AAD allows organizations to manage their users and attributes. The entire user life cycle, including their creation, license assignment, and deletion, can be managed directly from the cloud admin centers, or, if you prefer, you could manage users from PowerShell or Microsoft Graph. Moreover, if an organization already has a directory in place, such as Active Directory (AD), it can also synchronize it with AAD in order to replicate users, attributes, groups, and even password hashes.  

A view of the list of users in a tenant, along with their current assigned licenses from the Microsoft 365 Admin Center, can be seen in the following screenshot:

From this view, administrators can view users and their assigned licenses. If a user does not have a license assigned, the Licenses and Apps tab will show Unlicensed. Active users can either be cloud-only users or users in your Active Directory that have been synchronized to Microsoft 365.

In addition, AAD enables the management of users' attributes, such as Display Name, User Principal Name (which is how users are identified during the login process),  Job Title, Office Location, Usage Location, Sign-In Status (Allowed or Blocked), and manager. These users and attributes are made available across the entire Microsoft 365 platform.

For every user in the organization, administrators can view their current attributes, as shown in the following screenshot:

Next, we'll look at the concept of groups.