Azure Active Directory - The Ultimate Beginners Guide
Vložit
- čas přidán 29. 06. 2024
- This time I take a look at getting started with Azure Active directory. Everything from it’s architecture to setting up users, assigning licences and more. I’ll also discuss and demo how to create groups. Including the differences between security, and Microsoft 365 groups, and even how you can extend there functionality to include Microsoft Teams. Finally I’ll discuss providing users with just enough administrator (JEA) permissions to perform their tasks with RBAC or Role Based Access Control. I’ll even show you how to extend RBAC’s functionality with Azure Privileged Identity Management. This is a busy session packed with demos, so buckle up and get ready to learn.
Visit me at www.Andymalone.org
other videos mentioned
Guests & external access: • Microsoft 365 New ext...
Setting up MFA: • How to deploy Multi Fa...
Conditional Access: • Azure AD Conditional A...
Timecodes
00:00 Introductions
02:08 Azure Active Directory Intro & Architecture
05:12 Creating & Managing Users
14:48 Creating and Managing Groups in Azure AD & Microsoft 365
24:33 Understand & Managing Administrator Roles with RBAC including Working with Privileged Identity Management (PIM)
33:17 Session conclusions - Věda a technologie
Hello Andy, thank you so much for creating this kind of tutorial. Very easy to catch up even if the user has zero knowledge of the Office365 portal and Azure portal.
Thanks so much and I’m delighted to hear that
Another awesome tutorial. I'm happy I learn something new today :) Thanks and keep up!
I’m delighted to hear that and thanks 👍
Appreciate you taking the time. Good coverage!
I really appreciate, I refresh by watching again
Andy, I think this tutorial is brilliant but more so the access to information without paying thousands of pounds, you are a true gentleman and scholar, we need more people like you. Thank you so much for sharing -
Like I say it's all about the community. We all help each other :-)
Andy you are awesome. I created an Azure free account and your video really helped me get the basics down.
Great job!
Hi Andy, thanks for your time and efforts. I really appreciate it. I recently discovered your channel and really satisfied with them. I do press like button always :)
Thanks so much I really do appreciate that you’re very welcome to the channel 😊
Andy - thanks for the content. Really good way for me to learn and refresh on these topics alongside the Ms Learn materials. 👍
Awesome Ryan many thanks 😊
Thankyou so much for creating such a wonderful and beginner friendly tutorials
Glad you like them!
Hi Andy I am really happy I found your channel, thank you for the hard work you put on this.
Glad you enjoy it!
Thank you for making this video. very informative. keep it up and more power to your channel sir!
Thank you most kindly I appreciate that😊
Andy, always great content.
Fantastic tutorial, I learned SO MUCH watching this video, thanks!
Awesome thanks 👍
Thank you Andy for this wonderful demo...
You’re welcome and thank you 😊
Loving these vids andy! Thank you!
Learning more and more with your tutorials, thanks.
That’s wonderful to hear 😊
Thank you so much for these informativ videos Andy Malone, you rock!
Glad you like them!
Hearing a British guy teach keeps my focus.
Finally managed to understand the Group and PIM concept. Thank you!
Yay👍😊
Hello Andy, thanks for your video. I will use it for a job interview. Very well explained how the environment is setup
Hi Andy: I really enjoy your teaching. Thank you very much.
You’re very welcome 👍
Thank you Andy. Really useful.
Hi Andy, your videos are very useful for me, I really enjoy , thanks a lot
You’re welcome 😊
Thanks bro finally someone who isn't posting malware or fake stuff, you deserve my subscribe!
Thanks I appreciate that and welcome 😊👍
amazing Andy !
Hi Andy. I've been a subscriber since the early days. So glad the channel is growing so quickly now! Really appreciate all your video content. As an IT pro for an SMB, your guides are super helpful. If you ever fancy doing a video on setting up windows hello for business in a Hybrid Azure AD environment, that would be amazingly helpful.
Thanks so much. I'll add your request to my list 🙂
I completely 2nd this idea I have started a new job and afew of our clients are working in a hybrid enviornment would love a guide on that! love your videos and andy malone you have been a life saver over the past few years! cheers!
@@Koracoe aw thanks so much I appreciate that👍😊
Awesome video again!
Thanks again!
