Learn Microsoft Azure Active Directory in Just 30 Mins (May 2023)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

keeping your skills up to date has never been so important and in this video I'm going to take you through everything that you need to know in order to get you up and running in Azure active directory and it's right up to date for May 2023 so are you ready [Music] foreign [Music] greetings my fellow YouTubers and welcome to Slovenia as you've noticed I'm not in my regular studio this week I'm actually on vacation but I want to talk to you about Azure active directory and I realize you know about a year ago I did a video on getting started and a lot has changed in Azure ad over that 12-month period Microsoft entra has now become the kind of overriding brand to Microsoft's identity platform and I really wanted to take you through everything that you needed to know in order to get you up and running I'm going to try and do it of course as my usual in less than 30 minutes now if you've got questions and comments about this or in fact any of my other sessions then of course just get them down below and I'll do my very best to answer those questions for you and of course if you've not subscribed well we love subscribers so bump that subscribe button up there ring that Bell and you'll be notified of any new postings and videos that I have all right so I think without any further Ado let's jump in we'll talk about some of the basics of azure ad kind of what is it how it works and then I've got some nice uh demos so first up then the theory part so taking a look at active directory versus Azure active directory I suppose this all started back in 2000 when Microsoft developed its first version of active directory it's a database and within the database you could store items in what we call organizational units and this often represented your organizational structure it could be location and such um alternatively within there of course you could then create objects such as user objects group objects and device objects and of course an object had attributes such as your first name last name email address and so on and the the key thing to note about active directory was that you were responsible for maintaining everything so I suppose if you wanted a really good analogy it would be a house so here is your average uh regular home and with a home you are responsible for the mortgage you're responsible for the maintenance of the house you're responsible for all the utilities so when we come to uh identity as a service we then look at something called Azure active directory an Azure active directory is hosted in one of Microsoft's enormous data centers and think of a data center like a modern hotel and you can compare that to a data center here now within that data center or in our hotel of course you're going to have people who look after everything or every aspect of the business in other words you pay a subscription and these nice people look after your every requirements so everything from the reception to creating accounts to looking after guests to security and everything now the key thing is um you just as long as you pay your subscription you don't need to worry about for example the upkeep of the hotel or any kind of additional costs and we can compare that here into a Microsoft data center so these data centers again you pay your subscription and Microsoft take care of the infrastructure the platform and of course the software as a service so in our data center here you can see that we have Azure active directory and it is indeed identity as a service so in this case everything is hosted throughout Microsoft's huge data center infrastructure which is uh dispersed throughout the world and as I've mentioned you are responsible for your own tenant and within your tenant you create your user objects your groups and you can also add and manage your devices as well now within the data center of course Microsoft have their responsibilities so as long as you pay your subscription they are responsible for not only the maintenance of the data center but also ensuring that your data is well protected and secured now in addition of course you are responsible for managing the user objects and these can include the different attributes so first name last name email address and so on uh of course identity is the key to everything and essentially a tenant is a gateway to many other uh services that are running within the cloud and this can include of course other Cloud providers such as Google and Amazon and so on now one of the key things of course likewise when you check into a hotel you may need to authenticate yourself so for example do you have a booking reference number and some in some cases they may ask to see your passport and again the same thing is exactly the same for when you authenticate into the cloud now traditional authentication used to use something called a legacy is something that you know and this can include a username and a password and this is kind of very much on its way out now if you're using Windows then you can use Technologies like Windows hello for business and again this can include things like facial recognition fingerprint and so on um in addition you can also some not only something that you have so it might be a token you might also be using the Microsoft authenticator app on your phone but it can also be based on somewhere where you are as well so for example one of the features that Azure provides is something called conditional access and if you've not learned about that then definitely check out one of my videos on my channel on that so and you can combine all of these elements to form something called multi-factor authentication in other words you need multiple tools or multiple methods in order to authenticate and this is by far one of the safest ways to authenticate