Microsoft Entra / Azure AD 2 0 Explained with Full Demo

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
and it's been called the directory of Kings Azure active directory has had a facelift it's now known as Microsoft enter but I like to think of it as Azure ad 2.0 how does it work what can it do stay tuned you come to the right place [Music] hello my fellow YouTubers Andy Malone Microsoft MBP in this episode I thought I would take a look at what I'm dubbing Azure active directory 2.0 or as you might know it as Microsoft enter it's going through tons of changes and I must admit the at the new look kind of admin Center is looking pretty good these days so I thought I would take you through all of the different settings really so that you can and you know exactly where everything is I've got a really nice demo here so make sure that you stay tuned to the end because I guarantee you'll definitely learn something now if you've not subscribed to the channel we love subscribers so go ahead bump that subscribe button up there ring that Bell and you'll be notified of new videos and if you've got questions comments not just about this but in fact any of my other sessions then I love those so get those down below and if you enjoy the session please bump that like button up there it really does make a difference to my channel alright so I think without any further Ado let's jump in with the demo and let's start to learn enjoy so I'm going to kick off here in the Microsoft enter admin Center and as you can see we have got three main components here now enter consists of three products first is azure active directory permissions management formerly known as Cloud Knox and we've also got verified ID here so the first of these then is azure active directory and I'm going to go into the overview page and this has recently been updated and what used to be lots of lots of tabs um is now all rolled up nicely on each Pages please note that the look and feel of it is starting to look more and more Microsoft 365-ish and again you can expand and contrast the menus accordingly so rather than having lots and lots of tabs Microsoft have now grouped everything to in kind of a way that makes things so much easier to find here now in the overview section here this is where you can add in again we've got some shortcuts here users groups Enterprise applications and you can also register an application here as well if you're working with multiple tenants as many of you are and I did a session on this so check it out on my YouTube channel I'll put the link below by the way you can manage your multiple tenants here to find out what's new we go here again you can also switch on the preview features and this can also be found in the preview Hub in the settings page yes so this is the preview Hub and in here you can find out what are the latest features and there's a few features here that are currently in public preview and you can switch those on or off accordingly okay now on top of that we have a number of different tabs here so the overview just gives you a generic overview of all of your Azure active directory you get your own news feed who you're currently logged on as and again down at the bottom here you have got shortcuts so rather than having to navigate all of those menus you can create groups and users directly from here also if you want to search for anything in your tenant you can search here so for example if I had a user for example called Jean-Luc Picard and I can just type in the user's name here and off it goes and it finds that for me so again that's a real Time Saver in here we've also got various monitoring so this again just keeps you up to date where you are with performance again there are a number of cards here or there will be a number of cards here that you will be able to configure so it shows you how many sign-ins that you've had and so on going into the properties page here again this is where you could change the name of your tenant here again you can change your language and very importantly especially for things like Powershell you've got your own unique tent ID that you might want to take a copy of again you can fill in these other features here which is fine again you've got Azure uh sorry access management as well and again you can switch this on if you want to um you've also got this always gets people the security defaults has now moved uh into the properties page see it so a lot of people kind of miss this and essentially what this does this is perfect um let's say for example you're a support professional you've got a customer and they've just signed into Microsoft 365. so you haven't set up conditional access you haven't set up any security policies or anything like that this is perfect so by switching this on it will set up a set of default settings for your user it's almost like a a baseline security pan plan if you will now the downside is if you already have set up uh security features for your user you've set up conditional access you've set up policies and so on by switching this on it will wipe those out so be very careful with that all right um okay so next we have got recommendations I love this so again um Microsoft will make regular recommendations it's a little bit like you know secure score and so on so again things like performance recommendations again this is just a new tenant so there's not much going on here now as I mentioned uh a number of times on my channel Microsoft are moving all of its learning content or have moved all of its learning content to Microsoft learn or learn.microsoft.com and in here you have got access to various videos and training courses here so if you want to learn as your active directory there's a whole bunch of tutorials here that I think you'll find useful so coming down to the user's pane again we've got all users here you've got deleted users so when you delete a user account it will generally