Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 45 views

    Mod 10 A - Lab - Self-Service Password Reset

    Uploaded by

    jacob600
    1. The document describes exercises for managing Azure Active Directory (Azure AD) users and groups, including enabling self-service password reset functionality. 2. The exercises include creating a new Azure AD tenant, activating an Azure AD Premium trial, creating users and assigning them licenses, configuring groups, and enabling self-service password reset. 3. The objectives are to learn how to manage Azure AD users and groups and Azure AD-integrated SaaS applications.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Mod 10 A - Lab - Self-Service Password Reset

    Uploaded by

    jacob600
    45 views7 pages
    1. The document describes exercises for managing Azure Active Directory (Azure AD) users and groups, including enabling self-service password reset functionality. 2. The exercises include creating a new Azure AD tenant, activating an Azure AD Premium trial, creating users and assigning them licenses, configuring groups, and enabling self-service password reset. 3. The objectives are to learn how to manage Azure AD users and groups and Azure AD-integrated SaaS applications.

    Original Title

    Mod 10 a - Lab - Self-Service Password Reset

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    1. The document describes exercises for managing Azure Active Directory (Azure AD) users and groups, including enabling self-service password reset functionality. 2. The exercises include creating a new Azure AD tenant, activating an Azure AD Premium trial, creating users and assigning them licenses, configuring groups, and enabling self-service password reset. 3. The objectives are to learn how to manage Azure AD users and groups and Azure AD-integrated SaaS applications.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    45 views7 pages

    Mod 10 A - Lab - Self-Service Password Reset

    Uploaded by

    jacob600
    1. The document describes exercises for managing Azure Active Directory (Azure AD) users and groups, including enabling self-service password reset functionality. 2. The exercises include creating a new Azure AD tenant, activating an Azure AD Premium trial, creating users and assigning them licenses, configuring groups, and enabling self-service password reset. 3. The objectives are to learn how to manage Azure AD users and groups and Azure AD-integrated SaaS applications.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 7

    1/25/2021 AZ-103-MicrosoftAzureAdministrator

    Scenario
    Lab: Self-Service Password Reset
    All tasks in this lab are performed from the Azure portal
    Objectives

    Lab files: none


    Exercise 1:
    Manage Azure
    AD users and
    Scenario
    groups

    Adatum Corporation wants to take advantage of Azure AD Premium features


    Exercise 2:
    Manage Azure
    AD-integrated
    SaaS
    Objectives
    applications
    After completing this lab, you will be able to:

    Manage Azure AD users and groups

    Manage Azure AD-integrated SaaS applications

    Exercise 1: Manage Azure AD users and groups

    The main tasks for this exercise are as follows:

    1. Create a new Azure AD tenant

    2. Activate Azure AD Premium v2 trial

    3. Create and configure Azure AD users

    4. Assign Azure AD Premium v2 licenses to Azure AD users

    5. Manage Azure AD group membership

    6. Configure self-service password reset functionality

    7. Validate self-service password reset functionality

    Task 1: Create a new Azure AD tenant

    1. From the lab virtual machine, start Microsoft Edge, browse to the Azure portal at http://portal.azure.com
    and sign in by using a Microsoft account that has the Owner role in the Azure subscription you intend to
    use in this lab.

    2. In the Azure portal, navigate to the New blade.

    3. From the New blade, search Azure Marketplace for Azure Active Directory.

    4. Use the list of search results to navigate to the Create directory blade.

    5. From the Create directory blade, create a new Azure AD tenant with the following settings:

    Organization name: AdatumLab100-5b

    Initial domain name: a unique name consisting of a combination of letters and digits.

    Country or region: United States

    ❕ Note: Take a note of the initial domain name. You will need it later in this lab.

    Task 2: Activate Azure AD Premium v2 trial

    1. In the Azure portal, set the Directory + subscription filter to the newly created Azure AD tenant.

    https://microsoftlearning.github.io/AZ-103-MicrosoftAzureAdministrator/Instructions/Labs/10b - Self-Service Password Reset (az-100-05b).html 1/7


    1/25/2021 AZ-103-MicrosoftAzureAdministrator

    ❕ Note: The Directory + subscription filter appears to the right of the Cloud Shell icon in the toolbar of the Azure
    portal

    ❕ Note: You might need to refresh the browser window if the AdatumLab100-5b entry does not appear in the
    Directory + subscription filter list.