yourselves in the cloud so that being the details I think it's about time we had a look at Azure active directory and let's get you started so getting started in Microsoft Azure ad or Microsoft 365 is super simple simply go to azure.microsoft.com and you can try Azure for free here you'll need to create a subscription and that subscription will require a credit card but don't worry you're not going to be billed it's just used for identity purposes so with this you'll basically get 30 days free trial okay now in addition or alternatively you can also go to Microsoft 365 or office.com and you can get Microsoft 365. please note as well there is also a free version of Microsoft 365 although I must warn you it's very very limited and certainly if you want to study Microsoft 365 I.E the technical aspects of it then this would not be for you okay now what once you're up and running and you have created a an account this at the same time also creates something called a tenant so here I'm in Microsoft 365 and I'll just make that a little bit bigger here and if you've got Microsoft 365 you'll be very familiar with it I'm sure you get all the various apps here now one app that I do have of course is I'm an administrator so I get access to the various admin tools here so the admin tools will give me access to a number of portals so really just looking at the basic things that you get and then we're going to jump into Azure active directory so first up then we have the office.com account here and you can see that I get my generic admin tools here which can include creating users and groups managing administrator roles and dealing with my various resources now depending on your role your admin role in the organization you may also get access to other portals as well so for example security compliance Microsoft Exchange if you're managing email and Communications and also things like SharePoint and teams now the super user account in Microsoft 365 and in Azure ad is an account called the global admin now when you create your tenant for the first time you will become the global admin now I want to create and manage user accounts group accounts and so on and I mentioned for this we use a tool called Azure active directory and I'm going to click into this now you'll mention you'll remember that I also mentioned that Azure active directory is forms part of something called Microsoft enter so Microsoft have recently done quite a bit of rebranding actually um so now in Microsoft 365 for example security Now comes under the Microsoft Defender brand and their compliance tools come under the Microsoft purview brand so here in Microsoft Azure active directory you can see that in Microsoft enter we have a number of different tools and specifically today I'm going to focus on this this is my Azure active directory now I mentioned that we're in that our hotel and I've got my my room that I'm paying my subscription for and this is my tenant and this gives me details about my tenant here it tells me what kind of license that I have for my tenancy now please note that there are a number of different license types there is even a free version of azure ad and then there are some premium versions as well so there is an office apps version or an E3 which gives you access to most features in Microsoft 365 and in Azure ad but if you want some of the the really improved security features multi-factor authentication identity protection you will need a P1 and a P2 license certainly conditional access requires a P1 but as I say don't worry the fact that you've gone ahead you've signed up for that 30-day trial this is a great way to actually learn now just one quick tip here and as I mentioned you can go into either office.com or azure.com and create those free accounts um just to say that if you're going into Azure a good tip would be to create a free Outlook account now the reason for that is you can only create one account per email address that you use so if you want to create and work with multiple accounts go ahead and create a different outlook.com accounts for each Azure subscription and that's a great way to learn and keep learning as well all right so heading back here then let's take a look now at the basics of azure active directory so Azure active directory here you can see this is where I can create my users my groups to manage my devices I can also go into protect and secure and there's an option there I can manage things like roles and groups and managing admins um I want to look at the basics today so with this I want to talk about users so users I'm going to come into my users I've got all users and I've got deleted users here now I'm often asked Andy what's the best way to create a user account um some people create them in Microsoft 365 and if I go into Microsoft 365 here indeed if I go into users you've also got active users here now one thing to note is they're exactly the same users all right and I'm often asked Andy which is the best portal to use do I use Azure ad or do I use Microsoft 365. I have to be honest with you um there is no one portal to rule them all here so it's really what works for you now there are going to be things that you can only do in Azure ad and there are only things that you can do in Microsoft 365. I know it's a little bit confusing but believe me you'll get you'll get the hang of it okay so with that first thing you're going to need to do is we're going to need to create a user account of course now there are two types of user that you can create in Azure ad one is called the just a regular user and this is a licensed user in your tenant alternatively you can also invite an external user as well now depending on the license that you have for Azure or 365 you have to have a certain number of users before you can invite lots of guests of course and it tends to work out a five to one ratio so for