Microsoft Identity Masterclass with John Craddock

Microsoft Identity Masterclass with John Craddock

There are only a handful of people in the world that can deliver a training like John does. Very clear and informative, he is definitely an expert on this subject. I couldn’t find any glitch or anything he didn’t know. Awesome! A truckload of information in a short amount of time. Awesome week and good job!

Marius, Senior Azure Platform Engineer, The Netherlands

Live Instructor-Led Course

Attend from anywhere via Zoom

£3635 / $4995 / €4250

plus VAT if applicable

Course code: A639

Available as a public and private course via Zoom

If you'd like to arrange a private Identity Masterclass with John Craddock for your team, or you'd like to be the first to hear about new dates for public courses please contact us or complete this short form.
Note: John's Identity Masterclass is now only available to North American customers as a private class on request.

Learn everything you need to know to integrate applications into Microsoft cloud and on-premises environments using modern and legacy authentication methods.

Who is John Craddock’s Microsoft Identity Masterclass for?

The 5-day Microsoft Identity Masterclass is primarily for IT professionals. Application developers who are tasked with integrating authentication and authorization with Microsoft Entra ID and/or on-premises AD will significantly benefit. Code development is not included in the class, but you will learn about configuration requirements. The Masterclass is designed to teach you how to solve all the challenging aspects of securing apps in Microsoft Entra ID and providing an optimal SSO experience for your users. It takes place remotely via Zoom. Read what students say about this course.

What will I learn?

You will discover how identity solutions offered by Microsoft Entra ID and on-premises AD will help you build identity systems for the future using protocols that include OpenID Connect and OAuth 2.0. You will learn how to authenticate and provide authorization factors to applications that can be located on-premises or in the cloud. The source of identity of the users could be from your corporate network, your Microsoft Entra ID domain, a partner organization, and/or a social identity provider such as Facebook or Google.

The class provides detailed learning through the extensive use of hands-on labs. Attendees will not only learn the fundamentals and principles but also learn how to deploy and troubleshoot the solutions. In-depth learning will be gained through the use of tools, such as Fiddler, to analyze and understand the protocol flows.

About John Craddock’s Microsoft Identity Masterclass

John Craddock’s “awesome” Microsoft Identity Masterclass is a high-energy, action-packed deep dive into Microsoft Entra ID, crammed with solid information and tips. John will help build your knowledge and consolidate your new skills with 37 hands-on labs.

To attend the Masterclass, you need to be a confident IT administrator with a thirst for knowledge. The Masterclass doesn’t teach basic Microsoft Entra ID administration, but because of the hands-on nature of the training, you can come to this class with no prior knowledge of Microsoft Entra ID. You will pick up the basics as we focus on the more challenging topics.

Pre-requisites

To gain the maximum from the Masterclass, you will need hands-on system administrator skills. For example, you will need to know how to:

  • Create and manage groups, OUs, and group policies in an on-premises AD
  • Perform basic server/DC troubleshooting (for example check if a service is running, and restart it)
  • Add a DNS record
  • Add a URL to a browser’s Intranet zone

five star rated technical training from Oxford Computer TrainingSee the course outline tab above for exactly what you’ll learn. See the refunds and cancellation policy for this Masterclass.

Training outcomes

At the end of the course, you will:

  • Understand how the identity solutions offered by Microsoft Entra ID, on-premises AD FS, and AD can help you build identity systems for the future using protocols that include OpenID Connect and OAuth 2.0
  • Know how to authenticate and provide authorization factors to applications that can be located on-premises or in the cloud. The source of identity of the users could be from your own corporate network, your Microsoft Entra ID domain, a partner organization, and/or a social identity provider such as Facebook or Google.

Post-course, you’ll have:

  • A pdf of the hands-on manual and slides used during the Masterclass
  • 60 days’ access (from the first day of the Masterclass) to 37 hands-on labs in a cloud-based virtual environment

About John Craddock

Microsoft’s Alex Simons, Corporate Vice President PM, Microsoft Identity Division, says:

John is one of the greatest identity educators on the planet. There’s no better person to learn from!

John Craddock is a Microsoft MVP (Most Valuable Professional) and has been involved in Microsoft solutions since the early days of Windows and Windows NT. John spoke on Active Directory at the Windows 2000 launch events and has focused on identity solutions since the first release of AD FS for Windows Server 2003.

He is an identity and security architect and has been involved in many IT projects for industry leaders including Microsoft, the UK Government, and multi-nationals. He is a well-known international speaker and has delivered this Masterclass to professionals throughout the world.

