Manage Identity and Access - Hands-on Lab
Lab
Intermediate
4 h 0 m
2020-03-12
Pausable for 11 hours
Lab Overview
In this hands-on lab, you will learn how to use Azure Privileged Identity Management (PIM) to enable just-in-time administration and control the number of users who can perform privileged operations. You will also learn about the different directory roles available as well as newer functionality that includes PIM being expanded to role assignments at the resource level. 

Related Learning Path(s):
MS - 500 Security Administration with Microsoft 365
Objectives
  • Create users and groups in Azure AD
  • Configure Azure AD Privileged Identity Management (PIM)
  • Configure Azure AD roles
  • Activate and deactivate PIM roles
  • Understand how to audit and configure PIM workflows
Pre-Requisites
  • Fundamentals of Microsoft 365 and Azure AD User and Group Management
  • Fundamentals of Azure AD Privileged Identity Management (PIM)
Exercises
In this exercise, you will learn how to use Azure Privileged Identity Management (PIM) to enable just-in-time administration and control the number of users who can perform privileged operations. You will also learn about the different directory roles available as well as newer functionality that includes PIM being expanded to role assignments at the resource level.
In this exercise, you will configure Azure AD roles for your users.
In this exercise, you will learn how to activate, deactivate, use and approve use of Azure Active Directory roles using Azure AD Privileged Identity Management.
In this exercise, you will learn how to start and complete an access review for Azure AD Users using Privileged Identity Management (PIM).
In this exercise, you will learn how to configure resource workflows to approve and deny role requests using Azure AD Privileged Identity Management (PIM).
You can use the Azure Active Directory (Azure AD) Privileged Identity Management (PIM) audit history to see all the role assignments and activations within the past 30 days for all privileged roles. If you want to see the full audit history of activity in your directory, including administrator, end user, and synchronization activity, you can use the Azure Active Directory security and activity reports.
In this exercise, you will implement identity synchronization between your Microsoft 365 tenant accounts and your local active directory accounts.
In this exercise, you will learn how to create the required conditional access policy for your scenario.
In this exercise you will configure a conditional access policy enabling Azure Multi-Factor Authentication (Azure MFA) when logging in to the Azure portal. The policy is deployed to and tested on a specific group of pilot users. Deployment of Azure MFA using conditional access provides significant flexibility for organizations and administrators compared to the traditional enforced method.
Real-Time Lab
Not Registered?
Create Account
Already Registered?
Login
What are Labs?

Labs provide a live environment to get hands-on experience using the same tools and services in the real world.


Learn More