every five user accounts you can have a single guest um now um although Microsoft are constantly reviewing that by the way so what I'm going to do is I'm going to create a user account and it's asking me for what we call a UPN a user principal name now I use a principal name is essentially an email address and you can see here that it's generated a tenant address for me in the format of tenant dot on microsoft.com so this is Microsoft's internal domain name and this is our tenant or folder name or room number depending on how you want to do it and to be honest this doesn't really matter um if you've got your own domain name you can actually go ahead and re and register your own domain name and if you've not seen how to do that by the way then check out my video on DNS on my YouTube channel I'll put the link in below by the way so in this case I'm going to create a user here I'm a big Star Trek fan as everybody knows so I'm going to call this uh Picard J and I'm gonna call him uh Jean-Luc Picard okay so I'm gonna put in here Jean-Luc Picard I'm going to Auto generate a password for this uh user and you can see I've enabled the password now if you're not ready for that account to be enabled of course I can take that check box out there now I'm going to click on next and it says okay what's the user's name well in this case it's John Luke of course and the last name is Jean-Luc Picard and you can see it's asking what kind of user account is this now as I said you've got two types of user account you can have a member so he's a member of your tenant or he's an invite so again this might be somebody outside your organization it might be a supplier a customer or somebody like that that you want to invite in to collaborate um again you can give them a job title I can give them some company information I can I'll say John Luke's in sales here and if you're using a um HR System then that HR System can integrate with Azure active directory and you can see it can fill details in here um again I can put in a city as well so for example I live in Scotland so I'm going to say Jean-Luc lives in Edinburgh and again I can put some details in for Jean-Luc here I can type in a do I want to create an email address for him yet um again not yet so first of all Andy why doesn't it create an email address because I haven't licensed this user yet okay you've also got various other fields there that you could go in and fill in now do I want to make Jean-Luc a member of a group or you've got three options here um do you want to add him to an admin role so do I want to make him an administrator of any kind do I want to add him to a group um so I can set permissions or do I want to add him to something called an administrative unit so for example let's say your based in London and you are an administrator in London then I can add Jean-Luc into this administrative unit and you can then manage him um next I'm going to go ahead I'm going to review and I'm going to go ahead and create this account here so there we go I have now created jean-luc's account but of course his account has not been licensed yet so I can simply go back into here I'll just refresh this page and within here I'm just going to scroll right down and sure enough you can see I've got Jean-Luc Picard here now in Azure active directory I get lots and lots of detail about the user account so things like groups that he's a member of any applications that he's been assigned and of course licenses so the next thing then is assigning a license and again you can select the licenses that you want to go through alternatively you can review the different license options so for example I can say I want to look at the Enterprise mobility and security I can assign different licenses from here the other thing that I could also do by the way is um I can also come into Microsoft 365 and again if I just refresh this page you can do exactly the same thing from here as well so I'm going to click onto jean-luc's account I'm going to click into his account here I'm going to go into licenses and apps and this is now where I start assigning some licenses so I'm going to give him a Windows license an E5 license okay so now that I've gone ahead and assigned that you can now see that Jean-Luc has now been fully licensed okay for the next section I want to talk a little bit about groups groups are super important now once you've created your account and you've licensed your account the next thing you're going to think about is what the account is for are you going to use the account for collaboration is it security are you going to assign permissions and so on for this demo I'm going to come into the Microsoft 365 admin Center here and we've looked at user accounts now what I've done here just to save a little bit of time as I said I've created a couple of users so I've created a user called Jean-Luc Picard and I've also created of course you can't have Jean-Luc Picard without creating an account for William Riker as well now one of the differences that sets apart Microsoft 365 to Azure active directory is the fact that when you create groups there are a number of little kind of differences so I can come into groups here for example in Azure and if I create a new group then I basically here there are two types of group so you can create a security group out or you can create a Microsoft 365 group so think about the Microsoft 365 group as a fully collaborative group now as I said you've only got the two options here but if I do the same thing let's just come out of that if I do the same thing in Microsoft 365 you'll see here that because we have Microsoft Exchange Microsoft teams of course SharePoint are all parts of Microsoft 365 groups here are handled slightly different so we have security groups mail enabled security groups a distribution list and a Microsoft 365 group and essentially it's