Thank you very much Andy
Andy Rocks.....!!!
hello Andy, Thank you for teaching new topic I never see before Azure AD i have no Idea but I will Learn more about Azure. Thanks.
You’re very welcome and thank you👍😊
Thanks mate, am from United Kingdom 🇬🇧 👍 I'm your supporter and fans, And Happy New year 🎉 ✨️.
@@TheSamale Aw thanks so much I appreciate that👍😊 Happy new year to you also⭐️🎉⭐️
thanks for this video i learned all the things i needed 😊
Glad it was helpful!
“You know nothing Jon Snow!!”
Great video as always. :)
Aye that’s right lad😂🤣
So helpful. Thank you.
Great video! Thanks
Thank you for great content.
Another awesome tutorial.
Thanks Brian, I appreciate that 👍
Hello Andy, I have come across your content today and it is great to hear you explain the basics clearly. I have a humble request for you, can you please continue these topics covering the concepts in detail rather than leaving with the basics. In general, I have trouble finding continuity in topics in you tube, unless paying for a course.
Ah well that's what life is my friend. I plan to create more and in the future I also plan to offer very low cost memberships with exclusive more in-depth content :-)
Thank you so much bro. Sending virtual hugs. Wor
Hello Sir, Thank you for creating video this tutorial.
You are most welcome
Wonderful Content
Hey Andy, Love your videos. In one of the first slides you write Identity as a service as IaaS, it should have been IDaaS ☺️
I know it was a typo but well spotted👍🤪
Thank you Andy!
My pleasure!
Props for having Captain Picard in your user list! 😄👍
Always😊
Don't forget the GOT reference! XD
Thanks for sharing the video
Thank you for this video 😊
So nice of you
Great Video!
Glad you enjoyed it
You Are The Best.
very helpful!
Thanks for these videos, Andy. Very helpful. Can I request if you plan to make a beginner's video about security controls for AD and "how to audit AD from Infosec perspective". If you already have made these, I really appreciate sharing those links. Thanks again for hearing me out here, and look forward to more learning on your channel. Have a good one!
Can I just check do you mean AD or Azure AD
@@AndyMaloneMVP that’s another confusion I always carry. Bring a person not into AD operations on daily basis, I struggle to understand the purposes of both (which is preferred in what types of scenarios, etc.), while I kind of understood the basic difference in their structure through your videos. A retail company for instance with multiple geographical locations and over 40k employees - would they prefer this AD on cloud, on prem or both? I’m going to figure this out soon in my current company which I recently joined. But to answer your question, I think learning azure AD security controls makes more sense given the current trend. Thanks a lot for considering this request.
thanks for saving my new job
I'm delighted to hear it and good luck :-)
Andy you'd better stop making these Videos. I am so hooked, i have been watching them non stop ! -;) On a more serious note, thanks for the amazing videos. You are definitely a great asset to the IT community. Thanks Man. I owe you a Heineken. ;-)
More to come! :-)
I'm a data analyst, but I'm considering taking certifications in m365 administration just because of the way Andy presents his information. Such a great teacher,
If i certify in m365 administration, how does that blend in with my data analysis career?
Thank you!
Good info.
Thanks for a good video! :)
Glad you liked it!
Excellent
Thank you sir😇
Hello Andy, Good informative video for beginners. Can you make some advanced tutorials for the Azure AD professionals.
Check out my identity playlist. Plenty of cool topics in there :-)
My lord! You are a saviour of my career. 🙏🙏🙏
You're welcome
😀😀👍
You look very much like Anthony Hopkins. Excellent tutorial btw
Well, why don't you join me for some liver beans an a nice Chianti :-D
@@AndyMaloneMVP 😂😂
Hi Andy. Great video. Could you briefly clarify the difference between a MS 365 Group and a Security Group? TY
Security groups have no collaboration features.
Thanks
Thanks for talking in a normal speed. ❤
You’re welcome 😊
Awesome as always 👏 ... below questions are bit confusing me...
What are the Main differences between the Groups in M365 ( 4 Groups). Will All four M365 groups are Sync to AAD( as AAD is only having 2 type of groups) ? Can we Assign the RBAC Roles to those M365 Groups if they sync in AAD? thanks in advance..
Tha is for the question. Hi n terms of write back here is everything you need to know. docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-group-writeback-v2#:~:text=All%20existing%20Microsoft%20365%20groups,each%20be%20enabled%20for%20writeback.
