Microsoft Identity Solutions with Azure Active Directory, on-premises AD FS and AD
Who is the Microsoft Identity Masterclass with John Craddock for?
This 5-day Identity Masterclass with John Craddock is for those who wish to learn how identity solutions offered by Azure Active Directory, on-premises AD FS and AD can help you build identity systems for the future.
If you are new to Azure AD, note that we go quickly through the basics and dive-deep into the details. So to gain the maximum from this class and the hands-on labs, you will need to have basic computer administrator’s skills. For example, you will need to know how to:
Create groups, OUs and group policies in on-premises AD
Check if a service is running
Add a DNS record
Add an URL to the browsers Intranet zone
What will I learn?
The Identity Masterclass dives deep into:
Authentication protocols and associated trouble-shooting
Managing Azure AD using the portals, PowerShell and graph APIs
Hybrid considerations including web app proxy, pass-through authentication and AD FS
Working with SaaS, WS-federation, OAuth2.0 apps, and supporting WIA apps in a claims environment
Enabling B2B and B2C
Application developers who are tasked with integrating authentication and authorization with Microsoft Azure and/or on-premises AD FS will greatly benefit from the detailed coverage. Code development is not included in the class, but you will learn about all of the configuration requirements.
PLEASE NOTE: The Masterclass can only be attended in person in the classroom. We find that attendees prefer to work with their own laptop (this is partly so that any necessary configuration changes are available after the course), but we can provide a PC if you would rather not.
John Craddock’s Identity Masterclass is a high-energy, action-packed event, crammed with solid information and tips. Over 5 days, John will help build your knowledge and consolidate your new skills with over 37 hands-on labs.
Through the extensive use of hands-on labs, attendees will learn fundamentals and principles, and how to deploy and troubleshoot solutions. In-depth knowledge will be gained through the use of tools such as Fiddler, to analyze and understand the protocol flows.
The hands-on labs are all run in a cloud-based virtual environment that will be available to you for 60 days after the course is completed. This will allow you to do the labs again and test out other ideas.
At the end of the course you will:
Understand how the identity solutions offered by Azure Active Directory, on-premises AD FS and AD can help you build identity systems for the future using protocols that include OpenID Connect and OAuth 2.0
Know how to authenticate and provide authorization factors to applications that can be located on-premises or in the cloud. The source of identity of the users could be from your own corporate network, your Azure AD domain, a partner organization and/or a social identity provider such as Facebook or Google.
See the course outline for detail!
About John Craddock
John Craddock is a Microsoft MVP (Most Valuable Professional) and has been involved in Microsoft solutions since the early days of Windows and Windows NT. John spoke on Active Directory at the Windows 2000 launch events and has focused on identity solutions since the first release of AD FS for Windows Server 2003.
He is an identity and security architect and has been involved in many IT projects for industry leaders including Microsoft, the UK Government and multi-nationals. He is a well-known international speaker, and has delivered this Masterclass to professionals throughout the world.
Here’s what delegates on the Masterclass which took place in Oxford in November 2017 thought about it:
After a comprehensive introduction to today’s identity challenges and solutions you will learn the details of the authentication protocols. This in-depth coverage of the protocols will allow you troubleshoot any problems you may encounter when deploying solutions. As we go through the hands-on labs you will be expected to troubleshoot any problems you may encounter.
Day 1 hands-on labs include:
Creating an Azure Active Directory
Capturing and analysing HTTP/HTTPS sessions using Fiddler
Enabling Kerberos on a website
Troubleshooting Kerberos network traffic using Wireshark
Tracing the WS-federation protocol
After completing our investigation of the protocols, you will learn how to configure the Azure Active Directory to meet your requirements. You’ll discover how to manage the Azure AD through the Azure Portal, using PowerShell and the GraphAPIs. After adding custom domains and branding to your Azure AD, you will see how to enhance security and the user experience using role based access control, self-service password resets, MFA and Azure AD Identity Protection.
Day 2 hands-on labs include:
Investigating OpenID Connect
Adding custom domains to Azure AD
Branding your portal
Managing Azure AD with PowerShell
Using Graph Explorer
Scoped role based access control
Self-service password resets
Enabling Multi-Factor Authentication
You will start the day by deploying Azure AD Connect to synchronize on-premises AD users to Azure AD. We will then investigate pass-through authentication and the new SSO capabilities provided by Azure AD Connect. You will learn about the SSO capabilities of Windows 10 when it is joined to Azure AD and how Windows Hello can eliminate the need for passwords.
At this stage, we have a solid identity infrastructure and now it’s time to make applications available to our users.
You will start by deploying a SaaS app to your users; configuring groups, assignments and self-service application management. You will then deploy your own applications into Azure AD using both WS-Federation and OpenID Connect / Oauth2.0.
Day 3 hands-on labs include:
Installing and configuring synchronization with Azure AD Connect
Investigating pass-through authentication
Working with SaaS applications
Self-service application management
Configuring a WS-Federation App with Azure AD
Configuring an Open ID Connect / OAuth 2.0 app with Azure AD
The day start by diving deeper into the application model and learning about managing permissions, roles, groups, delegation and consent. You will discover how to turn your application into a multi-tenant app and make it available to all users from all Azure AD tenants. You will the go on to work with the Azure AD Application Proxy to publish applications to the Internet. We will end the day by configuring AD FS and the Web Application Proxy on Server 2016.
Day 4 hands-on labs include:
Managing permission roles and groups
Defining WebAPI permissions
Publishing a claims-aware application with the Azure AD application proxy
Publishing an application using Windows Authentication via Kerberos Constrained Delegation
Configuring AD FS and the WAP
As we now have AD FS operational, the day starts by using Azure AD Connect to establish federated SSO for our on-premises AD users. You will then learn about managing AD FS claims and how to configure an OpenID Connect /OAuth 2.0 application to work with Azure AD. We will then stretch our boundaries and see how Azure AD can open access to consumers (B2C) and businesses (B2B).
Day 5 hands-on labs include:
Enabling Federated SSO
Installing and configuring an OpenID Connect app on AD FS
Managing claims AD FS claims rules
Creating a B2C directory
Multi-tenant versus federated applications
Managing B2B invitations and guest users
Taking over an unmanaged tenant
I thought it was a good course that required you to think and not just follow the steps in the book. John did a really good job of explaining the material and was quick to help when I hit a spot that caused me confusion. Labs we very helpful to understand the course material.
Randy C, Identity Manager, USA Attended Identity Masterclass with John Craddock, 2018
Absolutely brilliant course! Learning the subject from John Craddock himself was a very enriching experience. I gained valuable knowledge of Azure AD and related technologies. The best way to learn.
John is a mountain of knowledge when it comes to Azure AD, Authentication, MFA, SSO, etc. He has a very pleasing personality and is a very helpful teacher.
Asif R, Senior Solutions Architect, Kuwait Attended Identity Masterclass with John Craddock, 2017
The integration of tools and troubleshooting into the course really helps. The reasoning and mechanics did not take a back seat to the lab (how to) portions. The course touched on a lot of elements of Azure that are extremely relevant to my work in Azure, and had deep dives that really helps in discussions. Well put together, requires you to think more than other lab manuals.
Aaron H, Identity Management Engineer, USA Attended Identity Masterclass with John Craddock, 2018