all to do with the amount of collaboration that you want to place or within the group so for example a security group can contain either users or devices such as laptops computers and so on and you can then assign permissions to those devices or to the users a mail-enabled security group is essentially a security group with a distribution list a contact list so it's not actually got a mailbox it's just mail enabled a distribution list of course is just a contact list nothing more um and finally a Microsoft 365 group is a fully collaborative group so in this case let's create a group here so I'm going to create two types of group I'll create a Microsoft 365 group for you and I'm going to click next and this group I'm going to call this I will call this my sales team okay so in fact let's give it a location I'm based in Edinburgh so I'm going to call this my Edinburgh sales So within my Edinburgh sales I can put in a description I can click next and very importantly I can go ahead and I can assign an owner to the group now for the purpose of this demo I'm going to use Adele here I'm going to say Adele can be the owner and this is a special permission that this group has and what she can do she has the right to assign other members to that group and again I'm going to click next now I'm going to add a member so again a couple of ways that you can add members you can either directly add members in or you can use something called a dynamic rule which I'll show you in a moment so for the purpose of this demo of course I'm going to scroll down um let's bring in we'll bring in Jean-Luc we'll bring in Joanna um let's bring in who do we have we've got um William Riker I'm gonna scroll up and let's bring in Alex as well so I'm going to add in those members to my group members by the way typically have the permissions of contributing to the group so again think about it's all about collaboration so the group email address you can really put anything that you like in here if you like so I'm going to put in I'll say Edinburgh sales and you can see after a moment it gives it a little tick and it says yes this is absolutely fine now one of the things you can also put on the group is a sensitivity label so how confidential or how sensitive is the group so for the purpose of this demo I'm just going to ignore that the nice thing then is privacy now because it's a the default here is a public group and I'll show you what that means in a second but essentially there are two things so um one it can be discoverable so in other words anyone can create a group in Microsoft 365. so groups can also be created within Outlook so I can simply go into outlook here and if I scroll down you can see I've got groups and I can go ahead and I can create groups if I have the rights to do so so particularly useful for collaboration so if you make a group public it is not only discoverable by anyone but anybody can also join it as well just take that into account when you create that group so as an alternative of course you can make a group private so when you make a group private again one of the options that you have is you can in fact it doesn't matter whether it's private or public actually but one of the options that you have is do you want to extend the capabilities of the team or of the group to become a Microsoft team now if you decide you know I'm not sure about that you can take the check box out there and again you can add it later though so don't worry another thing that you can also do is you can you can basically align this group to become a member of an admin role so for example if you wanted let's say anybody who's a member of this group they can be an exchange admin or something like that so I'm now going to click on next and I'm going to go ahead I'm going to create my group and you can see I'll just click on close yes there we go so you can see Edinburgh sales now in this screen here you can see who created the group you can see the email you can see if the group is a Microsoft team now what do I mean by that well if I come into let's have a look at some of these groups what is a Microsoft 365 group well as I mentioned it's a fully collaborative group so not only does it get its own mailbox shared mailbox but you can also it also has its own document Library as well so document libraries are great for shared documents and the other thing you've also got a shared calendar you get a shared website planner notebook and so on but the key thing is it just contains Microsoft apps now if I come into Edinburgh sales and if I go into my settings page here one of the options that I have um or as I should say in general here is this one it says do you want to extend the group to become a Microsoft team now just to remind you that this is an irreversible action so if you click onto this you can't then change your mind but what this does do is it extends the capability in Microsoft teams and you can now do chats with the the group and you can also use third-party apps so this is a really nice feature okay and there we go that's how you can create a Microsoft 365 group and extend it to become a Microsoft team in 365. so what was the other way to add members to a group then well if I come into let's say coming back into Azure here I'm going to come into groups and this time I'm going to create a new group but instead of creating a security group again I'll do a Microsoft 365 group but this time I am going to call the group Edinburgh it support okay and in here I'm going to say Ad roles Can ad roles be assigned so I'm going to say yes they can be assigned now just a note here you've got an option here that says do you want to assign users to the group or do you want to use something called Dynamic users and dynamic users I love this by the way this is so cool I won't bother with the sensitivity label again I can assign an owner but instead