Ask us about John Craddock's Identity Masterclass

Live instructor-led training via Zoom.

Day 1

After a comprehensive introduction to today’s identity challenges and solutions, you will learn the details of the authentication protocols. This in-depth coverage of the protocols will allow you to troubleshoot any problems you may encounter when deploying solutions. As we go through the hands-on labs, you will be expected to troubleshoot any issues you may encounter during the Masterclass. Of course, John will be there if you need help.

Day 1 hands-on labs include:

  • Creating an Microsoft Entra ID
  • Capturing and analyzing HTTP/HTTPS sessions using Fiddler
  • Enabling Kerberos on a website
  • Troubleshooting Kerberos network traffic using Wireshark
  • Tracing the WS-federation protocol

Day 2

After completing our investigation of the protocols, you will learn how to configure Microsoft Entra ID to meet your requirements. You’ll discover how to manage Microsoft Entra ID through the Azure Portal, using PowerShell and the GraphAPIs. After adding custom domains and branding to Microsoft Entra ID, you will see how to enhance security and the user experience using self-service password resets and MFA.

Day 2 hands-on labs include:

  • Investigating OpenID Connect
  • Adding custom domains to Microsoft Entra ID
  • Managing Microsoft Entra ID with PowerShell
  • Using Graph Explorer
  • Self-service password resets
  • Enabling Multi-Factor Authentication

Day 3

You will start the day by deploying Microsoft Entra Connect to synchronize on-premises AD users to Microsoft Entra ID. We will then investigate pass-through authentication and the new SSO capabilities provided by Microsoft Entra Connect. You will learn about the SSO capabilities of Windows 10 when it is joined to Microsoft Entra ID and how Windows Hello, the authenticator app, and FIDO 2 keys can eliminate the need for passwords.

At this stage, you will have created a reliable identity infrastructure, and now it’s time to make applications available to our users.

You will start by deploying a SaaS app to your users; configuring groups, assignments, and self-service application management. You will then learn how to register your own applications into Microsoft Entra ID.

Day 3 hands-on labs include:

  • Installing and configuring synchronization with Microsoft Entra Connect
  • Investigating pass-through authentication and SSO
  • Working with SaaS applications
  • Self-service application management
  • Configuring a WS-Federation App with Microsoft Entra ID

Day 4

The day starts with configuring an Open ID Connect / OAuth 2.0 app. We then dive deeper into the application model and learn about managing permissions, roles, groups, delegation, APIs, and consent. You will discover how to turn your application into a multi-tenant app and make it available to all users from all Microsoft Entra ID tenants.

Day 4 hands-on labs include:

  • Configuring an Open ID Connect / OAuth 2.0 app with Microsoft Entra ID
  • Managing permission roles and groups
  • Defining WebAPI permissions
  • Investigating consent
  • Deploying a V2 app and testing consent
  • Multi-tenant applications

Day 5

The day starts with configuring the Microsoft Entra ID application proxy to publish both claims and Windows auth applications using Kerberos-constrained delegation. We will then look at the features offered by on-premises AD FS and how they can integrate with Microsoft Entra ID. The labs support three optional hands-on with AD FS, however, due to time constraints these will need to be done outside of class hours. We will stretch our boundaries and see how Microsoft Entra ID can open access to consumers (B2C) and businesses (B2B).

Day 5 hands-on labs include:

  • Publishing applications using the Microsoft Entra ID Application Proxy
  • Enabling Windows Authentication via Kerberos Constrained Delegation
  • Optional to be done outside class hours
    • Configuring AD FS
    • Enabling Federated SSO
    • Installing and configuring an OpenID Connect app on AD FS
  • Multi-tenant versus federated applications
  • Managing B2B invitations and guest users
  • Taking over an unmanaged tenant

Discover why John Craddock’s Microsoft Identity Masterclass is so highly recommended by students:

To attend the Masterclass, you need to be a confident IT administrator with a thirst for knowledge. The Masterclass doesn’t teach basic Microsoft Entra ID administration, but because of the extensive hands-on, you can come to this class with no prior knowledge of Microsoft Entra ID. You will pick up the basics as we focus on the more challenging topics.

To gain the maximum from this class and the hands-on labs, you will need hands-on system administrator skills. For example, you will need to know how to:

  • Create and manage groups, OUs, and group policies in an on-premises AD

  • Perform basic server/DC troubleshooting (for example check if a service is running, and restart it)

  • Add a DNS record

  • Add a URL to a browser’s Intranet zone