delete them and pop them in the recycle bin for up to 30 days that's of course unless you have that user on legal hold um again I can click into a Dell here there's been a few changes recently so I can come into the Adele's features here and you can see what access she's got I can view her sign-in logs if she's interacting with any third parties um I can edit her properties either by clicking on this button here or this button here and it will take me into edit mode and I can then edit the user you'll also notice that in here it's showing me that things useful things like the last time the user signed in and it can you can also change the type of user here so you can see that the moment Adele is a member in this Azure active directory but you can also classify her as a guest account as well this is particularly useful if Adele's leaving the company let's say and she's maybe coming in as a contractor you'll also notice that we have quite a number of fields that are kind of related to the user's workplace and also if you're in hybrid mode you'll notice that we have a number of fields so if you've deployed things like Azure ad connect and you'll start to see these fields filled in for you um you've got again you can go through each of the areas here and you can fill in this information here settings you know language you've got those on premises or you've just got the generic properties there um please note that when you create a new user now in Microsoft 365 so again if I just scroll back here and go back into my overview and go into my users again um the guest user account is missing so now instead of creating a guest user you're essentially inviting an external user so I can invite I can go ahead and send out an invite to an external user it might be a customer or a colleague or somebody like that outside the company so that's a really nice feature here um please note that we've also got access to the various different logs here so again it's all about saving time and speeding things up um you've also got access to the user settings here so again you'll find that there is the same menu options and again you just choose that the option that is comfortable for you so here in the user settings we can choose you know are you going to allow the users to register applications and are you going to restrict the admins who can create tenants are you using LinkedIn integration as well you can show keep users signed in so the show the options for the user to keep them signed in I'm sure you've seen that you know when you log into Microsoft 365 it says do you want to keep me signed in again that may or may not be an option for you if you were in a bank maybe not so um you can also manage the external user collaboration settings here although I will admit that they put it in a much easier Place uh you've now got a complete category of external identities so everything to do with external identities is now here so coming into groups and hearing groups this is where I can of course manage all of my groups so I can create a new group here and again you just same as before I can change the name of the group decide what type of group it's going to be if you you can use an assigned group so assigned means that I can manually assign a member to that group and I can also assign an owner owners are particularly useful so if somebody leaves the group or the groups deleted the owner can go in and recover some of the data um in terms of authentication types and because this is a security group you can add in either assigned Dynamic users or dynamic devices and dynamic membership is essentially based on a role so if I change this group to become a Microsoft 365 group and I call this let's say Toronto accounts and I can come into the accounts here I can put in a description you can see puts in an email address um ad do you want to assign an ad role to this account so later I can assign for example um an admin account to this if I want to please note that this only works with a signed so if you change this to Dynamic this isn't going to work anymore all right um for the purpose of this demo I'm going to show you a dynamic user now you'll notice that Dynamic devices are only available in security groups so I can come in here and I can choose a dynamic user so one really cool feature is that I can go ahead and assign a label a sensitivity label here so if you're using labeling and classification this is a super cool feature please note that there's one little bug with this interface though uh you you can't remove of it so if I accidentally click onto this you can't remove it you need to do it in Microsoft 365. I can also assign an owner to this group so again I've just got a admin user here so I'm going to select that and I'm going to say Dynamic membership so I'm going to put in a dynamic rule so I can choose a property here so I can say Hey you know if the city equals uh drumser and you're probably wondering where Tromso is it's in Norway and I can even add another one and say hey if the department equals let's say accounts [Music] okay so a dynamic Rule and this is called ABAC attribute based authentication and if I click onto that now go ahead and create this group I have now created a dynamic group so if I go back to any of my user accounts here and just scroll down I can go into Jean Luke's account here I'm a bit tricky of course everybody knows that and I'm going to go and edit the properties of Jean-Luc and all I need to do is come down here and I can change this is Tromso so his intro already what department is he going to be working in so again I can put in the department at the moment he was in sales I'm going to change him so he's now in accounts and immediately now your Luke is now a member of the accounts group in Microsoft 365 and of course that particular Microsoft 365 group you could also promote that to become a Microsoft team as well okay so again really