of assigning members to the group check it out you can do what we call a dynamic query so I can simply choose a property so let's say City let's say equals and let's say Edinburgh okay and I can add another rule that says and we can say Department equals it support all right and that is my Dynamic rule so basically if any but if any user has a property where they're in Edinburgh and the department is I.T support they will then automatically be a member of this group so what I'm going to now do is I'm now going to go back into my users and I'm going to scroll down and I've got my user here let me just scroll down I have got let's say William Riker so I'm going to go into Will's account and I'm going to edit his properties and of course in here I'm going to scroll down and Department I'm going to say it support and of course I can scroll down the city he's currently in is Edinburgh now if any of those values change he will no longer be a member of the group so if he moves to Glasgow or London you see how cool that is that is so such a powerful feature and those are the two ways that you can add members to groups in not only Azure active directory but also Microsoft 365. so the final topic that I'd like to discuss in this getting started video is the topic of admins now as I mentioned when you create a tenant you create what we call a global administrator and essentially the global administrator has the overall responsibility for the tenant now as you can imagine though if you are a large organization and you have maybe 10 or 20 different administrators you don't particularly want all of those people to have Global admin rights it kind of would make things quite complicated so to make things a little bit easier I can come into Microsoft 365 and I've got role assignments now please note that you also have something similar in Azure active directory so again if I come into Azure ad roles and admins again you'll get exactly the same thing here and the nice thing about this is there are different roles for different duties within the organization now when you first look at this it it does feel a little bit overwhelming but don't try to resist that kind of you know panic I can feel the panic in your eyes don't worry too much about it because it's not so bad as it looks so actually if as you start to scroll down through the various rules you can actually see that they're grouped together so in this example here you can see that we have an exchange administrator so exchange is the communications it's Microsoft emails or the email system so you might have let's say an administrator who specializes in Microsoft Exchange and likewise you might have an administrator who is just responsible for licenses or for networks and so one so some roles as you can see here such as teams for example have multiple admin roles and if you think about Microsoft teams as an Enterprise collaboration platform it's huge so for example you might have somebody who specializes in the communications part of team so the voice sections you might have a junior administrator who's responsible for putting a team's phones on people's desks get the idea we also have other roles as well so if I wanted to for example Grant my assistant the right to be able to create user accounts and manage licenses and I don't want them to be a global administrator I could make them a member of the user admin role so that's the purpose of this now um you can as I said you can assign users the different roles in a number of different ways so if if I come into let's say active users here when you create that user account one of the things that you can do for example if I come down to Will Riker here if I go into Will's account properties so one of the things that you can do is if I just scroll down you can see it says at the moment he has no administrator access now I think you know you know Will's been doing a good job he needs a bit of a promotion so I want to give him admin Center access but you might not want him to be a global administrator I want him to be a user administrator of course you can also make him multiple roles as well if you want to okay so it's as simple as that now we this basically you should know this grants the user permanent access as an administrator now if you don't want that you can use something called privileged identity management for that and I've covered that on an alternate video so definitely go ahead in my identity playlist and check that out so for the moment though I'm going to go ahead and I'm going to save that and you can now see if I go back to Will's account just let this refresh you can now see that will is now a user administrator and he has all the rights and privileges to carry out that job so there you have it all you need to know in just under 30 minutes about Azure active directory Isn't that cool now of course if you enjoyed the session bump that like button up there it really does make a difference and of course if you're not subscribed again hit that subscribe button ring the bell and you'll be notified of any new videos and postings that I have in the meantime comments questions as always get those down below and I'll do my best to answer them for you and that's it for today thanks very much for joining me and from Slovenia goodbye foreign hey thanks so much for dropping by today here's a couple of videos that you may enjoy and while you're here go ahead click on the Subscribe button and you won't miss out [Music] foreign

Info

Channel: Andy Malone MVP

Views: 18,837

Rating: undefined out of 5

Keywords: Get Started with Azure Active directory, Azure AD for beginners, Learn Microsoft Azure Active Directory in Just 30mins, Microsoft 365 Administration, Microsoft Identity, Azure AD, Microsoft entra, Andy Malone MVP

Id: psPy-IV--JY

Channel Id: undefined

Length: 38min 4sec (2284 seconds)

Published: Mon May 15 2023