Our highly practical Azure Active Directory Identity and Security training course provides comprehensive and in-depth coverage of key Azure identity and application security features. It gives delegates the confidence to implement a strong identity and application access solution in Azure with Zero Trust at its heart.
Who is our Azure AD Identity and Security training course for?
This 4-day Azure AD Identity and Security training course is designed for IT support staff, IT consultants and architects, pre-sales technical support staff, tech-savvy business decision-makers and department heads who want to know:
- How to configure and implement Azure AD Connect to synchronize on-premises users, groups with Azure AD, along with authentication options
- How to securely integrate SaaS apps and on-premises apps
- How to implement self-service password reset and self-service group management
- How to configure Conditional Access (for both cloud apps and on-premises apps) to evaluate users requests, and allow, deny or enforce step-up multi-factor authentication (MFA) based on factors such as the user’s identity, risk level and location.
- How to monitor user risks based on leaked credentials, behavioural analytics etc. and set up automatic remediation such as forcing MFA or password reset
- How to limit access to privileged roles
A highly practical course
The Azure AD Identity and Security training course comprises presentations, discussions, demonstrations, and 50+ hands-on lab exercises!
The hands-on labs – which are crucial to a proper understanding of the topics covered – have been made as realistic as possible. So for example, students will buy a real domain, and fully implement EM+S/O365 with public email, and real certificates for Single Sign-on. Students may keep this sandbox environment for future use.
The labs are complex and reflect issues you will encounter, and have to troubleshoot, in the real world. Students may keep this sandbox environment for future use.
See the course outline for full details about what you’ll learn.
This was, by FAR, the best training I’ve received in years! I loved how ‘lab heavy’ the course was. I learned so much from working through the labs.
Read what other students say about the Azure AD Identity and Security course.
At the end of the course, you’ll be able to:
- Synchronize on premises AD information with Azure AD using AD Connect, including users and groups, with authentication options.
- Monitor Azure AD Connect health
- Assign licenses directly and via groups (in-cloud and on-premises)
- Configure various self-service features such as self-service password registration, self-service password reset, self-service group management and self-service application management
- Implement cloud MFA and use it for step-up authentication for sensitive applications, and protect key accounts
- Securely publish on-premises applications to the cloud
- Add SaaS apps and configure authentication and provisioning (if applicable)
- Make use of Azure AD identity security features such as Privileged Identity Management and Identity Protection
- Build an environment that mimics the real world, so you can test, implement and deploy solutions with confidence
Please note: An essential part of the lab environment is that it has a real domain and real certificates and a real Microsoft Azure trial. To facilitate this students will have to provide a credit card. The total cost will not exceed £20/$30, unless you choose to continue to use the environment after the course.
Want to learn how to make the most of Azure AD Connect? Check out our Azure AD Connect Masterclass which is available as a live instructor-led course (in the classroom in person or remotely via Teams/Skype) and as an online, self-paced course.
This course is available as a public or private course, either in the classroom or via Teams/Skype.
Delegates on this highly practical course will get a solid foundation in the key identity and security features in Azure AD which are central to Microsoft’s Zero Trust “never assume trust, always verify” access control strategy. You will learn though lectures, discussions, and detailed hands-on labs exercises.
We provide detailed step-by-step lab instructions, and we also keep our class sizes small – so your instructor will have plenty of time to assist with any issues you might encounter in the labs, and answer any questions.
The hands-on labs are crucial to a proper understanding of the topics covered and have been designed to be as realistic as possible. With this in mind students will fully implement their own Azure/O365 environment, buying a real domain, with public email, and a real certificate for Single Sign-On (SSO).
Over four full and busy days, you will gain a deep and practical understanding of:
Module 1: Azure cloud computing
In this module, we introduce cloud computing and look at how it can be implemented in Azure through the use of various technologies such as Virtual Machines, cloud services, cloud licenses, and the Azure AD identity platform.
Module 2: AD and Azure AD
In this module, we look at (on-premises) Active Directory and (cloud) Azure Active Directory, and examine some of the key similarities and differences between them.
In the lab, we walk you through setting up an Azure AD tenant with a custom domain name. Following our step-by-step guides, you will buy a domain name, set up an Azure trial subscription, create an Azure AD tenant and add your custom domain name to it. Having set up your custom Azure AD tenant, we then walk you through the creation of Azure Virtual Machines which will be used to simulate various on-premises machines (a domain controller, an IIS server and a proxy server) in later labs.
Module 3: Integrating AD and AAD
Here we look at the need for synchronization and how Azure AD Connect can be used to synchronize users and groups between AD and Azure AD, in simple and more complex multi-forest scenarios. We cover numerous advanced topics including installation options, the various password synchronization options, the purpose of synchronization rules and why they might need to be modified, and how to monitor Azure AD Connect.