    2. In the Azure portal, navigate to the AdatumLab100-5b - Overview blade.

    3. From the AdatumLab100-5b - Overview blade, navigate to the Licenses - Overview blade.

    4. From the Licenses - Overview blade, navigate to the Products blade.

    5. From the Licenses - All products blade, click Try/Buy. Under Azure AD Premium P2 expand Free trial,
    and then click Activate.

    Task 3: Create and configure Azure AD users

    1. In the Azure portal, navigate to the Users - All users blade of the AdatumLab100-5b Azure AD tenant.

    2. From the Users - All users blade, create a new user with the following settings:

    User name: aaduser1@<DNS-domain-name>.onmicrosoft.com where <DNS-domain-name>


    represents the initial domain name you specified in the first task of this exercise.

    ❕ Note: Take a note of this user name. You will need it later in this lab.

    Name: aaduser1

    Password: select the checkbox Show Password and note the string appearing in the Password text
    box. You will need it later in this lab.

    Groups and roles:

    Groups: 0 groups selected

    Roles: User

    Settings:

    Usage location: United States

    ❕ Note: In order to assign Azure AD Premium v2 licenses to Azure AD users, you first have to set their
    location attribute.

    Job info:

    Department: Sales

    3. From the Users - All users blade, create a new user with the following settings:

    User name: aaduser2@<DNS-domain-name>.onmicrosoft.com where <DNS-domain-name>


    represents the initial domain name you specified in the first task of this exercise.

    ❕ Note: Take a note of this user name. You will need it later in this lab.

    Name: aaduser2

    Password: select the checkbox Show Password and note the string appearing in the Password text
    box. You will need it later in this lab.

    https://microsoftlearning.github.io/AZ-103-MicrosoftAzureAdministrator/Instructions/Labs/10b - Self-Service Password Reset (az-100-05b).html 2/7


    1/25/2021 AZ-103-MicrosoftAzureAdministrator

    Groups and roles:

    Groups: 0 groups selected

    Roles: User

    Settings:

    Usage location: United States

    ❕ Note: In order to assign Azure AD Premium v2 licenses to Azure AD users, you first have to set their
    location attribute.

    Job info:

    Department: Finance

    Task 4: Assign Azure AD Premium v2 licenses to Azure AD users

    1. Return to the Users - All users blade, navigate to the aaduser1 - Licenses blade and assign to the user an
    Azure Active Directory Premium P2 license with all licensing options enabled.

    2. Return to the Users - All users blade, navigate to the aaduser2 - Licenses blade and assign to the user an
    Azure Active Directory Premium P2 license with all licensing options enabled.

    3. Return to the Users - All users blade, navigate to the Profile entry of your user account and set the Usage
    location to United States.

    ❕ Note: In order to assign Azure AD Premium v2 licenses to Azure AD users, you first have to set their location attribute.

    4. Navigate to Licenses blade of your user account and assign to it an Azure Active Directory Premium P2
    license with all licensing options enabled.

    5. Sign out from the portal and sign back in using the same account you are using for this lab.

    ❕ Note: This step is necessary in order for the license assignment to take effect.

    Task 5: Manage Azure AD group membership

    1. In the Azure portal, navigate to the Groups - All groups blade of the AdatumLab100-5b directory.

    2. From the Groups - All groups blade, create a new group with the following settings:

    Group type: Security

    Group name: Sales

    Group description: All users in the Sales department

    Membership type: Dynamic User

    Owners: No owners selected

    Dynamic user members:

    Click Add dynamic query and create a rule with the following settings:

    Property: department

    Operator: Equals

    Value: Sales

    3. From the Groups - All groups blade, create a new group with the following settings:

    https://microsoftlearning.github.io/AZ-103-MicrosoftAzureAdministrator/Instructions/Labs/10b - Self-Service Password Reset (az-100-05b).html 3/7


    1/25/2021 AZ-103-MicrosoftAzureAdministrator

    Group type: Security

    Group name: Sales and Finance

    Group description: All users in the Sales and Finance departments

    Membership type: Dynamic User

    Owners: No owners selected

    Dynamic user members:

