Microsoft Entra ID The Complete Beginners Guide

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
in this episode we're going to take a look at Microsoft enter ID the directory service in Microsoft 365 and Microsoft Azure how does it work and more importantly how can you get involved as a beginner stay tuned and you'll learn something [Music] hello everyone welcome back to the channel Andy Malone uh Microsoft MVP so nice to see you this week I really do appreciate it Hey listen if you're a beginner in Microsoft world and you've not had a chance to take a look at Microsoft enter ID then this is a really good place to start so in this video I'm going to take you through everything that you need to know to understand exactly what enter ID is how to create users how to create groups and initially how to kick start your career into it we're going to look at many of the different components and discuss exactly how they work and more importantly what they can do for you now if you haven't subscribed to my channel we would really appreciate it if you would click that subscribe button ring the bell and come on board and join my learning community and if you've got any comments or questions of course I love those so just get those down below and finally if you enjoy the video please bump the like button up there it really does make a difference so I think without any further Ado let's jump in with some demos and talk about exactly what enter ID is and how you can get involved so first up then what does the word enter mean well when we look at the French dictionary and the Portuguese in a dictionary here we can actually see that it does mean the words to go in or to come in which in essence means entry so this takes us to the three kind of principles of identity so identity means to identify oneself so for example in a directory service or in an account service you're going to have a means of uh identifying yourself that could be a username it could be a user ID for example your credit card number but something that uniquely identifies you then you're going to need to authenticate so traditionally authentication was done by using pin numbers or passwords but this is not very uh secure these days so in essence we use multiple different methods of authentication hence the term multi-factor authentication so for example you might use a mobile device you might use a biometric such as your face or a handprint or a fingerprint so we also have the third feature which of course is authorization so once you've been identified and authenticated you're then authorized to gain entry and to perform a specific task for which you've been granted permission for so I suppose the first place to start in enter ID is with a little tour so here we are in the Microsoft enter admin Center and you can see that we have a number of categories so primarily we have identity protect action identity governance verifiable credentials permissions management and a new feature Global secure access which is currently in preview So today we're primarily focusing on identity so I'm going to expand this menu and I'm going to come into an overview and first of all just to say you'll notice that that you've got various licenses that still relate to what we call Azure now at the moment Microsoft are currently doing a little bit of a Rebrand now this is actually quite a good slide because it shows you that there are different versions of enter ID so everybody by the way can sign up for a free edition and although it's a little bit basic it is quite useful to have we also have Azure ad premium P1 which now becomes enter idp1 and this is included with most versions of Microsoft 365 including the E3 Edition and business editions now with the Premium Edition certainly for the E3 you get features like conditional access and with the P2 Edition you also get the additional and excellent identity protection features which come with Microsoft entrap in addition the E5 Edition or P2 will give you additional security and functionality features so continuing our tour in Microsoft enter let's take a look at what we can see so I can you can see I'm focusing really here on identity I've got users groups devices applications roles and admins billing information and you've also got settings which can include a preview Hub this just means beta features so features that haven't been fully released yet which is quite useful you can also customize your own organization's domain name here so out of the box you get what we call a tenant so you can see here that my tenant is just some kind of random number dot on microsoft.com which means essentially it's a bit like a filing cabinet in the Microsoft Data Center and I've got a draw with this name and you're responsible really for managing your own tenant and Microsoft look after the infrastructure and everything else but we do appreciate that you might also want to add in your own domain name here now if you are interested in that check out my DNS video that I recently recorded and I'll put the link below for that all right so other things that we've got then of course you've got got the security and protection and I'm going to cover that in a in a future video but today it's all about the basics and one of the first basic things you're going to want to do is you're