AZ-104T00A

Administer Identity

© Copyright Microsoft Corporation. All rights reserved.

© Copyright Microsoft Corporation. All rights reserved.
Learning Objectives

• Configure Microsoft Entra ID

• Configure User and Group Accounts
• Lab 01 - Manage Microsoft Entra ID Identities

© Copyright Microsoft Corporation. All rights reserved.

Administer Identity whiteboard

Sync B2B External identity providers

Microsoft - guest users
On-premises identities
Entra ID - creates a profile

- licenses
users - administrative units groups
- bulk updates

profiles

Group types Assignment types

– Security – Assigned
– Microsoft 365 – Dynamic

© Copyright Microsoft Corporation. All rights reserved.

 Configure Microsoft Entra ID

© Copyright Microsoft Corporation. All rights reserved.

Learning Objectives – Microsoft Entra ID

• Describe Microsoft Entra ID Benefits and

Features Manage Azure identities and governance
(20–25%): Manage Microsoft Entra ID users
• Describe Microsoft Entra ID Concepts and groups
• Compare Microsoft Entra ID to Active • Manage licenses
Directory Domain Services
• Configure self-service password reset
• Select Microsoft Entra ID Plans & Pricing (SSPR)
• Configure Device Identities (optional)
• Implement Self-Service Password Reset
• Learning Recap

© Copyright Microsoft Corporation. All rights reserved.

Describe Microsoft Entra ID Benefits and Features

A cloud-based suite of
identity management
capabilities that enables you
to securely manage access to
Azure services and resources
for your users

Provides application
management, authentication,
device management, and
hybrid identity

© Copyright Microsoft Corporation. All rights reserved.

Describe Microsoft Entra ID Concepts
Concept Description

Identity An object that can be authenticated

Account An identity that has data associated with it

Microsoft Entra ID
An identity created through Microsoft Entra ID or another Microsoft cloud service
account

A dedicated and trusted instance. A tenant is automatically created when your organization signs
up for a Microsoft cloud service subscription.

Tenant/directory • Additional instances can be created

• Microsoft Entra ID is the underlying product providing the identity service
• The term Tenant means a single instance representing a single organization
• The terms Tenant and Directory are often used interchangeably

Azure subscription Used to pay for Azure cloud services

© Copyright Microsoft Corporation. All rights reserved.

Compare Microsoft Entra ID to Active Directory Domain Services
Microsoft Entra ID is primarily an identity solution

Queried using the REST API over HTTP and HTTPS

Uses HTTP and HTTPS protocols such as SAML, WS-Federation, and OpenID Connect for
authentication (and OAuth for authorization)

Includes federation services, and many third-party services (such as Facebook)

Microsoft Entra ID users and groups are created in a flat structure, and there are no
Organizational Units (OUs) or Group Policy Objects (GPOs)

© Copyright Microsoft Corporation. All rights reserved.

Select Microsoft Entra ID Plans (examples)
Feature Free P1 P2 Governance
Single Sign-On (unlimited)   
Cloud and Federated authentication   
Advanced group management  
Self-service account management portal   
Multifactor authentication (MFA)   
Conditional access  
Risk-based Conditional Access (sign-in risk, user risk) 
Automated user and group provisioning to apps   
Privileged identity management (PIM)  

© Copyright Microsoft Corporation. All rights reserved.

Configure Device Identities (optional)
Registered devices Joined devices Hybrid joined devices

• Supports Bring Your Own Device • Intended for cloud-first or cloud- • You have Win32 apps deployed to
• Registered devices sign-in using a only organizations these devices
Microsoft account • Organization-owned devices • You want to continue to use Group
• Attached to an account granting • Joined only to Azure - Policy to manage the device
access to resources organizational account required • You want to use existing image
• Control using Mobile Device • Can use Conditional Access policies solutions to deploy devices
Management (MDM) tools like • OS – Windows 10+ devices • OS - Windows 7+ devices
Microsoft Intune
• OS – Windows 10+, iOS, Android,
and MacOS

© Copyright Microsoft Corporation. All rights reserved.