powerful really useful set of features there okay so all the group features are here so please note again you can set restrictions on who can create groups again you can also set in here you can put expiry dates on certain Microsoft groups here so a Microsoft 365 group you can put an expiry date and that means within 30 days of this date so with 30 days within six months if nobody is using that it will then get deleted um now if it does detect if AI does detect traffic in the group of course it just resets the counter and everything carries on as normal the other things that you've got here you can do a naming policy so things like group naming you can do a prefix so OSL sales OSL marketing and a pre a suffix so sales OSL mark editing OSL and so on um you can oh just want to leave it the other thing you've also got here is access reviews and access reviews is great because you remember when we used to have classic systems in the past um and you made somebody a member of a group and then two years down the line you would go oh my goodness they're still a member of that so here you can do an irregular access review and it's essentially do they still need access to that resource okay so Microsoft groups there now also please note that we've also got any devices so I don't have any here but if you're deploying any devices in your organization both hybrid devices or you've got InTune in there you'll see a nice list of all your devices here and again you can manage device settings and if they're Windows 10 or 11 devices you can also store the BitLocker recovery Keys here so if something horrible goes wrong with your devices you can recover them so that's really nice um in applications of course Enterprise applications we don't go to our local computer store to buy apps everything's in the cloud these days so you can come in here you can say Hey you know I want to go out and purchase an application and this of course Azure is a multi-cloud platform so you can buy apps from any of these vendors and you get a little selection here but seriously guys there are thousands of apps that you can choose from okay so once you've found the app that you want essentially just add that app in so for example here is zoom you go in and you add it in I can assign it to certain users and groups you can do things like single sign-on so are you going to use saml um so using adfs or something like that or do you just want a simple password based one or you just want to link it to the user account account so you can do something like that okay so you can also make the app self-service and this is particularly useful for let's say you've created an App for the public and you're using consumer-based authentication again that's great but check it out um not only have you got the app here but you've also got access to things like conditional access here as well so again you can create a conditional access policy so basically you're saying these users can only access this app if they're on a certain device in a specific location absolutely awesome all right so check out the applications one cool thing to definitely note is in Enterprise applications one thing I always get asked is Andy what if we have an app on premises can I still use that absolutely so go ahead you can down load the connector this is called the app proxy download the connector to a local server where the app is and essentially once it wakes up once it's active you then just configure the app and the apps are then published in the app launcher or as I call it the waffle and the apps basically just appear down here so any kind of third-party apps you can see would appear in the app launcher that is worth its weight in gold by the way all right um so that's the app launcher roles and admins so here when you create a user account of course um it just it's basically a user so the user doesn't have any kind of administrator privileges so what we have here in the Azure admin Center are literally hundreds of different admin roles now when you first look at these it can be a little bit overwhelming and you think oh my goodness I'm I don't need to remember all of these do I well actually if you no you don't is the shortcut answer but if I if I for example I've got a a teams administrator right so I don't want to Grant Global admins um to too many people because Global admin is a super powerful role so you tend to make it more role based so again teams is an example here here where you have multiple different roles so an overall teams admin would get that role but maybe you've got a a junior person within the IT team who is just responsible for um configuring teams devices let's say so you can grant them teams device administrator role get the idea so it's a super feature by the way so um again we also have other really useful roles so if you want to give the user the rights to add configure users and groups and license them and so on and you don't want them to be a global admin consider making them a member of the user admin role again really nice so anyway definitely check out that uh billing I think you can pretty much guess what that is um I mentioned the preview Hub if you want to add in your own custom domain name you can do that here so again and I've covered that in previous sessions um the other thing Mobility so my tenant I've got an E5 and an emns license so you can see that for Mobility I've got Microsoft InTune or endpoint manager configured here now in the old portal it was security and this is now the protect and secure portal so you can come in here and you can configure conditional access policies as well as identity protection and again I've covered all of these topics in depth um in recent sessions um you also this is kind of cool actually you also get an identity score as well so it shows you you get like a score and it's not so good is it really um and it but it's definitely making some recommendations and