going to want to create a user account so to get started I'm simply going to pop in here into the enter admin Center I'm going to come into identity I'm going to expand users and I'm going to click into all users now just to mention that if there is any reference to Azure active directory in the portal this will change because due to Microsoft's Rebrand last week now creating a user account is simple if I come up here to new user you could have got two choices I can either create a new user which is essentially a member user in my directory or alternatively you can invite an external or guest user into your organization for the purposes of let's say collaboration so I'm going to go ahead and I'm going to create a new user here and it's asking me first of all for a user principal name or UPN this is typically in the format of an email address so I'm going to call my user Picard J so I'm a bit Trekkie if anybody knows me so Jean-Luc so I'm going to put in a user or a display name here I'm going to say Jean-Luc Picard all right so I'm putting in here a display name of Jean-Luc Picard you can see it's Auto generating a password and it's enabling the user account here and I can then say let's go into the properties of the user account so I can you might want to fill in some details for the user here so you might want to put this in a name again you can choose whether you want him to be a guest or a member in the account um if you have a certificate if you're authenticating the user by the use of a digital certificate you can add that in here as well and I'm I'm going to assign him a job um I'm going to put him in the sales department and of course you can put in the location I work in Oslo a lot so I'm going to put in Oslo there in Norway and uh if he has a manager you can add that details in and again you can also fill in I'm sure you get the idea so we can add all of this information in just a by the by if you use a HR System that integrates into enter ID you'll probably find that when you add the user in the HR System it will typically populate most of these fields for you um the other things that you've got you the one piece of advice I would say is you have a usage location so the usage location is really useful because this informs Microsoft where you would like the user data to be stored so this tenant is based in the US so I'm going to go ahead and do that so next is assignments so do I want to assign the user either to an administrative unit so for example um this if this user would be based in Oslo and we have let's say a dedicated administrator who was responsible for administering Oslo we could add that user in here do you want to add the user into a group so yeah okay so I could come in here to the various group types and let's say for example I want him to be added to the Oslo office group so I can simply select that and I can add him into the office group and of course you can bring him into multiple groups as well now the final thing that you might want John Luke to do is have some kind of administrative role in the organization so an admin role is particularly powerful so the most powerful admin role that we have is something called a global admin and a global admin can pretty much do anything that they want but as you can imagine if you had 50 administrators the last thing that you want to do is you want to have 50 Global admins so we use something here called zero trust and one of the principles of zero trust is making sure that you only give the users what rights and permissions that they actually need so for example in this case you can see we have a whole bunch of different types of Administrators so for example I could perhaps say you know Jean I want John Luke to be an exchange administrator now if you don't assign an admin role here he will just have regular user permissions okay in this case though I'm going to assign John Luke and exchange admin just a quick note by the way for administrator accounts you do not need to assign a license for this so even guests can be administrator accounts so now that we've created our user we can now just review this and off it goes and it will now create this user account for us so now that we've created the user account we can now of course go in and have a look at the various properties of that account so I'm going to just refresh the screen let's just do a quick refresh and I'm going to come down here and in here you can see sure enough there's Jean-Luc Picard if I click onto his account you can now see that he's got all his attributes here he's been configured now the other things that we can do here you can now see what groups he's got I can assign applications to him I can assign licenses so perhaps one of the first things I suppose we should do is assign a license to Jean-Luc and you can see it gives you a sample of licenses that we have so I'm going to go ahead and I'm going to add in a couple of licenses I'm going to assign an E5 and and an Enterprise mobility and security feature you can see that it assigns a number of different features and apps now if you change your mind about any of these I could just simply remove that particular app if I want him to to not have that feature so now that I've done that I've assigned the user again I can scroll down and I can now save that and I've