Hi Andy, Thanks for the guide! Question for you - how did you gain access to a populated test instance/tenant without breaking the bank? Would be nice to have the ability to play and learn in Azure AD.
Hi Gregory, thanks very much for your message. Indeed you don’t need to break the bank to do laps. If you visit learn.microsoft.com many of the Microsoft courses have recently introduced hands-on labs that you can use. In addition for Microsoft azure I recommend creating an outlook.com account and then registering for a 30 day free trial. At the end of it if you want to continue just create another outlook.com account and repeat the process. In terms of Microsoft 365, you can have as many trials as you want. In this way you’ll learn. The best of luck, Andy
Have you got a video ob handling generic user accounts? For companies moving from on-prem to cloud based licensing
Hi Andrew, absolutely. To be honest all the accounts that I’ve synced from active directory here are ordinary accounts. As I said in the video they come through unlicensed but they are connected to each other so you simply have to license them in Microsoft 365 and you’re good to go. But yes I can do another video again for you sometime. Thanks again.
Thanks for the video and the clarifation!! may i ask you a question, if i want to create an AD with Azure for a company with 30 employees , can we start with azure and ignore the on prem Active directory? Thnaks in advance !!
Absolutely, 100%
hey thanks for the video. when you come upon a topic which requires further explanation: e.g. watch my other video guest user (external users) vs internal users - it would be very helpful if you provide a 5-10 second overview on what it is.
otherwise it's a pain to have to watch 2-3 other video links while in the middle of watching this video. my two cents.
Thanks for sharing!
Hey Andy, I appreciate your effort in creating great actionable videos. Do you have videos to configure a third-party IDP to Azure Active Directory? I have an authentication solution, and I want it to be triggered when Azure AD's authentication is triggered. Thank you in advance for your help. Are there any prerequisites the IDP must comply with to make this happen?
Hmm nit at the moment but behind the company the tech is generally similar 👍😊
Andy, how do you define which users are allowed to create 365 groups? I heard something about a Powershell script where you can define one group which is allowed to do this. Is this right?
You can look in Azure AD - Groups - in there you find all the settings. You can ensure that only certain admin groups can create Microsoft 365 groups. Another solution is to put an expiry date on Microsoft 365 group. All of which I’ve covered in my video. Thanks again and good luck
Hi Andy, if a user’s been deleted, does the licenses that were assigned to that user becomes available again?
Ahh its okay, its there in your video. Apparently I wasnt watching very closely 😂
Question. I just signed up for Microsoft 365 Business Premium, connected my company domain, created a few users using my company domain. Is it possible to create Windows logins without using a physical local windows server?
That's the point of Azure AD. you don't need on-prem. But if you're asking me can you have both types of user. Of course, but Azure AD will not be a member of your AD Domain unless you are in Hybrid. Think about when a user / device authenticates. Who do you want to authenticate it with? On Prem AD or Azure AD. The latter has numerous benefits including better security, easier management, and of course single sign on.
@ 29:34 i am using the trial subscription of azure. Under User Administrator | Assignment | Manage i can't find settings. Is it that this is not available in the trial subscription? thank you Andy for your videos
I am using an E5 trial subscription which uses a P2. Perhaps you’re not on an E5. You can try as many subscriptions as you want. Just rung them in an in private browser.
"Everything that Johanna was - and is - has been deleted." Wow, savage D:
Andy, thanks for you videos! Was hoping you can point me in the right direction. I work for a small non profit (@40 employees). Previous IT folks set up an on prem, open source AD controller (called Zentyal). We now want to migrate up to Azure and I want to get everyone on to Azure cloud AD. I am pretty sure this old Zentyal AD won't migrate it's accounts over cleanly. So I am manually removing users from the legacy AD controller and (for now) just having them authenticate to their laptops only (with local user accounts). Is this this the right approach for getting them up to Azure AD cloud, or will I need to actually implement an on-prem MS AD controller in our office first and add them all to that? Sorry for the long question, I just cannot find anything based on our environment.
Thanks for the question. No I would join the users and devices directly to Azure AD. That will provide you with full single sign on and the ability to managed users, devices and apps via Azure AD and Intune (Endpoint Manager). For only 40 users i'd keep it simple :-)
Hi Andy, can users request for a specific role? So that we as an admin first has to approve the request.