essentially don't use or do use multi-factor authentication so multi-factor authentication of course can reduce the number of password-based attacks on your system all right so they need a device you might need a biometric but it stops just simple password hacks by up to 99 seriously switch that on okay so definitely take the recommendations in here um other things you can also set up multi-factor authentication here and you can choose the different types of authentication all right so again we have the one-time password currently in preview we've also got certificate based authentication um you've got voice call authentication you can go in and you can deploy for example the Microsoft authenticator app or even Fido Keys you know that for if you're using things like passwordless authentication and we've also got a password reset options here so you can enable self-service password reset and you can basically select groups of users this is particularly useful if you've got premium Azure ad and you've got Azure ad connect and you've enabled password right back this would then write that back to your local active directory you've also got things like the identity governance and I mentioned access reviews and privileged identity management and that is a way that you can grant just in time access to admin roles okay all of this by the way I've covered in sessions and you can find those videos on my YouTube channel typically in security and compliance or identity this is really nice to see everything to do with external identities so I can come in here and I can set up things like cross-sentence cross-tenant access settings I can set up external collaboration settings this is really important by the way especially for security so what level of restrictions do you want guests to have do you want them to have full membership rights in teams for example or just limited access so definitely check out these menu items here really important okay um user experience you can when you log into Azure or Microsoft 365 you can customize this so you can add your nice corporate background you can bring in your own images you can custom the text that's kind of nice and this is called company branding by the way this is a premium feature um if you've been looking for Azure ad connect um so if you're trying to connect to an on-premises environment this is getting even simpler now you've got two main products so just connect sync so this you'll know connect sync as the traditional Azure ad connect I can come in here download it deploy it or you can use the Cloud sync tool so if you want to know more about this then check out my identity playlist and all of these topics are covered there all right finally you have got monitoring and health and this is where you can come in and you can monitor all the sign in logs you can also monitor things like audit logs and you can really get a feel for really what's going on and obviously we're looking for failures to log in was it a particular user Where was the user coming in from so you could then determine whether it's a suspected hacker or something like that all right again log analytics workloads things like that really useful I love this as well usage and insights so this is great all your applications it shows you how many successful sign-ins have happened and if anybody's failed to sign in that can be really useful for troubleshooting by the way and it also gives you an idea of how popular a product is and and if a product's not popular and you realize hey I'm paying a lot of money for this you might not be on the right license all right so there you have it a quick tour of Microsoft enter or Azure ad Mark II if you will Hey listen I really hope you enjoyed this week and if you did bump the like button it really does make a difference to my channel if you've got questions hey get them down below I love questions all right and if you've not subscribe please pop that subscribe button ring the bell up there and you'll be notified of any new updates that's it for this time I really appreciate you dropping by and uh nice to see you stay safe I'll see you next time cheers hey thanks so much for dropping by today here's a couple of videos that you may enjoy and while you're here go ahead click on the Subscribe button and you won't miss out foreign [Music]
Info
Channel: Andy Malone MVP
Views: 41,892
Rating: undefined out of 5
Keywords: Microsoft Entra, Azure AD 2.0, Getting started with Microsoft Entra, Andy Malone MVP
Id: X5kn1KjNbEk
Channel Id: undefined
Length: 29min 14sec (1754 seconds)
Published: Wed Jan 25 2023
Related Videos
Entra ID Beginners Guide, Avoid Becoming Obsolete!
Azure Academy
26K
Why are you NOT Using These 5 Microsoft 365 Apps?
Andy Malone MVP
11K
What is Entra ID, Entra Domain Services, and Windows AD?
Travis Roberts
13K
Azure AD Overview
John Savill's Technical Training
116K
Azure Active Directory (AD, AAD) Tutorial | Identity and Access Management Service
Adam Marczak - Azure for Everyone
696K
What happened to OneNote? 🤔
Leila Gharani
1.1M
Microsoft Entra API-Driven Provisioning
John Savill's Technical Training
17K
Azure AD App Registrations, Enterprise Apps and Service Principals
John Savill's Technical Training
211K
Can I Move Active Directory to the Cloud? (Azure Mythbusters)
Microsoft Developer UK
10K
Elon Musk JUST Revealed The Last And Most TERRIFYING Secret We Are NOT Supposed To Know
Star Investing
11K
Azure AD Cross Tenant Synchronisation FIRST LOOK!
Andy Malone MVP
14K
Is Microsoft Loop the End of OneNote?
Jonathan Edwards
278K
Azure Active Directory | Azure Active Directory Tutorial | Azure Tutorial For Beginners |Simplilearn
Simplilearn
189K
Microsoft Entra The MUST KNOW Guide for Admins
Andy Malone MVP
15K
Microsoft Intune Suite - All You Need to Know in 30mins
Andy Malone MVP
76K
Microsoft Entra ID Application authorization
Microsoft Security
20K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.