now created and licensed Jean-Luc Picard as a user in my directory now of course one question that I get asked is what happens if you don't need a user account anymore so you can see here I've got a user account called Bob Jones so what happens if Bob leaves the company well you can remove the license for the user and you can obviously back up the user's data but ultimately you're going to probably want to delete that user account so to delete a user account you can simply select the user account here go up to the menu bar here and choose to delete it and click OK and that user account is now gone and already you're thinking oh my goodness what if I've gone ahead and made a mistake it's okay don't worry if you go into the deleted items container here you can see that I've got my user here and he stays here for 30 days so all of his data will stay here for 30 days and of course you can then restore that user back now of course you the other options are you can place the user on legal or litigation hold which means the user account technically could not be deleted and I've covered that in my exchange videos so definitely have a look at that but for now I simply want to restore this user back and everything that this user was has now been restored back into all users now so that's user accounts basically so we've created we've deleted and we've restored a user account here something else that you definitely want to take a look at are groups so groups can be created in Azure active directory and if you're interested in creating groups in Microsoft 365 then check out my admin videos on Microsoft 365. today though I'm just really focusing on enter ID so um I'm going to come up here to groups and in groups here we have two choices you can either create a Security Group which is just used for permissions or you can create what we refer to as a Microsoft 365 group otherwise known as a fully collaborative group okay um so for this demo I'm going to create a Microsoft 365 group and I'm going to call this group I'm going to call this my Oslo uh Tech project so I'm calling this my Oslo Tech project and do you want to assign an admin role to a group so you saw me how I could assign an admin role to a user and and you can say yes I would love to assign an admin role and what you what's happened here is that's just flag this which means that I can now assign an administrative role to this group so any users within the group would get that admin role but the purpose of this demo I'm gonna say no and now it says would you like to assign the membership or would you like to use a dynamic user rule well I'll tell you what I'll show you both so I'm going to say assignment and by the way you can also depending on your license assign a sensitivity label to the group so this is like top secret or what kind of group is it now one of the things you want to do in enter is you probably want to assign an owner to the group so an owner is particularly useful um as a manager or as an owner and that means that he or she can then add other members into the group or invite members to the group so for the purpose of this demo here I've got a user here just called CDX so I'm just going to bring in this I will just bring in this user here and I'm just going to use the Microsoft CDX as the owner and I can now because I've chosen to assign members to the group I'm going to assign some members so I'm going to bring in Adele Alex and Alan I'll bring in Bob Jones of course and I think we should also bring in our friend Jean-Luc Picard so I'm going to click on next or select and I'm going to go ahead and click on create um so that is my uh group I've gone ahead and created a group and I've assigned a group membership what about the other option let's have a look at this so I'm going to create a new group I'm going to create this time I'll create a security group I'm calling it my Oslo techies and this time though I'm going to do you notice because it's a security group you can have an assigned member a dynamic user or a dynamic device so this is often used in deployment so if you're using the likes of Microsoft InTune you can use Dynamic devices to do Dynamic deployments of software or hardware and so on for this demo I'm going to choose a dynamic user again I can put in a a owner for the group okay so again I'll just put in the same owner again but instead of adding members to my group this time I'm going to add in a dynamic query so you can choose any of the properties of the user accounts so for example I'm going to say Department equals I'm going to say it support okay and I'm adding another expression and I'm saying for the city equals Oslo okay so you can see here if the user is in the department in I.T support and they're also in Oslo they will get added dynamically to the group and of course if you they change City or department they will then leave the group just think how powerful that feature is so I'm going to go ahead and I'm going to save that and I'm going to create that so to enforce that rule now I simply come up to my user accounts again and this time I'm going to scroll down and here's our friend Jean Loop Picard I'm going to come into jean-luc's account and this time I'm going to come in and edit his properties and here is his all John Luke's properties you see so again