Designing for Azure Identity Management
Azure AD Overview
Advanced Azure AD Identity Topics
Self-Service Password Reset
The course is part of these learning paths
This Designing for Azure Identity Management course will guide you through the theory and practice of recognizing, implementing, and deploying the services on offer within your enterprise. Learn how to better the protection of your organization by designing advanced identity management solutions. Recommended for those who already have some experience with the subject, this course is comprised of 24 lectures, including demos, and expertly instructed by one of our MS Azure subject matter experts.
- Study and understand what Azure AD Domain Services do and what they can offer
- Learn to create and manage hybrid identities via Azure AD Connect
- Understand the principles of Azure MFA and SSO, and how to enable them
- Recognize and deploy the key principles of Azure AD B2B and B2C
- Learn and utilize Privileged Identity Management
This course is intended for:
- IT professionals who are interested in getting certified with MS Azure
- Those looking to become Azure architects and/or tasked with designing identity management solutions
- A mid-range knowledge of MS Azure is recommended before starting this course
- An understanding of identity management concepts
Related Training Content
For more courses related to MS Azure, visit our dedicated Content Training Library.
In this demonstration, we're going to deploy Azure AD Connect so we can sync our on-prem active directory users to Azure AD. We are also going to need to ensure that we synchronize NTLM and Kerberos credential hashes to Azure AD, since this isn't done by default. To get started, login to the server that will run Azure AD Connect and download the Azure AD Connect software. Launch the Azure AD Connect installer that you downloaded. Because our lab environment in a single forest with an internet routable domain name, we can use the express option.
When prompted, we'll connect to Azure AD by providing our global admin credentials. And then, we can then connect to the on-prem AD by providing an enterprise admin credential. Clicking install begins the setup of Azure AD Connect. When the installation completes, click Exit. Because Azure AD Connect does not by default synchronize NTLM and Kerberos credential hashes to Azure AD, we must ensure that these hashes get synchronized if we want to use Azure AD Domain Services. To enable synchronization of the required credential hashes from your on-premises directory to the Azure AD tenant, run the script that you see on your screen:
$adConnector = "<CASE SENSITIVE AD DS CONNECTOR NAME>"
$azureadConnector = "<CASE SENSITIVE AZURE AD CONNECTOR NAME>"
Import-Module -Name "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync"
$c = Get-ADSyncConnector -Name $adConnector
$p = New-Object Microsoft.IdentityManagement.PowerShell.ObjectModel.ConfigurationParameter "Microsoft.Synchronize.ForceFullPasswordSync", String, ConnectorGlobal, $null, $null, $null
$p.Value = 1
$c = Add-ADSyncConnector -Connector $c
Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $azureadConnector -Enable $false
Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $azureadConnector -Enable $true
What this script will do is enable all on-premises users' NTLM and Kerberos password hashes to be synchronized to the Azure AD tenant. This script will also initiate a full synchronization in Azure AD Connect.
The values for $adconnector and $azureadconnector variables can be found in the Azure AD Connect synchronization service manager. What I've done is create a PowerShell script called NTLMSync.ps1. This script includes all of these commands. I just need to open PowerShell on the Azure AD Connect server to run the script. The output tells me that the password hash sync configuration has been updated.
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.