Start course
1h 41m

This Designing for Azure Identity Management course will guide you through the theory and practice of recognizing, implementing, and deploying the services on offer within your enterprise. Learn how to better the protection of your organization by designing advanced identity management solutions. Recommended for those who already have some experience with the subject, this course is comprised of 24 lectures, including demos, and expertly instructed by one of our MS Azure subject matter experts.

Learning Objectives

  • Study and understand what Azure AD Domain Services do and what they can offer
  • Learn to create and manage hybrid identities via Azure AD Connect 
  • Understand the principles of Azure MFA and SSO, and how to enable them
  • Recognize and deploy the key principles of Azure AD B2B and B2C 
  • Learn and utilize Privileged Identity Management

Intended Audience

This course is intended for:

  • IT professionals who are interested in getting certified with MS Azure
  • Those looking to become Azure architects and/or tasked with designing identity management solutions


  • A mid-range knowledge of MS Azure is recommended before starting this course
  • An understanding of identity management concepts

Related Training Content

For more courses related to MS Azure, visit our dedicated Content Training Library.





We've covered quite a bit of ground in this course. With so many terms and features to keep track of, it's critical to be able to distinguish them from one another and understand what each does. By understanding what each identity management piece does, it becomes far easier to design an identity management solution. With that said, let's walk through a high-level recap of all of the key players in the identity management space and what each offers. Microsoft's Azure Active Directory is a cloud-based identity and access management service. With it, users can sign in and access external resources, such as Office 365, the Azure portal, and other SaaS applications. Azure AD is used to control access to applications and resources according to business requirements. A hybrid identity is an identity that spans on-prem and cloud-based capabilities. Leveraging hybrid identities allows an organization to create a common user identity for authentication and authorization to all resources, regardless of whether they are on-prem or in the cloud. Azure AD Domain Services is a Microsoft cloud-based offering that provides managed domain services, such as domain join, group policy, LDAP, and Kerberos and NTLM authentication. These services are fully compatible with traditional on-prem Active Directory and they can be deployed without any need for deployment or management of domain controllers in the cloud. Single sign-on, also referred to as SSO, allows users to sign in once with one account in order to access domain-joined devices, corporate resources, software as a service apps, and even web applications. 

After signing in, users can then launch apps right from the O365 portal or via the MyApps access panel. With single sign-on, IT administrators can centralize user account management, allowing them to automatically add or remove user access to applications, based on group membership. Also known as MFA, multi-factor authentication works by requiring two or more authentication methods, which typically include something like a password that the user knows, something the user owns, which is typically a mobile phone, and/or something the user is, biometrics would be a good example. Azure MFA offers the ability to safeguard access to applications and data while maintaining a simple end-user experience. Azure Active Directory Business-to-Business collaboration, also known as AD B2B, allows an organization to securely share company applications and services with guest users from other organizations, while retaining control over company data. Azure Active Directory Business-to-Consumer, also known as Azure AD B2C, is an identity management service that offers organizations the ability to customize and control how customers interact with corporate applications. It allows organizations to control how users sign up, sign in, and how they manage their profiles when using the applications. Azure AD B2C enables this functionality while also protecting customer identities. Azure Active Directory Privileged Identity Management, also known as PIM, is an Azure offering that allows you to manage and control access to resources within Azure and Azure AD, as well as within other services such as Intune and Office 365. Self-Service Password Reset, also known an SSPR, allows end users to reset forgotten passwords without the need for a call to the helpdesk. It's a feature that many organizations request, as it helps provide a more streamlined and pleasant end-user experience.

Depending on the SSPR functionality that is required, license requirements may vary. Through self-service group membership, Azure AD offers the ability for users to create and manage their own security groups and Office 365 groups. In addition, users can also request security group memberships as well as Office 365 group memberships. In such cases, the owner of such groups can approve or deny their membership. Managed Identities for Azure Resources provides supported Azure services with an automatically managed identity in Azure AD that can be used to authenticate to any service that supports Azure AD authentication without the need to store any credentials in code. Key Vault is one of the Azure services that is supported. Managed Identities for Azure Resources is a free feature that comes with all Azure AD editions. So, like I said, lots of terms. To learn more about each feature, you can, and should, read Microsoft's published documentation on each. Be sure to also watch for new Microsoft Azure courses on Cloud Academy, because we're always publishing new ones. Please give this course a rating, and if you have any questions or comments, please let us know. Thanks for watching and happy learning!

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.