I can scroll down he's in Oslo that's good and we can then put in the department so I'm going to change him from the sales department into it support now when I click on Save Jean-Luc is now a member of that Dynamic group how cool is that all right that is super powerful and there you go just a little word about how groups work now so far we've talked about Microsoft enter ID we've talked about creating and managing deleting and restoring user accounts I've talked a little bit about the admin roles and also about how to manage groups one of the most important topics I suppose we should have a chat about is security so for this I'm simply going to come down here into the identity I'm going to click onto overview now if this is a new tenant one of the most important things of course is being secure so if I come into the properties here of my tenant and simply scroll down we have something here called security defaults and what the security defaults are these are essentially a baseline a security Baseline now please be warned if you have any conditional access policies or any security enforced they will be wiped out if you switch this on all right so um however if it's a new tenant um so you've just created a brand new tenant you've not really set up the security then enable this and it's brilliant okay so that's the security defaults so we talked a little bit about identity um we now need to talk a little bit about authentication and authorization so now I'm going to come down to the protection tab in the enter ID admin Center and I'm going to come into a first of all authentication methods so the authentication methods are a list of acceptable methods that you're going to allow your users to use in order to authenticate or prove who they are so you can have something called a Fido key and a Fido key is essentially a key that enforces things like passwordless Authentication these are going to be rebranded by the way as pass keys so watch out for those so I'm sure you'll be aware of the Microsoft authenticator app it's been out for quite some time and everybody can download this on their device so I can deploy this to selected groups here or all my users and during that configuration I can click onto the configuration tab and I can say I do you want to allow the use of the authentication one-time passcodes I'm sure you've seen those in fact they're Now default also when a user authenticates using the app for example multi-factor authentication it will show the application name that the user is trying to authenticate and the location this is a an additional layer of security so if somebody's trying to use your account in let's say New Zealand to you get into one of your apps you will see right away and you'll know hey that's not me that's trying to use this app and I'm not in New Zealand and you would then reject it so this I find this a really useful authentication method of course you can also use SMS messages as well as authentication you can use a voice call you can email one-time passcodes and you can also use certificate-based authentication as well so this means for example a user is using a mobile device they need to have a digital certificate on that device deployed in addition to any other authentication method an important member of the enter ID family is something called a verified ID or verified identity this is based on a very different kind of authentication method and it involves something called a digital ID or did and this technology essentially you can use it on your phone you can store it in your Apple wallet and once you've been issued with a did it absolutely guarantees that you are who you say you are so because it's been verified by a trusted Source here's a really cool demo I'll walk you through so to configure enter a verifiable credentials we simply come into the enter ID admin Center and the first Port of Call here is set up now you'll need to go in and update your organization settings you'll need to register your digital identity from The Trusted source and essentially then you'll verify that you own the domain name by importing a text record into your DNS once you've done that you can then take advantage of how digital IDs work and this is a really nice kind of scenario so the scenario here is that I've joined the Woodgrove bank and the first thing I need to do is I need to verify who I am using the true identity website so I'm going to go ahead and I'm going to verify myself using the website and again I'm using my mobile device here so first things I'm going to do is I'm going to take a selfie so it updates the selfie and I'm going to upload my government issued ID so passport identity card whatever it is you're using and it then verifies the information that I've sent them so it looks good so far so now it's going to uh say okay you want to scan the QR code so I'm just using my mobile device and I'm scanning the QR code um it's going through MFA multi-factor authentication and it's now asking me to confirm the pin that I see on screen Okay so there we go and I'm you can now see that it's now issued me with my verified ID which I'm now going to add to my wallet okay so once you've added that to your wallet it just takes a second just to do that okay so my ID has now been uploaded to my wallet I can now return to the