Elevating User Management with Age Group and Consent Provided Fields in Microsoft Entra

Today, we’re thrilled to spotlight two pivotal fields in the Microsoft Entra admin center: Age Group and Consent Provided. These fields are instrumental in tailoring user profiles, particularly in organizations like K-12 school districts towards age and consent. You can learn more about profile categories here: How to manage user profile information – Microsoft Entra | Microsoft Learn. Let’s delve into the details!

Decoding Age Group and Consent Provided Fields

The Age Group field is an integral part of the user’s profile information. It classifies users into four distinct categories:

  • None
  • Minors: 12 and under
  • Not adult: 13-18 years old
  • Adults: 18 and over

Microsoft’s definition of Minor is 12 and under, but again your legal region/country might have a different age range and you would need to store as Minor those of a different age range.

jseghersMSFT_0-1701895388742.png

The Consent Provided field is a cornerstone of the application consent process. It signifies the process where users authorize an application to access a protected resource. Admins can select None, Granted, Denied, or Not required.

jseghersMSFT_1-1701895416795.png

The Significance of these Fields

The Age Group and Consent Provided fields in the Microsoft Entra admin center hold paramount importance for several reasons:

  1. Adherence to Legal Mandates: For organizations that handle the data of young adults, children, and in certain legal jurisdictions, adults who cannot consent to their own legal affairs, it’s important to record the Age Group for the user, along with any Consent Provided in the case of Minors. This assists organizations in complying with laws and regulations related to data privacy and protection.
  2. User Access Governance: The amalgamation of age group and consent provided by parent options determine the Legal age group classification. This classification may restrict the user’s access and authority. For instance, it can be utilized to limit minors from accessing certain applications or features, ensuring a secure and appropriate user experience.
  3. Application Consent Mechanism: The Consent Provided field is a part of the application consent process. It signifies the process where users authorize an application to access a protected resource. This ensures that users have control over their data and can decide which applications can access their information.
  4. Parental Supervision: For organizations like K-12 school districts, the user’s age group may need to be provided. The Age Group and Consent Provided fields empower IT admins to work with parents or guardians to regulate what their children can access, providing an additional layer of safety for underage users.

Updating these Fields: A Comprehensive Guide

There are multiple ways to update the fields, let’s walk through them!

Harnessing the Power of School Data Sync (SDS)

School Data Sync (SDS) is a powerful tool that can automate the management of these fields. When processing data from your Student Information System (SIS), SDS updates the Age Group and Consent Provided fields for all student users. You can set up your manage data configuration immediately after defining your connect data configuration. Read more here: Protecting Student Personal Data – School Data Sync | Microsoft Learn

Using PowerShell

PowerShell provides a command Set-AzureADUser that allows you to update a user’s Age Group and Consent Provided fields. Here’s an example of how to use it. Make sure to make the necessary changes based on your organizational needs.

Get-AzureADUser -All $true | Where-Object -FilterScript { $_.DisplayName -notmatch ' (George|James|Education)' } | ForEach-Object { Set-AzureADUser -ObjectId $($_.ObjectId) -AgeGroup 'minor' -ConsentProvidedForMinor 'granted' }

This command updates the specified user’s property. Find full scripts here: O365-EDU-Tools/SDS Scripts/Consent Scripts at master · OfficeDev/O365-EDU-Tools · GitHub

Using the Graph API

The Graph API allows you to update the Age Group field as well. The API to use is https://graph.microsoft.com/v1.0/users/{id|UPN} with a patch call associated with a body containing the Age Group value. More information about updating users in Entra ID using the Graph API can be found here: Update user – Microsoft Graph v1.0 | Microsoft Learn .

Manually

You can also manually update these fields through the Microsoft Entra admin center. After signing in as at least a User Administrator, you can select a user and edit their profile details. The Age Group and Consent Provided fields can be found under the Parental controls category.

Which method do I use?

Depending on your skill set, level of expertise, or how you want to use this field, any of the above options can be used. If you have many users to update, automating the process using PowerShell or the Graph API is recommended. If you already have SDS in place, SDS might be the better option for you. Make sure to update the example code and guidelines depending on what your organization needs.

We hope this post helps you better understand the Age Group and Consent Provided fields in the Microsoft Entra admin center and that it will help offer the appropriate experiences to your users.

https://techcommunity.microsoft.com/t5/education-blog/elevating-user-management-with-age-group-and-consent-provided/ba-p/4002713 https://techcommunity.microsoft.com/t5/education-blog/elevating-user-management-with-age-group-and-consent-provided/ba-p/4002713 2023-12-06 20:57:22Z