Azure Active Directory Masterclass

Understand how Azure Active Directory provides cloud-based identity and access management for sign-in to applications, accounts, devices, and groups, with on-premises integration enabling single sign-on across resources.

Admins use Azure AD to control access with conditional multi-factor authentication; app developers use it to add single sign-on, and tenants enable APIs for personalized experiences.

Explore Azure Active Directory across Microsoft 365 admin center, Azure AD admin center, and portal.azure.com by creating users like Kevin Brown and Bob Ross, illustrating repository of users and devices.

Learn to define and use a custom domain name in Azure Active Directory, verify ownership with your domain registrar, and replace the default Microsoft.com tenant domain for user principal names.

Create a custom domain name in Azure Active Directory by adding a domain, creating a text record for verification, and setting it as primary; plan domain changes before deploying.

Explore how an Azure Active Directory tenant represents an organization, containing users, groups, devices, and apps, with separate instances that do not cross over between tenants.

Explore how to manage Azure Active Directory tenants, create new tenants (Azure AD or Azure AD B2C), name domains, switch between tenants, set a default tenant, and delete tenants.

Explore azure ad licensing from free to premium two, covering user and group management, on-premises synchronization, self-service password reset, and dynamic groups with conditional access.

Explore how Azure AD users manage authentication and authorization across cloud-only, on-premises Active Directory, and guest accounts, with single sign-on and app access via invitations.

Explore how to create and manage users and guest identities in Azure Active Directory, including assigning licenses and roles, defining usage location, and inviting guests with a Kevin Brown invitation.

Learn to create many users in azure active directory via bulk import from a csv template, configuring names, usernames, passwords, and attributes, with bulk invite or delete options.

Azure AD groups include security groups for permissions and Microsoft 365 groups for collaboration and mass email, with dynamic membership based on user or device properties.

Explore creating and managing Azure AD groups, including security and Microsoft 365 groups, dynamic membership rules based on department, and policies for ownership, expiration, and naming.

Set the remote signed execution policy in PowerShell and run as administrator, then install both the full Azure module and the Az module, and connect with Connect-AzAccount.

Learn to connect to Azure AD with PowerShell, create and manage users and groups, add members, update user properties, and remove groups using interactive scripting and parameters.

Learn to run PowerShell and Bash directly in the Azure portal's Cloud Shell, create storage, upload scripts, and manage Azure AD users with commands like Get-AzADUser and New-AzADUser.

Explore how to enable self-service password reset in Azure Active Directory, configure authentication methods (mobile app, text, email, security questions), require registration, and apply policy to all or selected users.

Learn how to connect devices to Azure AD by choosing between registered, joined, and hybrid Azure AD configurations based on device ownership, management, and authentication identity.

Discover how Azure AD device registration enables bring your own device access and single sign-on, controlled by conditional access, Intune, and Endpoint Manager for compliant, secure resources.

Azure AD join enables organization-owned devices to sign in with organizational accounts, enforcing conditional access and cloud-based management via Intune endpoint manager, with autopilot provisioning and out-of-box experience.

Understand how hybrid joined devices integrate on-prem active directory with azure ad, enabling domain join and azure ad registration while requiring periodic on-prem connectivity and flexible deployment options.

Compare Azure AD registration, join, and hybrid options, highlighting data ownership and device management. Determine who authenticates with local Active Directory or Azure AD and when each option applies.

Demonstrates registering a Windows VM with Azure AD and joining it to Azure AD, highlighting status as registered or joined, and settings for multi-factor authentication and enterprise state roaming.

Explore Azure AD roles and resource roles, from global administrator to user administrator, learn role assignment, and create custom roles to tailor permissions for read-only reporting.

Explore Azure resource roles such as owner, contributor, reader, and user access administrator and how they apply and inherit across resource, resource group, subscription, and management group levels.

Learn how to use administrative units in Azure AD to delegate the user administrator role to a specific group for a defined set of users, enabling scoped delegation.

Explore how multi-factor authentication strengthens Azure Active Directory security by pairing something you know with something you have, plus biometrics and authenticator apps.

Enable multi-factor authentication in Azure Active Directory by applying MFA per user or in bulk, with legacy authentication allowed until registration and security defaults for privileged roles.

Explore oath-based authentication with software tokens like Microsoft Authenticator generating six-digit codes from secret keys. Learn how hardware tokens refresh every 30–60 seconds and connect to Azure AD.

Configure multi-factor authentication in Azure AD, enable per-user MFA, manage authentication methods, and test using the authenticator app with QR codes and one-time passcodes.