bank so first of all the bank now knows that I am who I say I am and now I can actually go ahead and request access to my corporate identity card so again to do this we just take a picture of the QR code so I'm just taking a picture of that QR code again it does multi-factor authentication and this time it's saying hey do you want to share your true identity your at your identity with Woodgrove bank and I'm going to say yes I am that's absolutely fine so I'm going to continue onboarding and I want to now retrieve my verified ID so this is my corporate ID card if you will so again I'm just doing multi-factor Authentication unlocking the ID and again it will ask me for a code here so I'm just going to put that in here and next so now it's issued me with my corporate identity card from my for the bank okay and that's gone in to my digital wallet as you can see so very similar to you know the way that you would use your Apple wallet or your credit cards and so on the nice thing now that I have my card is what can I actually use it for so um of course joining a new company I'm going to need a new mobile device so I can simply come in here and I can choose my mobile device and you can see hey but you know I want to maybe access some discounts here because it's quite expensive so it says hey you know that's fine but you need to verify that you actually work for Woodgrove bank but that's okay I don't need to put my credentials in I can verify my employee credential so again all I simply do is again uh take a picture of the QR code use multi-factor authentication and what this is now doing is it's now checking my corporate ID and it's saying hey do you want to share your corporate credentials with the retailer okay in order to receive the discount so I'm going to say yes I do and it says now I'll return to the laptop and you can now see that it's provided me with my discount now the cool thing about this is you're in control of this so at any point I can come into the ID I can see exactly where it's been issued who it's been issued to and I also get to see every single transaction so a complete history of everything and that is the power of verified credentials so there you have it just a little bit on Microsoft enter ID Microsoft's premium directory service we've talked about how to get started by creating the different tenants we talked about the different uh subscription models that you can have we've talked about creating users we've talked about the two different types of groups so we're signing them we've talked about Dynamic membership and we've talked about things like admin roles what are the admin features and a little bit of Licensing and not to mention things like the verifiable credentials which is super cool by the way all right um Hey listen I really hope you enjoyed that session with me and if you did please give me a big thumbs up it really does help and if you've not subscribed help come on on board there's so many of you not subscribing bum that subscribe button ring the bell and come and join my learning community and I really appreciate you joining me this week for a look at Microsoft enter ID that's it for today you stay safe I'll see you next time thanks hey thanks so much for dropping by today here's a couple of videos that you may enjoy and while you're here go ahead click on the Subscribe button and you won't miss out foreign [Music] foreign
Info
Channel: Andy Malone MVP
Views: 6,742
Rating: undefined out of 5
Keywords: Microsoft Entra ID, Microsoft Entra ID for Beginners, Get Started with Microsoft Entra ID, Entra, Microsoft Entra, Andy Malone MVP
Id: ThT3n2Yass4
Channel Id: undefined
Length: 33min 48sec (2028 seconds)
Published: Mon Jul 17 2023
Related Videos
Microsoft Intune Suite - All You Need to Know in 30mins
Andy Malone MVP
32K
Goodbye Azure AD, Hello Entra ID
Andy Malone MVP
52K
Master Microsoft Exchange online in Just 30mins (June 23)
Andy Malone MVP
5.5K
Microsoft Intune Suite - Deploying Apps, Updates & Managing Security!
Andy Malone MVP
12K
Beginner to T-SQL [Full Course]
Pragmatic Works
210K
🔴 Let's build a Modern Portfolio with NEXT.JS (Framer Motion, Tailwind CSS, Sanity.io, React) | 2023
Sonny Sangha
841K
Learn Conditional Access in just 25 Mins
Andy Malone MVP
4K
Microsoft 365 The Top 5 Hidden Apps that YOU Should be Using
Andy Malone MVP
8.8K
DigitalOcean Kubernetes GitOps walkthrough: DevOps and Docker Live Show (Ep 152)
Bret Fisher Docker and DevOps
81K
Learn Microsoft Active Directory Advanced skills!
Andy Malone MVP
36K
Azure Master Class v2 - Module 5 - Storage
John Savill's Technical Training
24K
🔴 Let's Build the Netflix App in React Native & AWS Amplify (Tutorial for Beginners)
notJust․dev
349K
Microsoft 365 6 Critical Settings that Every Admin MUST Know!
Andy Malone MVP
8.6K
Learn GitLab in 3 Hours | GitLab Complete Tutorial For Beginners
LambdaTest
243K
Microsoft 365 User Accounts & Licensing. How it REALLY Works!
Andy Malone MVP
3.7K
Build a TikTok Clone in React Native and AWS Backend [Tutorial for Beginners] 🔴
notJust․dev
172K
Microsoft 365 Group Secrets that Every Admin Should Know
Andy Malone MVP
4.8K
Microsoft 365 The Absolute Beginner's Guide for Admins
Andy Malone MVP
49K
Microsoft Intune Suite The Essential Beginners Guide
Andy Malone MVP
8.3K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.