostalCode", "City", "Country", "UsageLocation", "Manager", "Id")
# Iterate through each user in the CSV and update Azure AD if needed
foreach ($csvUser in $csvUsers) {
$userPrincipalName = $csvUser.UserPrincipalName
# Retrieve the Azure AD user with all necessary attributes
$azureADUser = Get-MgUser -Filter "userPrincipalName eq '$userPrincipalName'" -Property $attributesToUpdate
if ($azureADUser) {
# Get the user's Id
$userId = $azureADUser.Id
# Compare and update attributes
$NoUpdatesForUser = $true
foreach ($attribute in $attributesToUpdate) {
if ($csvUser.$attribute -ne "") { # Check if the CSV value is not empty
if ($azureADUser.$attribute -ne $csvUser.$attribute) {
if ($attribute -eq "Manager") {
# Retrieve the manager's user object to get the manager's Id
$managerUser = Get-MgUser -Filter "userPrincipalName eq '$($csvUser.$attribute)'" -Property Id
$NewManager = @{
"@odata.id"="https://graph.microsoft.com/v1.0/users/$($managerUser.Id)"
}
Set-MgUserManagerByRef -UserId $UserId -BodyParameter $NewManager
Write-Host "Updated $attribute for user: $userPrincipalName to $($csvUser.$attribute)" -ForegroundColor DarkYellow
}
else {
# All other attributes than the manager
$attributeValue = $csvUser.$attribute
$params = @{
"UserId" = $userId
}
$params[$attribute] = $attributeValue
Update-MgUser @params
Write-Host "Updated $attribute for user: $userPrincipalName to $attributeValue" -ForegroundColor DarkYellow
}
$NoUpdatesForUser = $false
}
}
}
if ($NoUpdatesForUser -eq $true) {
Write-Host "No updates for user: $userPrincipalName" -ForegroundColor Green
}
}
else {
Write-Host "User not found in Azure AD: $userPrincipalName" -ForegroundColor Cyan
}
}
# Display a message indicating the update is complete
Write-Host "Userlist processing complete." -ForegroundColor Blue
PowerShellUse the script at your own risk. Pay attention to the delimiter in your CSV file.
Test first with a smaller set of users in the CSV file you use as input for the script.
After running the script, the user accounts should be updated with the values from your CSV!
Your Entra ID Directory Is Getting Copilot Ready!
Keeping an accurate directory has always been important. In the past, in the on-premises world, there might have been less emphasis on the accuracy of directory data, as many applications didn’t rely heavily on it. However, it’s clear that a robust directory is vital for the optimal functioning of Microsoft 365. This importance is further underscored with the introduction of Microsoft Copilot to our tenants.
Experience the details
An updated user directory will quickly bring you valuable benefits.
- You will see an updated directory in Teams, Windows 11 search, and other places in Microsoft365:
2. You can use the data to create Entra ID dynamic user groups based on the user attributes.
3. I have previously described a routine for Computer Renaming based on user attributes for the registered owner. This type of routine requires an up-to-date directory.
4. Third-party applications can be enriched by the new detail level for each employee. An example of this is e-mail signature applications as mentioned in my previous blog post Simon does Complete Branding for your Tenant and Managed Endpoints.
5. Thanks to the newly announced seamless integration between Intune and Security CoPilot, we will effortlessly be able to access device and user information using natural language. With an updated Entra ID user catalog, I expect us to simply ask Security CoPilot questions like:
– “What’s the security status of all devices owned by C-level employees?”
– “What’s the oldest functional OS level at the Engineering department?”
– “How many Norwegian employees have Adobe Photoshop installed?”
[…] Unlock the Copilot Advantage: Supercharge Your Entra ID User Data […]