In the lab, you will populate your on-premises AD with users, and synchronize them with your Azure AD instance. You will examine various Azure AD connect features such as OU filtering, rules editing, password writeback, and SSO along the way. You will also setup and configure Azure AD Connect Health monitoring and alerts.
There is also an optional lab that walks you through the installation and configuration of both an AD FS server and a Web Application Proxy server. Having set them up, you will then configure Azure/O365 to use AD FS for authentication and examine the end user experience.
Module 4: Basic AADP Administration
In this module we focus on some of the features included with an Azure Active Directory Premium license. We start by discussing licence assignment (directly to individuals and indirectly via groups) and the various administrative and user interfaces. We also cover customizing your Azure AD branding, user and group management, and integrating SaaS apps (and the various levels of integration such as password vaulting, federation and inbound or outbound user provisioning). Finally, we examine the options for audit logs, sign-in reports, and security reports, and discuss how to analyse them.
In the lab, you will customize your Azure AD sign-in page and experiment with assigning licenses directly and indirectly (to groups synchronized from your on-premises AD). You will explore basic UI management and add SaaS apps: one with SSO configured, another with password-vaulting enabled, and optionally, a third SAML compliant SaaS app with provisioning enabled. In the final lab, you will review some of the pre-build reports in Azure.
Module 5: Self-service
This module is all about self-service: the self-service group management options for creating and joining groups (with or without owner approval); the self-service capabilities for providing application access; and self-service password registration and reset.
In the lab, you will explore all aspects of self-service group management both as an admin (enabling it) and as a user (creating groups and requesting to join groups and as a group owner approving membership requests). You will then implement self-service application management as an admin, and request access (as a user). Finally, you will implement and test self-service password reset both as an admin and a user.
Module 6: Other AADP Features
This module is all about cloud MFA and the Azure AD application proxy (both Azure Active Directory Premium features). We cover the different ways to purchase MFA, and the various configuration options for implementing cloud MFA and how it can be utilized to provide strong authentication for sign-in to modern office clients. We also take a detailed look at how the Azure Application proxy can be used to enable secure access to on-premises applications, from anywhere in the world without the need for traditional VPN technology.
In the labs, you will configure cloud MFA and enforce multi-factor authentication for some of the users, and test and contrast the end user experiences. In the Azure AD Application Proxy lab, you will publish an application hosted on your on-premises web server (one of your Azure VMs) and test access to it from both within your corporate network, and from outside. Further configuration involves enabling SSO, making it accessible for selection from the Office 365 app launcher and enabling self-service access. Finally, you will implement a custom name for the application.
There is also an optional lab which covers deploying the Azure Multi-Factor Authentication Server, integrating it with your on-premises Active Directory and configuring AD FS to utilize it for active client authentication requests.
Module 7: Implementing Conditional Access
In this module is all about Conditional Access which is fundamental to a Zero Trust access control strategy. We cover what it is and what it can be used for; how to configure conditional access policies to control application access, and invoke MFA if desired.
In the lab, you will set up and test identity-based (group membership) conditional access, and location-based (trusted and untrusted networks) conditional access for Exchange Online.
Module 8: Implementing Privileged Identity Management (PIM)
In this module, we discuss PIM (part of a Zero Trust least privilege approach) and how it can be used to control, monitor, alert, and review administrative access roles in Azure AD.
In the lab, you will assign various users Azure AD administrative roles and setup and configure PIM. Once enabled, you will test PIM role activation and deactivation. You will also set PIM alerts for administrative roles both for overuse and underuse, and you will perform a review of a user’s privileged access assignments.
Module 9: Implementing Identity Protection
In this module, we discuss Identity Protection, another central feature for any Zero Trust implementation. We cover what it can do, risk events, risk levels, user risk security policies, sign-in risk security policies, and how to remediate risks.
In the labs, you will setup Azure AD Identity protection. You will install an anonymity browser, and use it to visit the Azure portal – this generates anonymous IP address Identity Protection risk events, which you will then review and resolve. Finally, you will configure the Identity Protection sign-in policy and the user risk policy so that certain events can be automatically mitigated (you will make use of both MFA and password changes) and you will test both the policies.
Keeping your lab environment: Trial subscriptions and licenses for Azure AD, Enterprise Mobility + Security, and Microsoft 365 (formally Office 365) are used during the course, with the ‘on premises’ aspect of the environment implemented using Azure VMs within the Azure trial subscription. If delegates wish to keep the environment as their own sandbox for future use (and we think they should!), then the trial subscription can be made into a Pay-As-You-Go subscription after the class. Students will be expected to provide a credit card to secure the domain, certificates, and trial subscription – but this will only involve minor charges (about $30).