Description
Azure Active Directory – Implementing Secure Cloud Hybrid Identity Training Course (A630)
COURSE OVERVIEW
Who is our Azure Active Directory course for?
Our Azure AD course is designed for IT support staff, IT consultants and architects, pre-sales technical support staff, tech-savvy business decision-makers and department heads who:
- Need to know how to configure and implement AD Connect and Azure AD Premium for cloud hybrid identity, and manage secure access to data
- Have some basic understanding of admin tasks such as:
- creating users in Active Directory
- using simple commands in a command or PowerShell prompt
Attendees should have some knowledge of Microsoft Active Directory, Exchange, IIS, and SharePoint and a good grasp of general Windows concepts, including authentication and authorization, shares and permissions.
This exceptionally practical training comprises presentations, discussions, demonstrations, and a lot of hands-on exercises.
The hands-on labs – which are crucial to a proper understanding of the topics covered – have been made as realistic as possible. So for example, students will buy a real domain, and fully implement EM+S/O365 with public email, and real certificates for Single Sign-on. Students may keep this sandbox environment for future use.
The labs are complex and reflect issues you will have in the real world – you will have to diagnose and fix some deliberate configuration problems – it’s extremely worthwhile!
“This was, by FAR, the best training I’ve received in years! I loved how ‘lab heavy’ the course was. I learned so much from working through the labs.”
Note that an essential part of the lab environment is that it has a real domain and real certificates and a real Microsoft Azure trial. To facilitate this students will have to provide a credit card. The total cost will not exceed £20/$30, unless you choose to continue to use the environment after the course.
Training outcomes
At the end of the course you’ll be able to:
- Configure AD Connect and Azure AD Premium to build realistic scenarios
- Synchronize on premises AD information with (cloud) Azure AD using AD Connect, including users, their passwords, and groups/distribution lists
- Manage access to applications, services and data using static, dynamic and self-service groups
- Configure self-service password reset
- Implement multi-factor authentication to protect key accounts, and step-up authentication for sensitive applications
- Implement additional Azure AD security features such as identity protection, and information protection
COURSE OUTLINE
Delegates on this course will learn about the products and their features through lectures, discussion, and hands-on labs. The hands-on labs are crucial to a proper understanding of the topics covered and have been designed to be as realistic as possible. So for example, students will buy a real domain, and fully implement Azure/O365 with public email, and a real certificate for Single Sign-On (SSO).
Trial subscriptions and licenses for AAD, EM+S and O365 are used during the course, with the ‘on premises’ aspect of the environment implemented using Azure VMs within the Azure trial subscription. If delegates wish to keep the environment as their own sandbox for future use (and we think they should!), then the trial subscription can later be made into a Pay As You Go subscription. Students will be expected to provide a credit card to secure a domain, certificates, and trial subscription – but this will only involve minor charges (about $30).
Over three full and busy days students will learn:
- AADP – what is it, how to get it, scenarios, licensing
- Obtaining a public domain, setting up Azure AD
- Creating and managing virtual machines in Azure AD
- Setting up an O365 tenant and licensing users
- Requesting, purchasing and implementing certificates
- Hybrid on-boarding – options for using AD Connect to
- synchronize AD and Azure AD
- Company branding of Azure AD
- Group management
- Administrating groups
- Dynamic groups
- Group self-service, with approvals
- Controlling application access
- Controlling licensing
- Application integration
- SaaS applications (password vaulting, SSO, SSO with outbound provision, Inbound provisioning)
- Line of business applications
- The Azure AD Application proxy
- Step-up multi-factor authentication (MFA)
- The integrated user experience
- AADP advanced reporting
- Privileged identity management (just in time and just enough
- administration, and MFA)
- Self-service password reset
- Identity Protection
- Enable Identity Protection
- Generate risk data
- Use manual risk mitigation
- Configure automatic risk mitigation
- Consideration of various approaches to SSO
