Our highly practical Microsoft Entra ID (formerly Azure AD Identity and Security) training course provides comprehensive and in-depth coverage of key Microsoft Entra ID identity, security and governance features. During the course, delegates will build an environment that mimics the real world – enabling them to experiment with features, and subsequently implement and deploy their own solutions with confidence.
(Read more about the change of name from Azure AD to Microsoft Entra ID.)
What does the course cover?
This 4-day course covers:
- How to configure and implement Azure AD Connect to synchronize on-premises users, groups with Microsoft Entra ID, along with authentication options
- How to securely integrate SaaS apps and on-premises apps
- How to implement self-service password reset and self-service group management
- How to configure Conditional Access (for both cloud apps and on-premises apps) to evaluate users requests, and allow, deny or enforce step-up multi-factor authentication (MFA) based on factors such as the user’s identity, risk level and location.
- How to monitor user risks based on leaked credentials, behavioural analytics etc. and set up automatic remediation such as forcing MFA or password reset
- How to limit access to privileged roles
Highly practical training
Our Microsoft Entra ID training course comprises presentations, discussions, demonstrations, and 50+ hands-on lab exercises!
The hands-on labs – which are crucial to a proper understanding of the topics covered – have been made as realistic as possible. So for example, students will buy a real domain, and take out real licenses with public email, and real certificates for single sign-on etc. Students may keep this sandbox environment for future use.
The labs are complex and reflect issues you will encounter in the real world, and which you will need to troubleshoot.
See the course outline for full details about what you’ll learn on our Microsoft Entra ID training course.
This was, by FAR, the best training I’ve received in years! I loved how ‘lab heavy’ the course was. I learned so much from working through the labs.
Read what other students say about the Microsoft Entra ID training course.
At the end of this course, you’ll be able to:
- Synchronize on-premises AD user and group identities with Microsoft Entra ID using Cloud Sync/Connect Sync (Azure AD Connect), including various authentication options.
- Monitor system health
- Assign licenses directly and via groups (in-cloud and on-premises)
- Configure various self-service features such as self-service password registration, self-service password reset, self-service group management and self-service application management
- Implement cloud MFA and use it for step-up authentication for sensitive applications, and protect key accounts
- Securely publish on-premises applications to the cloud
- Add SaaS apps and configure authentication and provisioning (if applicable)
- Make use of Microsoft Entra ID identity security features such as Privileged Identity Management and Identity Protection
- Build an environment that mimics the real world, so you can test, implement and deploy your own solutions with confidence
Please note: An essential part of the lab environment is that it has a real domain and real certificates and a real license trials. In order to facilitate this students will have to provide a credit card. The total cost will not exceed £20/$30, unless you choose to continue to use the environment after the trial licenses have expired.
This 4-day live instructor-led training is available as a public course via Teams, or as a private course (either on-site or via Teams).
Delegates on this highly practical course will get a solid foundation in the key identity, security and governance features in Microsoft Entra ID which are central to Microsoft’s Zero Trust “never assume trust, always verify” access control strategy. You will learn though lectures, discussions, and detailed hands-on lab exercises.
We provide detailed step-by-step lab instructions, and we also keep our class sizes small – so your instructor will have plenty of time to assist with any issues you might encounter in the labs, and answer any questions.
The hands-on labs are crucial to a proper understanding of the topics covered and have been designed to be as realistic as possible. With this in mind students will fully implement their own hybrid AD/Microsoft Entra ID environment, buying a real domain, with public email, and a real certificate for single sign-on (SSO).
Over 4 full and busy days, you will gain a deep and practical understanding of:
Module 1: Introducing Microsoft Entra ID
In this module, we introduce cloud hybrid computing and look at how it can be implemented using the Microsoft Entra ID identity platform.
Module 2: AD and Microsoft Entra ID
In this module, we look at (on-premises) Active Directory and (cloud) Microsoft Entra ID, and examine some of the key similarities and differences between them.
In the lab, we walk you through setting up a Microsoft Entra ID tenant with a custom domain name. Following our step-by-step guides, you will buy a domain name, set up a Microsoft Entra ID trial subscription and tenant, and add your custom domain name to it. We then walk you through the creation of the virtual machines which will be used to simulate various on-premises machines (a domain controller, an IIS server and a proxy server) in later labs.
Module 3: Integrating AD and Microsoft Entra ID
Here we look at the need for synchronization and how Cloud Sync and/or Connect Sync (Azure AD Connect) can be used to synchronize users and groups between AD and Microsoft Entra ID, in simple and more complex multi-forest scenarios.
