How to Add a User in the Microsoft 365 Admin Center

TL;DR: In the Microsoft 365 admin center, go to Users > Active users > Add a user. Fill in the name, pick the domain, set a password, assign at least one Microsoft 365 license, and finish. The new account can sign in to https://www.microsoft365.com right away.

Adding a user is the first thing most Microsoft 365 administrators learn — and one of the most frequent. This guide walks through the user interface in the Microsoft 365 admin center and covers the choices that matter (domain selection, password behavior, license assignment), plus the Microsoft Graph PowerShell equivalent for when you need to script it.

What this does

Creating a user in the Microsoft 365 admin center provisions a cloud-only Microsoft Entra ID account in your tenant. That account can then be assigned licenses, signed into Microsoft 365 apps and services, and granted admin roles. Behind the scenes, the admin center is calling Microsoft Graph against Microsoft Entra ID — the same identity provider that backs Office 365, Microsoft Teams, SharePoint Online, and every other Microsoft 365 service.

This is the right path for tenants that don’t sync from on-premises Active Directory. If you do run Microsoft Entra Connect (formerly Azure AD Connect), users should be created in your on-prem AD and synced upward instead — creating them directly in the cloud will leave you with two accounts to reconcile.

When you’d want this

• Onboarding a new employee in a cloud-only or hybrid tenant where the user is cloud-managed
• Creating a service account, shared identity, or admin break-glass account
• Adding a contractor, vendor, or guest who needs a real mailbox (for guests without mailboxes, prefer B2B guest invites in Microsoft Entra ID instead)

Steps

1. Sign in to the Microsoft 365 admin center

Go to https://admin.microsoft.com (or https://admin.cloud.microsoft) and sign in with an account that has at least the User Administrator role. The Global Administrator role works too, but follow least-privilege guidance and use User Administrator when you can.

2. Open the Add a user wizard

The admin center has two layouts depending on tenant size:

• Dashboard view (most tenants): navigate to Users > Active users, then select Add a user.
• Simplified view (smaller tenants): from the home page, select Add user under Your organization, or open the Users tab and select Add user.

Both routes open the same wizard.

3. Set up the basics

Fill in:

• First name and Last name — used for the display name and the global address list.
• Display name — defaults to “First Last”; override if your directory standard is different (e.g., “Last, First”).
• Username — the part before the @ in the user’s sign-in address. Pick a stable identifier; renaming user principal names later is supported but disruptive.
• Domain — the dropdown lists every verified domain on your tenant. Pick the one that matches the user’s mailbox identity. Once an account is created on a domain, changing it later means updating the user principal name and is best avoided.

4. Set the password

Two checkboxes control password behavior:

• Automatically create a password (default on) — the admin center generates a secure temporary password. Turn this off only if you have a specific reason to set the password yourself.
• Require this user to change their password when they first sign in (default on) — leave this on. The user is prompted to set their own password on first sign-in, and you never have to know what it is.

Whatever you do, do not email passwords in plain text to the user. The completion screen lets you print or download a credentials sheet that you can hand off through a secure channel.

5. Assign product licenses

Pick the usage location (a country code — required for licensing compliance) and select at least one license. The picker shows every Microsoft 365, Office 365, Microsoft Entra, Microsoft Intune, and add-on license your tenant has, with available counts.

If you need a finer-grained scope, expand Apps and disable individual service plans (for example, turn off Yammer or Sway). Most tenants leave this at the default.

If you don’t have an available license, you can still create the user and assign the license later — but the user can’t access licensed services in the meantime.

6. Optional settings — admin role and profile info

Two collapsed sections at the bottom of step 4:

• Roles — leave as User (no admin access) unless this account specifically needs admin permissions. To grant admin permissions later, follow Microsoft’s guide to assigning admin roles.
• Profile info — job title, department, office, contact numbers. These flow to the global address list and Microsoft Teams, so they’re worth filling in.

7. Review and finish

Confirm the summary and select Finish adding. On the completion screen you can:

• Print or download credentials for secure handoff
• Send a getting-started email
• Save these settings as a user template for the next hire — handy if you onboard frequently into the same role

PowerShell equivalent

For scripted onboarding, use Microsoft Graph PowerShell. The legacy MSOnline and AzureAD modules are retired; Microsoft.Graph is the supported path.

# One-time setup
Install-Module Microsoft.Graph -Scope CurrentUser
Connect-MgGraph -Scopes "User.ReadWrite.All", "Directory.ReadWrite.All"

# Create the user
$password = @{
  Password                      = "TempPass!ChangeOnFirstSignIn123"
  ForceChangePasswordNextSignIn = $true
}

New-MgUser `
  -DisplayName       "Jakob Severin" `
  -GivenName         "Jakob" `
  -Surname           "Severin" `
  -MailNickname      "jakob" `
  -UserPrincipalName "jakob@contoso.com" `
  -UsageLocation     "US" `
  -AccountEnabled    `
  -PasswordProfile   $password

License assignment is a separate call:

$sku = Get-MgSubscribedSku -All | Where-Object SkuPartNumber -eq "ENTERPRISEPACK"
Set-MgUserLicense `
  -UserId       "jakob@contoso.com" `
  -AddLicenses  @(@{ SkuId = $sku.SkuId }) `
  -RemoveLicenses @()

For bulk onboarding, the admin center’s Add multiple users option accepts a CSV with the columns User Name, First Name, Last Name, Display Name, Job Title, Department, Office Number, Office Phone, Mobile Phone, Fax, Address, City, State or Province, ZIP or Postal Code, Country or Region. Same wizard logic; one upload.

Notes and gotchas

• Hybrid identity: if your tenant is synced from on-premises Active Directory via Microsoft Entra Connect, the Add a user option in the admin center is for cloud-only accounts. Synced users must be created in on-prem AD and will appear in Microsoft 365 after the next sync cycle.
• Usage location is mandatory for licensing. The wizard sets it from the picker; if you skip it (creating via API), license assignment fails.
• Names are not unique identifiers. Two people can share a display name — the user principal name is what must be unique.
• First-time sign-in — once licensed, the user signs in at https://www.microsoft365.com. Mailbox provisioning typically completes within a few minutes for Exchange Online.
• Permissions: you need the User Administrator role at minimum. Avoid using Global Administrator for routine onboarding.