Populating Azure environment with test data
I was trying to get access to the Microsoft Developer Program simply because they allow you to load in a sample dataset that will configure your test environment with user accounts, groups etc to mock a real environment. This is probably useful if you are developing against the platform, but also equally as useful for me trying to more about Azure and Entra security (realism is better I find!).
So, as it turns out the Microsoft Developer Program looks like it has seen better days (it isn’t available unless you have some licensed products it seems), so I decided to create a script to populate my own tenant with some sample data.
Sharing this below in case you are stuck and want to achieve the same -
First, you will need to create an App Registration with the following permissions:
- Directory.ReadWrite.All
- Group.ReadWrite.All
- User.ReadWrite.All
And then add a client secret to the App Registration. From there, you can configure the appropriate details in the following script (lines 8-12) -
Dependencies:
pip install msal requests faker
Script:
import json
import requests
import random
from faker import Faker
from msal import ConfidentialClientApplication
# Azure AD Credentials (Update These)
TENANT_ID = "UPDATE"
CLIENT_ID = "UPDATE"
CLIENT_SECRET = "UPDATE"
GRAPH_API_BASE = "https://graph.microsoft.com/v1.0"
DOMAIN = "UPDATE.onmicrosoft.com"
# Authenticate with MS Graph
def get_access_token():
app = ConfidentialClientApplication(CLIENT_ID, authority=f"https://login.microsoftonline.com/{TENANT_ID}",
client_credential=CLIENT_SECRET)
token = app.acquire_token_for_client(scopes=["https://graph.microsoft.com/.default"])
return token.get("access_token")
# Generate fake user data
fake = Faker()
departments = {
"IT": ["Software Engineer", "IT Support", "Security Analyst"],
"HR": ["HR Manager", "Recruiter", "Payroll Specialist"],
"Sales": ["Sales Manager", "Account Executive", "Business Development"],
"Finance": ["Finance Manager", "Accountant", "Auditor"]
}
# Store users and groups
managers = []
employees = []
group_ids = {}
# Generate managers first
for dept in departments.keys():
manager = {
"displayName": fake.name(),
"jobTitle": f"{dept} Manager",
"mailNickname": fake.user_name(),
"userPrincipalName": f"{fake.user_name()}@" + DOMAIN,
"password": "P@ssw0rd123!",
"department": dept
}
managers.append(manager)
# Generate employees
for manager in managers:
for _ in range(5): # 5 employees per department
employee = {
"displayName": fake.name(),
"jobTitle": random.choice(departments[manager["department"]]),
"mailNickname": fake.user_name(),
"userPrincipalName": f"{fake.user_name()}@" + DOMAIN,
"password": "P@ssw0rd123!",
"department": manager["department"],
"managerUPN": manager["userPrincipalName"]
}
employees.append(employee)
# Create Users in Azure AD
def create_user(user, access_token):
headers = {
"Authorization": f"Bearer {access_token}",
"Content-Type": "application/json"
}
user_data = {
"accountEnabled": True,
"displayName": user["displayName"],
"mailNickname": user["mailNickname"],
"userPrincipalName": user["userPrincipalName"],
"jobTitle": user["jobTitle"],
"passwordProfile": {
"forceChangePasswordNextSignIn": False,
"password": user["password"]
},
"department": user["department"]
}
response = requests.post(f"{GRAPH_API_BASE}/users", headers=headers, json=user_data)
return response.json()
# Assign Manager Relationships
def assign_manager(employeeUPN, manager_id, access_token):
headers = {
"Authorization": f"Bearer {access_token}",
"Content-Type": "application/json"
}
data = {
"@odata.id": f"{GRAPH_API_BASE}/users/{manager_id}"
}
response = requests.put(f"{GRAPH_API_BASE}/users/{employeeUPN}/manager/$ref", headers=headers, json=data)
return response.status_code
# Create Department Groups
def create_group(dept_name, access_token):
headers = {
"Authorization": f"Bearer {access_token}",
"Content-Type": "application/json"
}
group_data = {
"displayName": f"{dept_name} Department",
"mailNickname": dept_name.lower().replace(" ", ""),
"mailEnabled": False,
"securityEnabled": True
}
response = requests.post(f"{GRAPH_API_BASE}/groups", headers=headers, json=group_data)
return response.json()
# Add Users to Groups
def add_user_to_group(user_id, group_id, access_token):
headers = {
"Authorization": f"Bearer {access_token}",
"Content-Type": "application/json"
}
data = {
"@odata.id": f"{GRAPH_API_BASE}/directoryObjects/{user_id}"
}
response = requests.post(f"{GRAPH_API_BASE}/groups/{group_id}/members/$ref", headers=headers, json=data)
return response.status_code
if __name__ == "__main__":
token = get_access_token()
if not token:
print("Failed to get access token. Check your credentials.")
exit()
manager_ids = {}
# Step 1: Create Groups for Each Department
for dept in departments.keys():
response = create_group(dept, token)
if "id" in response:
group_ids[dept] = response["id"]
print(f"Created Group: {dept} Department")
else:
print(f"Failed to create group for {dept}: {response}")
# Step 2: Create Managers and Store Their IDs
for manager in managers:
response = create_user(manager, token)
if "id" in response:
manager_ids[manager["userPrincipalName"]] = response["id"]
print(f"Created Manager: {manager['displayName']} ({manager['userPrincipalName']})")
# Add Manager to Department Group
if manager["department"] in group_ids:
add_user_to_group(response["id"], group_ids[manager["department"]], token)
print(f"Added {manager['displayName']} to {manager['department']} Department Group")
else:
print(f"Failed to create manager: {manager['displayName']} - {response}")
# Step 3: Create Employees and Assign Managers & Groups
for employee in employees:
response = create_user(employee, token)
if "id" in response:
print(f"Created Employee: {employee['displayName']} ({employee['userPrincipalName']})")
# Assign Manager
if employee["managerUPN"] in manager_ids:
status = assign_manager(employee["userPrincipalName"], manager_ids[employee["managerUPN"]], token)
if status == 204:
print(f"Assigned {employee['displayName']} to {employee['managerUPN']}")
# Add Employee to Department Group
if employee["department"] in group_ids:
add_user_to_group(response["id"], group_ids[employee["department"]], token)
print(f"Added {employee['displayName']} to {employee['department']} Department Group")
else:
print(f"Failed to create employee: {employee['displayName']} - {response}")Outcome:
