Designing for Azure Identity Management
Azure AD Overview
Advanced Azure AD Identity Topics
Self-Service Password Reset
The course is part of these learning paths
This Designing for Azure Identity Management course will guide you through the theory and practice of recognizing, implementing, and deploying the services on offer within your enterprise. Learn how to better the protection of your organization by designing advanced identity management solutions. Recommended for those who already have some experience with the subject, this course is comprised of 24 lectures, including demos, and expertly instructed by one of our MS Azure subject matter experts.
- Study and understand what Azure AD Domain Services do and what they can offer
- Learn to create and manage hybrid identities via Azure AD Connect
- Understand the principles of Azure MFA and SSO, and how to enable them
- Recognize and deploy the key principles of Azure AD B2B and B2C
- Learn and utilize Privileged Identity Management
This course is intended for:
- IT professionals who are interested in getting certified with MS Azure
- Those looking to become Azure architects and/or tasked with designing identity management solutions
- A mid-range knowledge of MS Azure is recommended before starting this course
- An understanding of identity management concepts
Related Training Content
For more courses related to MS Azure, visit our dedicated Content Training Library.
Hello and welcome back! In this brief demonstration, I just wanted to walk you through the process of managing users and groups within Azure Active Directory. Now on the screen here, you can see I'm logged into my Azure Portal for the directory called Test9878.org. This is the custom domain I'm using for my Azure AD here.
Now to get to this screen from Azure, what I'll do here is I'll bounce back out to my homepage and here's the homepage. To get into Azure AD, I can simply select Azure Active Directory from the top here, or I can go to the hamburger and select Azure Active Directory.
So from this overview page, I can browse to lots of different pieces of Azure AD. Under the manage section is where I'll manage my users and groups along with devices, app registrations, all of this fun stuff where you'll do your day to day management of your Azure Active Directory. Down the bottom is where you'll perform your monitoring. And then down at the very bottom, you'll do your troubleshooting and support.
So from this page, let's go ahead and create a user in Azure Active Directory. And to do that, it's pretty straight forward. We simply select users here. And from this screen, we can see all of the existing users in our AD.
We can see, we have two accounts here. One is an admin in the actual Azure Active Directory as shown here under source. The ThomasMitchell.net account is actually an external Azure Active Directory account from another directory.
What we're going to do here is create a new user and we'll just call this Dave. And in this dropdown we can select the actual domain name we want to use, we're using the custom domain, so we'll leave it at Test9878.org and we'll give our username. And then we have the option to auto-generate a password or create one, we'll leave the auto-generate here. And this will show us what the password is.
We can then provide that password to the new user. I would not send this out via any kind of electronic methods when possible. That's obviously a security risk. As we create our user, we can then select a group to add our user to. So we'll go ahead and make him a user within our box users group.
This is actually a group I created earlier for some other demonstration. So we'll go ahead and we'll select him. So now what we're doing here is creating our Dave@Test9878.org, we're auto generating a password and we're placing this new user in the box users group.
The block sign in is pretty self explanatory. We can either block sign in by selecting yes or allow sign-ins by leaving the no option selected here. And then we have some additional info we can add. We can add a job title in a department.
We can also specify the usage location. So we'll go ahead and we'll select United States down here. And we'll go ahead and create the user. And at this point, we now have a new user in our directory. If we select our user from our list, we can then look at the user's profile, which includes his identity, his job information, any kind of special settings, contact info. This is where we manage this information as far as the profile goes.
We can then go into assigned roles where we can actually look at any roles that have been assigned to this user. And we can add assignments. You can see all of the different directory roles here that are included by default.
Now we can also see, we can assign custom roles, but if you look at the little icon up here, it tells us that if we want to assign custom roles to a user, the organization needs Azure AD Premium P1 or P2. I'm using the free Azure edition right now. But if he wanted to make, you know, Dave an application administrator, we simply check the box and add the role. And now we can see under assigned roles for Dave, we have application administrator, and of course the description tells us what an application administrator can do.
If we want to remove this assignment for this user, we select the assignment and remove it. Now, if we go back out to our directory, let's take a look at groups and how we can manage groups here. By selecting groups, we can look at what groups are currently defined within our Azure AD.
If we want to create a new group, we simply select a new group and we can choose whether it's a security group or an office 365 group. We'll leave this at security and we'll just call this marketing. And we'll give it a description. We can see, we currently have no owners or members defined for this group.
So we'll go ahead and select an owner. We'll just make myself an owner here. And then we'll add a new member. Let's go ahead and add Dave. And then we create it. So now we have a new group called marketing. It's a security group and the membership type here is assigned, which means we're going to manually add and remove users from this group. So we'll go ahead and select marketing here. And from here, we can look at the different properties of this group.
We can see when it was created, the membership type, whether it's a cloud sourced group and what type of group it is. We can see the different direct members and any kind of group memberships. We look at properties here. We can see here, we have the name and we can actually change it here. And the description, and then members and owners will tell us who the members are and who the owners are.
If we select group memberships here, we can see that the marketing group is not a member of any other groups. So this is where you could see group nesting. Now in this applications area, we can see what applications are assigned to our group. So if we have a group of users that needs access to a specific application, we can create that group, assign the application to that group, and then add users to that group.
Any users that get added to that group are the ones that will get access to the application. Same thing with licensing. We can assign licenses to specific groups. So whatever users get added to that group also get those licenses. And same thing for Azure roleassignments.
So that's the quick and dirty on how to create users and groups and how to manage them through the Azure Portal for Azure Active Directory. And before we run away here, let's just take a look at devices.
Now, this devices page is where you manage any devices that are joined to your Azure AD. We can see here, I have a workstation that has been joined. And if I select that workstation, I can take a look at its device ID, its object ID, and all kinds of information about this specific device. I can then even disable the device so it's no longer able to access Azure AD. We're not going to do that here, but we will bounce back to our directory.
Now from this Azure Active Directory overview page, you can also manage password resets, manage Azure AD connect. You can take a look at the provisioning status. You can manage your custom domain names, even managed company branding. So there's a lot you can do from your Azure Active Directory page here. And this is where all of your management will happen.
All of your users, all of your groups, all of your devices, all of your branding, all of your domains, all this stuff is done right here from this Azure Active Directory page. So I really recommend that you go in and you play around in here and kind of learn what you can do and do some experimentation because you really want to try to get some stick time to get a real good understanding of all of the different features in Azure Active Directory.
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.