Hi Patrick not that I’m aware off at the moment. It has to be an administrator assigned task. However, I do know that Azure AD integrates with a wide number of HR systems, so its possible that there is an integration there. You could also use power automate to create an automated request. I hope this helps and thanks for the question.👍
You can't vicariously experience sotNice tutorialng through another person, the sa way you need to try it for yourself before losing hope.
Hello Andy, do you have any presentation concerning Outlook not connecting to the Microsoft Exchange server, not connecting. I came across with past end users several times with this issue.
You need a CNAME or alias record for Exchange. if Hybrid it should point to Autodiscover.outlook.com
@@AndyMaloneMVP There were issues often related to devices not in the domain, or devices not in compliance. Thank you. I really enjoy your video training
Hi Andy, one question please
If I make the user as Shared MailBox
And I remove the license what will happen for one driver data ? It will be safe or be deleted after remove license
I’m going to make a video on this very shortly and I will personally answer your question there
@@AndyMaloneMVP Perfect 👍 waiting for u
Thx Andy
Andy, can you tell me how to get help for Office 365 A3 Education. I need to get my brand new teacher laptops on 365 and seem to be running into an error.
Gosh this is such a wide ranging question. Simply do a school and workplace join in accounts in Windows 11. Ensure you have licences uses with an EM&S or Intlune licence and you should be able to manage them in Intune. Check out my Intune videos. Good luck
I like how you're giving a guide on Azure using a mac lol
Always. It dosen't matter the where, only the how :-)
What about my on prem AD? How about talking about Azure AD Connect..
Here is where all your dreams will come true czcams.com/play/PLEgclf_4HA-gyThzlcleWZdm3A4DhIUfr.html
What is main difference bet'n ms 365 & azure Ad ?
Azure AD or Entra ID is the directory service to manage users. Microsoft 365 are the apps and features that users can use.
Shouldn't there be a way to create a customized role that has fewer permissions?
You can
Please how can I install a php script in azure
Azure is a massive platform. You’ll need to be a bit more specific than that I’m afraid.
In this video, it appears you’re doing the demo in Microsoft Edge on a Mac. Is that a thing?
Seriously Tyler, you’re asking silly questions. Does it really matter what type of computer I use? 😊
@@AndyMaloneMVP
My question might’ve been slightly off topic, and maybe even silly, but there was no need to be rude like that. I’m brand new to the MS world with a new job and had a legit question about using edge on my Mac. Happened to notice you were doing that - watching several of your videos.
Won’t bother you again.
@@tyleranderson1945 My apologies Tyler it was not my intention to be rude. I get so many comments about me, using a Mac as a Microsoft MVP that it gets to you sometimes. Again my intention was not to cause offence 😊 As I’ve said in my videos with Microsoft 365, it’s not about the device that you use. It’s about how secure your data in the cloud. Thanks again and I do value your opinion, Andy
😎😎😎😎😎😎🤠🤠🤠🤠🤠
How is this the ultimate beginner's guide when it didn't start at the beginning? How is the primary domain established and/or edited because I don't want the domain to be named after the e-mail used to created the Azure account.... any chance you could really start at the beginning?
Sure I can do that. After looking at this video, I would go and look at my DNS video, then if you look at my getting started with Microsoft 365 video beyond that I’m afraid you’ll need to pay for a course. Only then, would you get a true step by step guide I’m sure you’ll appreciate that I have to make a living 😊
Easy to understand video, yes. But so unbelievable many unskippable ads I have never seen in an video before. Must have been like 8-10 or so.
Gosh really, Sorry I have no control over that.
Why does it sound like you're saying asher?
Clean your ears 😂🤣
If you were a real Game of Thrones fan, you'd know it's Jon Snow, not John ;)
You know, nothing Jon Snow😀
Thank you. Im so lost. I just got a business subscription and this is a nightmare, specially with teams not enabling the paid version.
I completely understand, take a look at some of my Microsoft 365 playlists. I have basic sessions that I think you’ll find very useful. All the best and good luck 👍
@@AndyMaloneMVP Actually Andy, with your videos and some other tutorials I managed to understand the entire process. I already created the users, groups, AD permissions, added the authorized devices and Im even playing now with Sharepoint now. Pretty cool "package" when your brain "clicks" and get the concept of how this was ment to be used. Thanks so much for this channel. Cheers from Argentina!
Thanks