Designing for Azure Identity Management
Azure AD Overview
Advanced Azure AD Identity Topics
Self-Service Password Reset
The course is part of these learning pathsSee 7 more
This Designing for Azure Identity Management course will guide you through the theory and practice of recognizing, implementing, and deploying the services on offer within your enterprise. Learn how to better the protection of your organization by designing advanced identity management solutions. Recommended for those who already have some experience with the subject, this course is comprised of 24 lectures, including demos, and expertly instructed by one of our MS Azure subject matter experts.
- Study and understand what Azure AD Domain Services do and what they can offer
- Learn to create and manage hybrid identities via Azure AD Connect
- Understand the principles of Azure MFA and SSO, and how to enable them
- Recognize and deploy the key principles of Azure AD B2B and B2C
- Learn and utilize Privileged Identity Management
This course is intended for:
- IT professionals who are interested in getting certified with MS Azure
- Those looking to become Azure architects and/or tasked with designing identity management solutions
- A mid-range knowledge of MS Azure is recommended before starting this course
- An understanding of identity management concepts
Related Training Content
For more courses related to MS Azure, visit our dedicated Content Training Library.
Enabling self-service password for end users take a huge burden off of the shoulders of the help desk. In this demonstration, we will enable self-service password reset, and test that it's working with a test account. Before enabling self-service password reset, make sure that password writeback is turned on in Azure AD Connect. To do this, launch Azure AD Connect on the server running it. Click configure and then view the current configuration. If its disabled, relaunch Azure AD Connect, click configure, and then select customize synchronization options. Provide the global admin account to connect to Azure AD. Click next to leave the directories and domain and ou filtering options unchanged. Under optional features, check the password writeback box and click Next. Click Configure to update the configuration and then click Exit. After turning on password writeback, switch over to the Azure portal and then browse to Azure active directory. From here, click Password Reset. For this demonstration, I'm going to enable password reset for all of my users so I'm going to click All, and then save. After enabling password reset, click on Authentication methods and select the authentication methods you wish to make available, along with how many are required to set a password.
This is obviously going to be different for every environment. If you select the security questions option, you'll be presented with more info to supply. We aren't using security questions here, so I'll turn this off. For this demonstration, I'm going to make mobile phone available as the only option. After clicking Save, I'm going to click on registration. I'm asked if I want to require users to register when signing in. I'm going to leave the default value set to yes. I'm also going to leave the window set to the default of 180 days. Clicking notifications allows me to set the notification options for when a user resets a password. I'm going to set both options here to yes. this ensures users receive a notification when they reset their passwords, but it also ensures that all administrators are notified when another administrator resets his password. In the customization pane, I can provide a customized helpdesk link for users to visit if they need assistance. I don't have helpdesk here in the lab, so I'm going to leave this off for this demonstration. When I click on the on-premises integration link, Azure confirms that the on-prem writeback client is running and allows me to determine if I want passwords to writeback to on-prem AD. I need to leave this set to yes. The second option designates whether or not users should be given the option to unlock their accounts without resetting their passwords.
I'm going to leave this set to no for this demonstration. With password reset enabled, we can now test it. To test self-service password reset, open an incognito browser window and launch the single sign on setup process with a test account. In my case here, we previously enabled MFA so let me get through the authentication process here first. As you can see here, I'm prompted to to work through the process of setting up self service password reset for my account. Once I've completed the self service password reset setup, I'm presented with my application dashboard. To reset my password, I need to open the password reset URL in my browser. The password reset URL is https://aka.ms/sspr. On the next screen, I'm prompted to begin the reset process. I just have to provide my user ID and I need to complete the captcha. Clicking Next takes me to the verification screen, where I can request a code via mobile phone. After I click the Text button, I receive a code on my phone that I need to enter. After providing my verification code and clicking Next, I'm then prompted to create a new password. Clicking Finish completes the process.
About the Author
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.