We cover numerous advanced topics including installation options, the various password synchronization options, the purpose of synchronization rules and why they might need to be modified. You will also examine alternative authentication scenarios such as AD FS SSO.
In the lab, you will populate your on-premises AD with users, and synchronize them with your Microsoft Entra ID tenant, and set up a typical configuration. Optional labs are included for exploring features that may not be relevant to all delegates (such as implementing AD FS.
Module 4: Basic Microsoft Entra ID administration
In this module, we focus on some of the features included with a Microsoft Entra ID Premium license. We start by discussing licence assignment (directly to individuals and indirectly via groups) and the various administrative and user interfaces. We also cover customizing your branding, user and group management, and integrating SaaS apps (and the various levels of integration such as password vaulting, federation and inbound or outbound user provisioning). Finally, we examine the available logs and reports, and discuss how to analyse them.
In the lab, you will customize your Microsoft Entra ID sign-in page and experiment with assigning licenses directly and indirectly (to groups synchronized from your on-premises AD). You will explore basic UI management and add SaaS apps: one with SSO configured, another with password-vaulting enabled, and (optionally) a third that is SAML compliant with provisioning enabled. In the final lab, you will review some of the Entra ID logs.
Module 5: Self-service
This module covers the self-service options for creating and joining groups (with or without owner approval); the self-service capabilities for providing application access; and self-service password registration and reset.
In the lab, you will explore all aspects of self-service group management both as an admin (enabling it) and as a user (creating groups and requesting to join groups and as a group owner approving membership requests). You will then implement self-service application management as an admin, and request access (as a user). Finally, you will implement and test self-service password reset both as an admin and a user.
Module 6: Other Microsoft Entra ID Premium features
This module is all about cloud MFA and the Application Proxy. We cover the different ways to purchase MFA, and the various configuration options for implementing cloud MFA and how it can be utilized to provide strong authentication for sign-in to modern office clients. We also take a detailed look at how the Application Proxy can be used to enable secure access to on-premises applications from anywhere in the world, without the need for traditional VPN technology.
In the labs, you will configure cloud MFA and enforce it for some of the users, and test and contrast the end user experiences. In the Application Proxy lab, you will publish an application hosted on your on-premises web server and test access to it from both within your corporate network, and from outside. Further configuration involves enabling SSO, making it accessible for selection from the Microsoft 365 app launcher, and enabling self-service access. Finally, you will implement a custom name for the application.
There is also an optional lab which covers deploying the MFA Server, integrating it with your on-premises Active Directory and configuring AD FS to utilize it for active client authentication requests.
Module 7: Implementing Conditional Access
Conditional Access is fundamental to a Zero Trust access control strategy. We cover what it is and what it can be used for, how to configure conditional access policies to control application access, and invoke MFA if desired.
In the lab, you will set up and test identity-based (group membership) conditional access, and location-based (trusted and untrusted networks) conditional access for Exchange Online.
Module 8: Implementing Privileged Identity Management (PIM)
PIM is another essential part of the Zero Trust least privilege approach. We discuss how it can be used to control, monitor, alert, and review administrative access roles in Microsoft Entra ID.
In the lab, you will assign various administrative roles to users, and set up and configure PIM. Once enabled, you will test PIM role activation and deactivation. You will also set PIM alerts for administrative roles both for overuse and underuse, and you will perform a review of a user’s privileged access assignments.
Module 9: Implementing Identity Protection
Identity Protection is yet another feature that is central for any Zero Trust implementation. We cover what it can do, risk events, risk levels, user risk security policies, sign-in risk security policies, and how to remediate risks.
In the labs, you will setup Identity Protection. You will install an anonymity browser, and use it to visit the Microsoft Entra ID admin center. This generates anonymous IP address Identity Protection risk events, which you will then review and resolve. Finally, you will configure the Identity Protection sign-in policy and the user risk policy so that certain events can be automatically mitigated (you will make use of both MFA and password changes) and you will test both the policies.
Keeping your lab environment: Trial subscriptions and licenses for Microsoft Entra ID and Microsoft 365 are used during the course, with the ‘on premises’ aspect of the environment implemented using VMs within the your trial subscription. If delegates wish to keep the environment as their own sandbox for future use (and we think they should!), then the trial subscription can be made into a Pay-As-You-Go subscription after the class. Students will be expected to provide a credit card to secure the domain, certificates, and trial subscription – but this will only involve minor charges (about $30).
The course is designed for IT support staff, IT consultants and architects, pre-sales technical support staff, and tech-savvy business decision-makers.
Attendees should be familiar with Microsoft Active Directory (AD), IIS, and SharePoint and have a good grasp of general Windows concepts, including authentication and authorization, shares and permissions.