    Click Add dynamic query and create a rule with the following settings:

    Property: department

    Operator: Equals

    Value: Sales

    Click Add expression

    And/Or: Or

    Property: department

    Operator: Equals

    Value: Finance

    ❕ Note: The Rule syntax should show: (user.department -eq “Sales”) or (user.department -eq
    “Finance”)

    4. From the Groups - All groups blade, navigate to the blades of Sales and Sales and Finance groups, and
    note that the group membership evaluation is in progress. Wait until the evalution completes, then
    navigate to the Members blade, and verify that the group membership is correct.

    Task 6: Configure self-service password reset functionality

    1. In the Azure portal, navigate to the AdatumLab100-5b - Overview blade.

    2. From the AdatumLab100-5b - Overview blade, navigate to the Password reset - Properties blade.

    3. On the Password reset - Properties blade, configure the following settings:

    Self service password reset enabled: Selected

    Selected group: Sales

    4. From the Password reset - Properties blade, navigate to the Password reset - Authentication methods
    blade, configure and save the following settings:

    Number of methods required to reset: 1

    Methods available to users:

    Email

    Mobile phone

    Security questions

    Number of security questions required to register: 5

    Number of security questions required to reset: 3

    Select security questions: select Predefined and add any combination of 5 predefined security
    questions

    https://microsoftlearning.github.io/AZ-103-MicrosoftAzureAdministrator/Instructions/Labs/10b - Self-Service Password Reset (az-100-05b).html 4/7


    1/25/2021 AZ-103-MicrosoftAzureAdministrator

    5. From the Password reset - Authentication methods blade, navigate to the Password reset -
    Registration blade, and ensure that the following settings are configured:

    Require users to register when signing in?: Yes

    Number of days before users are asked to re-confirm their authentication information: 180

    Task 7: Validate self-service password reset functionality

    1. Open an InPrivate Microsoft Edge window.

    2. In the new browser window, navigate to the Azure portal and sign in using the aaduser1 user account.
    When prompted, change the password to a new value.

    ❕ Note: You will need to provide a fully qualified name: aaduser1@<DNS-domain-name>.onmicrosoft.com where
    <DNS-domain-name> represents the initial domain name you specified in the first task of this exercise.

    3. When prompted with the More information required message, click Next to continue to the don’t lose
    access to your account page.

    4. On the don’t lose access to your account page, note that you need to set up at least one of the following
    options:

    Authentication Phone

    Authentication Email

    Security Questions

    5. From the don’t lose access to your account page, configure answers to 5 security questions you selected
    in the previous task

    ❕ Note: Take note of these answers; You will need them in the next steps.

    6. Verify that you successfully signed in to the Azure portal.

    7. Sign out as aaduser1 and close the InPrivate browser window.

    8. Open an InPrivate Microsoft Edge window.

    9. In the new browser window, navigate to the Azure portal and, on the Pick an account page, type in:
    aaduser1@<DNS-domain-name>.onmicrosoft.com where <DNS-domain-name> represents the initial
    domain name you specified in the first task of this exercise.

    10. On the Enter password page, click the Forgot my password link.

    11. On the Get back into your account page, verify the User ID, enter the characters in the picture or the
    words in the audio, and proceed to the next page.

    12. On the next page, provide answers to three security questions using answers you specified in the previous
    task.

    13. On the next page, enter twice a new password and complete the password reset process.

    14. Verify that you can sign in to the Azure portal by using the newly reset password.

    15. Sign out as aaduser1 and close the InPrivate browser window.

    ❕ Result: After you completed this exercise, you have created a new Azure AD tenant, activated Azure AD Premium v2 trial,
    created and configured Azure AD users, assigned Azure AD Premium v2 licenses to Azure AD users, managed Azure AD
    group membership, as well as configured and validated self-service password reset functionality

    Exercise 2: Manage Azure AD-integrated SaaS applications


    https://microsoftlearning.github.io/AZ-103-MicrosoftAzureAdministrator/Instructions/Labs/10b - Self-Service Password Reset (az-100-05b).html 5/7
    1/25/2021 AZ-103-MicrosoftAzureAdministrator

