The course is part of these learning pathsSee 3 more
Designing for Azure Identity Management
Azure AD Overview
Advanced Azure AD Identity Topics
Self-Service Password Reset
This Designing for Azure Identity Management course will guide you through the theory and practice of recognizing, implementing, and deploying the services on offer within your enterprise. Learn how to better the protection of your organization by designing advanced identity management solutions. Recommended for those who already have some experience with the subject, this course is comprised of 24 lectures, including demos, and expertly instructed by one of our MS Azure subject matter experts.
- Study and understand what Azure AD Domain Services do and what they can offer
- Learn to create and manage hybrid identities via Azure AD Connect
- Understand the principles of Azure MFA and SSO, and how to enable them
- Recognize and deploy the key principles of Azure AD B2B and B2C
- Learn and utilize Privileged Identity Management
This course is intended for:
- IT professionals who are interested in getting certified with MS Azure
- Those looking to become Azure architects and/or tasked with designing identity management solutions
- A mid-range knowledge of MS Azure is recommended before starting this course
- An understanding of identity management concepts
Related Training Content
For more courses related to MS Azure, visit our dedicated Content Training Library.
About the Author
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.
Microsoft's Azure Active Directory is a cloud-based identity and access management service. With it, users can sign in and access external resources such as Office 365, the Azure portal, and other software as a service applications. Azure AD, of course, also allows users to access internal resources as well. Such resources include applications inside the corporate network and on the internet along with cloud applications that have been developed and deployed by your organization. Azure AD is used to control access to applications and resources according to business requirements. For example, Azure AD can be configured to require multi-factor authentication or MFA when a user needs access to important company resources. In addition, Azure AD can be used to automate user provisioning between an existing on-prem Windows server AD and corporate cloud applications like Office 365. With Azure AD, organizations have access to tools that can used to automatically help protect user identities and credentials which allows them to meet access governance requirements. Microsoft Online services like Office 365 and Microsoft Azure leverage Azure AD for sign-in and for identity protection. As such, an organization that subscribes to any of the Microsoft Online business services automatically gets at least the free version of Azure AD along with those services.
Adding paid services to a tenant can enhance an Azure AD implementation. Such paid services include Azure Active Directory Basic, Azure Active Directory Premium 1, and Azure Active Directory Premium 2. These Azure AD paid licenses ride on top of an existing free directory, and they can provide additional services such as self-service, security reporting, enhanced monitoring, and secure access for mobile users. One thing to note, however, is that while all of these added features can add cool functionality and security, Azure Active Directory Basic, Azure Active Directory Premium 1, and Azure Active Directory Premium 2 are not currently supported in China. The free version of Azure Active Directory offers basic user and group management functionality and on-prem directory synchronization. It also offers basic reporting and single sign-on or SSO across Office 365, Microsoft Azure, and many popular SaaS applications. In addition to the free features available in the Azure AD Free version, Azure AD Basic provides cloud-centric application access as well as group-based access management. Other features included with the Basic version include self-service password reset for cloud apps and Azure AD Application Proxy which is a feature that allows you to publish on-prem web applications using Azure AD. Azure Active Directory Premium P1 offers quite a bit more than either Free or Basic. In addition to what those versions offer, Azure AD Premium P1 offers hybrid users access to both on-prem and cloud resources. Premium P1 also supports advanced administration tasks like self-service group management, dynamic groups, and it even integrates with Microsoft Identity Manager or MIM. Microsoft Identity Manager is an advanced, on-prem identity and access management solution.
Azure AD Premium P1 also offers cloud write-back capabilities which are used to allow self-service password reset for your on-prem users. Azure Active Directory Premium P2 builds upon what is offered in the P1 edition by offering everything included in the Free, Basic, and P1 versions plus Azure Active Directory Identity Protection which helps provide risk-based conditional access to applications and critical company data. Azure AD Premium P2 also offers Privileged Identity Management or PIM which is useful for discovering, restricting, and monitoring administrators as well as their access to corporate resources. Privileged Identity Management also provides just-in-time access when it's needed, meaning access to resources can be limited to only those times when it's required and then be taken away automatically when the access is no longer needed. Other pay-as-you-go feature licenses such as Azure AD Business-to-Consumer are also available to assist with identity management. Azure AD B2C as it's called helps provide identity and access management solutions for customer-facing applications.