Enable security defaults to require multi-factor authentication for all users and admins, and to block legacy authentication. If you use conditional access, these defaults may not be right for risk.

Apply just-in-time privileged identity management to activate roles such as user administrator or virtual machine administrator, time-bound and optionally approved, with audit history and regular access reviews.

Demonstrates creating a new user in Azure Active Directory and assigning the user administrator role via Privileged Identity Management as an eligible activation secured by multi-factor authentication.

Learn how Microsoft's zero trust model verifies requests by assuming breach and assessing user and device risk, and offers remediation options like malware scans and multifactor authentication to secure access.

Azure identity protection analyzes sign-in risk to block or require multi-factor authentication based on user risk levels, impossible travel, unfamiliar locations, and risky IPs, guided by an identity secure score.

Explore how conditional access tailors security to each app by evaluating user device, location, real-time risk, and the specific application, contrasting with identity protection’s account-wide risk assessments.

Configure Azure Identity Protection in Azure Active Directory, managing user and sign-in risk policies, apply to groups or all users, and set actions like block access or require multi-factor authentication.

Learn to configure conditional access in Azure Active Directory, defining trusted locations, MFA trust, and policies for Office 365. Apply risk, device, and location conditions to grant or block access.

Create break-glass emergency access accounts in Azure AD to prevent total lockout, using cloud-only, two accounts, excluded from conditional access, with varied mfa methods and 90-day credential verification.

Explore how Azure access reviews in identity governance recertify group membership, application access, and privilege role assignments, and how to configure reviewers, duration, recurrence, and notifications.

Review sign-in logs, audit logs, and provisioning logs to assess system health, track changes to users and groups, and monitor licensing implications in Azure AD.

Explore how the identity secure score measures your alignment with Microsoft security best practices, shows near real-time improvements, personalized recommendations, and a dashboard for trend and industry benchmarks.

View identity secure score in Azure Active Directory and Defender for Cloud, explore improvement actions, and learn how MFA, auditing, and diagnostic logs contribute to a high secure score.

Learn how to register, configure, and secure Azure AD enterprise applications, implement single sign-on and multi-factor authentication, and leverage the Azure AD application proxy for on-premises deployments.

Explore configuring enterprise applications in Azure Active Directory and adding apps like Salesforce. Learn to assign users and groups, set up single sign-on and provisioning options with application-specific tutorials.

Test an enterprise app with single sign-on using the Azure AD SAML toolkit. Create users, assign them, and finalize SSO settings with vendor documentation and certificates.

Demonstrates adding an enterprise application to Azure Active Directory, configuring the Azure AD SAML Toolkit for single sign-on, and creating test users to verify sign-on with URLs.

Explore how sign-in logs in the Azure AD SAML toolkit reveal user activity, including successful and failed attempts, location, device, and authentication details, with conditional access context.

Learn how entitlement management, an identity governance feature, automates access requests, reviews, and lifecycles for internal and external users across groups, apps, and SharePoint sites.

Demonstrates creating an entitlement catalog in Azure AD, adding resources (Salesforce, groups, SharePoint), building access packages with policies, and enabling automatic access requests and approvals.

Explore the three active directory services—on-premises domain services, Azure Active Directory, and Azure Active Directory domain services—and how organizational units and group policy manage users, groups, and computers.

Compare Azure AD and on-prem Active Directory Domain Services, highlighting tenants, domains, forests, and web-based authentication protocols such as SAML and WC Federation, with Kerberos as legacy.

Install Azure AD Domain Services to enable Kerberos authentication and group policy in Azure with availability, and synchronize on-prem AD with Azure AD to run Kerberos apps in the cloud.

Configure Azure Active Directory Domain Services by creating a resource group and vnet, selecting standard, enterprise, or premium, and enabling one-way synchronization from Azure AD to the managed domain.

Learn how to promote an on-premise server to a domain controller by installing ad ds, configuring a static ip and dns, and creating a new forest.

Connect on premise Active Directory to Azure Active Directory and establish hybrid identity with password hash synchronization, pass-through authentication, or ADFS for single sign-on across Azure and Office apps.

Configure Azure AD Connect to synchronize on-premises Active Directory to Azure AD using express settings, then verify initial sync and see users like Ronald Smith appear in Azure AD.

Explore Azure AD Cloud Sync, a standalone option that synchronizes on premise Active Directory to Azure AD via a cloud provisioning agent, with configuration managed in Azure AD.

Demonstrate installing Azure AD Cloud Sync, configuring the AD Connect provisioning agent on‑premises, and validating a live user sync from on‑prem to Azure AD using Joy Caldwell as a test.