    The main tasks for this exercise are as follows:

    1. Add an application from the Azure AD gallery

    2. Configure the application for a single sign-on

    3. Assign users to the application

    4. Validate single sign-on for the application

    Task 1: Add an application from the Azure AD gallery

    1. In the Azure portal, navigate to the AdatumLab100-5b - Overview blade.

    2. From the AdatumLab100-5b - Overview blade, navigate to the Enterprise applications - All
    applications blade.

    3. From the Enterprise applications - All applications blade, click New application.

    4. On the Add an application blade, search the application gallery for the Microsoft OneDrive.

    5. Use the list of search results to navigate to the Microsoft OneDrive add app blade and add the app.

    Task 2: Configure the application for a single sign-on

    1. On the Microsoft OneDrive - Overview blade, select Set up single sign on.

    2. On the Microsoft OneDrive - Single sign-on blade, select the Password-based option and Save the
    configuration.

    Task 3: Assign users to the application

    1. Navigate to the Microsoft OneDrive - Overview blade and click Assign users and groups

    2. From the Users and groups blade for Microsoft OneDrive, navigate to the Add Assignment blade and
    add the following assignment:

    Users and groups: Sales and Finance

    Select role: Default access

    Assign Credentials:

    Assign credentials to be shared among all group members: Yes

    loginfmt: the name of the Microsoft Account you are using for this lab

    passwd: the password of the Microsoft Account you are using for this lab

    3. Sign out from the Azure portal and close the Microsoft Edge window.

    Task 4: Validate single sign-on for the application

    1. Open a Microsoft Edge window.

    2. In the Microsoft Edge window, navigate to the Application Access Panel at http://myapps.microsoft.com
    and sign in by using the aaduser2 user account. When prompted, change the password to a new value.

    ❕ Note: You will need to provide a fully qualified name: aaduser2@<DNS-domain-name>.onmicrosoft.com where
    <DNS-domain-name> represents the initial domain name you specified in the first task of this exercise.

    3. On the Access Panel Applications page, click the Microsoft OneDrive icon.

    4. When prompted, add the My Apps Secure Sign-in Extension and enable it, including the Allow for
    InPrivate browsing option.

    https://microsoftlearning.github.io/AZ-103-MicrosoftAzureAdministrator/Instructions/Labs/10b - Self-Service Password Reset (az-100-05b).html 6/7


    1/25/2021 AZ-103-MicrosoftAzureAdministrator

    5. Navigate again to the Application Access Panel at http://myapps.microsoft.com and sign in by using the
    aaduser2 user account.

    6. On the Access Panel Applications page, click the Microsoft OneDrive icon.

    7. Verify that you have successfully accessed the Microsoft OneDrive application without having to re-
    authenticate.

    8. Sign out from the Application Access Panel and close the Microsoft Edge window.

    ❕ Note: Make sure to launch Microsoft Edge again, browse to the Azure portal, sign in by using the Microsoft account
    that has the Owner role in the Azure subscription you were using in this lab, and use the Directory + subscription
    filter to switch to your Default Domain Azure AD tenant once you complete this lab.

    ❕ Result: After you completed this exercise, you have added an application from the Azure AD gallery, configured the
    application for a single sign-on, assigned users to the application, and validated single sign-on for the application.

    Exercise 3: Remove lab resources

    Task 1: Remove Azure AD tenant

    1. In the Azure portal, sign in to the Azure AD tenant you created in this lab as the user account you used to
    provision it.

    2. Cancel and then delete the Premium P2 licenses. (Note that it make take up to 72 hours for this change to
    take effect.)

    3. Cancel and delete the AAD P2 trial using the store for businesses at https://go.microsoft.com/fwlink/?
    linkid=2101580 (note that this will required a work or school account in the Azure AD tenant).

    4. Delete all managed Azure AD user accounts.

    5. Delete all Azure AD groups.

    6. Delete all Enterprise App Registrations.

    7. Delete the Azure AD tenant. (Note that this cannot be done until the deletion of the licenses takes effect.)

    https://microsoftlearning.github.io/AZ-103-MicrosoftAzureAdministrator/Instructions/Labs/10b - Self-Service Password Reset (az-100-05b).html 7/7

    You might also like