In the Masterclass, you will learn how the identity solutions offered by Entra ID and on-premises AD will help you build identity systems for the future using protocols that include OpenID Connect and OAuth 2.0.
You will learn how to implement secure authentication and authorization to applications that can be located on-premises or in the cloud. The source of identity of the users could be from your own corporate network, your Entra ID directory, a partner organization and/or a social identity provider such as Facebook or Google.
The class provides detailed learning through the extensive use of hands-on labs. Attendees will not only learn the fundamentals and principles but also learn how to deploy and troubleshoot the solutions. In-depth learning will be gained through the use of tools, such as Fiddler and Wireshark, to analyze and understand the protocol flows.
The class is continuously revised as Microsoft make changes to Entra and introduces new relevant features.
What to expect
The Masterclass is a high-energy, action-packed event crammed with factual information and tips. During the 5-days, John Craddock will help build your knowledge and consolidate your new skills with over 35 hands-on labs.
Audience
The class is primarily aimed at IT professionals. However, application developers who are tasked with integrating authentication and authorization with Microsoft Entra ID and/or on-premises AD will significantly benefit from the detailed coverage. Code development is not included in the class, but you will learn about all of the configuration requirements.
The Masterclass is designed to teach you how to solve all the challenging aspects of securing apps in Entra ID and provide an optimal SSO experience for your users.
Prerequisites
To attend the Masterclass, you need to be a confident IT administrator with a thirst for knowledge. The Masterclass doesn't teach basic Entra ID administration, but because of the extensive hands-on, you can come to this class with no prior knowledge of Entra ID. You will pick up the basics as we focus on the more challenging topics.
To gain the maximum from this class and the hands-on labs, you will need hands-on system administrator skills. For example, you will need to know how to:
Create and manage groups, OUs and group policies in an on-premises AD
Perform basic server/DC troubleshooting (for example, check if a service is running and restart it)
Add a DNS record
Add a URL to a browser's Intranet zone
MasterClass materials and lab environment
Both the hands-on manual and slides will be available in PDF format. You will also receive a copy build guide, which details how to set up the hands-on virtual environments and copies of all the scripts and demo websites.
Masterclass lab environment
The hands-on labs are all run in a cloud-based virtual environment that will be available to you after the course is completed. The labs are available for 60 days from the course start date. This will allow you to do the labs again and test out other ideas.
?Course content and agenda
Day 1
After a comprehensive introduction to today's identity challenges and solutions, you will learn the details of the authentication protocols. This in-depth coverage of the protocols will allow you to troubleshoot any problems you may encounter when deploying solutions. As we go through the hands-on labs, you will be expected to troubleshoot any issues you may encounter during the Masterclass. Of course, John will be there if you need help.
Day 1 hands-on labs include:
Creating an Entra ID Directory
Capturing and analyzing HTTP/HTTPS sessions using Fiddler
Enabling Kerberos on a website
Troubleshooting Kerberos network traffic using Wireshark
Tracing the WS-federation protocol
Day 2
After completing our investigation of the protocols, You'll discover how to manage Entra ID through the Portal, using PowerShell and the GraphAPIs.
Day 2 hands-on labs include:
Investigating OpenID Connect and OAuth 2.0
Adding custom domains to Entra ID
Managing Entra ID with PowerShell
Using Graph Explorer
Day 3
We will start the day investigating Entra ID authentication methods and other security measures, including Conditional Access and self-service password resets. You will learn how to sync hybrid uses from on-premises using Entra Connect Sync.
You will discover the pass-through authentication and the SSO capabilities provided by Entra Connect Sync and Windows 10.
Day 3 hands-on labs include:
Custom security attributes
Self-service password resets
Installing and configuring synchronization with Entra Connect Sync
Investigating pass-through authentication and SSO
Windows 10 SSO
Day 4
At this stage, you will have created a reliable identity infrastructure, and now it's time to make applications available to our users.
You will start by deploying a SaaS app to your users, configuring groups, assignments and self-service application management. You will then learn how to register your own applications with Entra ID.
We then dive into the application model and learn about managing permissions, roles, groups, delegation, APIs and consent.
Day 4 hands-on labs include:
Working with SaaS applications
Self-service application management
Configuring an Open ID Connect / OAuth 2.0 app with Entra ID
Managing permission roles and groups
Defining WebAPI permissions
Investigating consent
Deploying a V2 app and testing consent
Day 5
The day starts with discovering how to turn your application into a multi-tenant app and make it available to all users from all Entra tenants. You then proceed to work with the Entra Application Proxy to publish applications to the Internet. We will go on to stretch our boundaries and see how Entra ID can open access to consumers (B2C) and businesses (B2B).
The labs support three optional hands-on with AD FS. Although the full details of AD FS are no longer covered in the class, the labs are still available for anyone to experience AD FS if required. Due to time constraints, these labs will need to be done outside of class hours.
Day 5 hands-on labs include:
Multi-tenant applications
Publishing applications using the Entra Application Proxy
Enabling Windows Authentication via Kerberos Constrained Delegation
Optional to be done outside class hours
Configuring AD FS
Enabling Federated SSO
Installing and configuring an OpenID Connect app on AD FS
Multi-tenant versus federated applications
Managing B2B invitations and guest users