Implement Self-Service Password Reset

1. Determine who can use self-service

password reset

2. Choose the number of authentication

methods required and the methods
available (email, phone, questions)

3. You can require users to register for SSPR

(same process as MFA)

© Copyright Microsoft Corporation. All rights reserved.

 Learning Recap – Configure Microsoft Entra ID

• Understand Microsoft Entra ID

• Allow users to reset their password with self-service password
reset (sandbox)
• Implement and manage hybrid identity
Check your
knowledge
questions and
additional
study

© Copyright Microsoft Corporation. All rights reserved.

 Configure User and Group
Accounts

© Copyright Microsoft Corporation. All rights reserved.

Learning Objectives - User and Group Accounts

• Create User Accounts

Manage Azure identities and governance
• Manage User Accounts (20–25%): Manage Microsoft Entra ID
• Create Bulk Accounts (optional) users and groups

• Create Group Accounts • Create users and groups

• Manage user and group properties
• Assign Licenses to Users and Groups
• Manage external users
(extra topic)
• Manage licenses
• Create Administrative Units (optional)
• Demonstration – Users and Groups
• Summary and Resources

© Copyright Microsoft Corporation. All rights reserved.

Create User Accounts

All users must The account is used for Each user account has additional
have an account authentication and authorization properties

© Copyright Microsoft Corporation. All rights reserved.

Manage User Accounts

Must be Global
User profile Deleted users Sign in and audit
Administrator or User
(picture, job, contact can be restored log information
Administrator to
info) is optional for 30 days is available
manage users

© Copyright Microsoft Corporation. All rights reserved.

Perform bulk account updates (optional)

Create the comma-separated Must be signed in as a Global

Supports bulk user and group
values (CSV) template you administrator or User
member updates
can download from the Portal administrator

© Copyright Microsoft Corporation. All rights reserved.

Create Group Accounts

Group Types Membership Types

• Security groups • Assigned
• Microsoft 365 groups • Dynamic User
• Dynamic Device (Security groups only)

© Copyright Microsoft Corporation. All rights reserved.

Assign Licenses to Users and Groups

Azure is a cloud service that provides many built-in services for

free.
• Microsoft Entra ID comes as a free service
• Gain additional functionality with a P1 or P2 license

Additional Services (like O365 are paid cloud services)

• Microsoft paid cloud services require licenses
• Licenses are assigned to those who need access to the
services
• Each user or group requires a separate paid license
• Administrators use management portals and PowerShell
cmdlets to manage licenses

© Copyright Microsoft Corporation. All rights reserved.

Create Administrative Units (optional)

Create an administrative unit

Populate the administrative unit with users or

groups

Create a role with appropriate permissions scoped

to the administrative unit

Microsoft Entra ID P1 or P2
Add IT members to the role
Privileged Role Administrator or
Global Administrator

© Copyright Microsoft Corporation. All rights reserved.

Demonstration – Users and Groups

• Review license and domain information

• Explore user accounts
• Explore group accounts

© Copyright Microsoft Corporation. All rights reserved.

 Learning Recap – Configure User and Group Accounts

• Create Azure users and groups in Microsoft Entra ID

• Manage users and groups

Check your
knowledge
questions and
additional
study

© Copyright Microsoft Corporation. All rights reserved.

 Lab - Manage Microsoft Entra ID
Identities

© Copyright Microsoft Corporation. All rights reserved.

 Lab 01 – Manage Microsoft Entra ID Identities (Lab simulation)

Job Skills
In this lab, you learn about users Task 1: Create and configure user accounts.
and groups.
Task 2: Create groups and add members.
Users and groups are the basic
building blocks for an identity
solution.
You create a new user and invite
a guest user.
You also create a group and add
a member and owner.

Next slide for an architecture diagram

© Copyright Microsoft Corporation. All rights reserved.
Lab 01 – Manage Entra ID Identities

Task 1

Task 2

© Copyright Microsoft Corporation. All rights reserved.

Lab 01 – Manage Entra ID Identities (interactive lab simulation)

Task 2 Task 3

Task 4

Task 1

© Copyright Microsoft Corporation. All rights reserved.

 End of presentation

© Copyright Microsoft Corporation. All rights reserved.