Managing Identity

Session Detail:    Classroom 1 Day

This 1-day Instructor-led security workshop provides discussion and practical hands-on training for Managing Identity. You will learn about some generic principles of identity management as one of the primary lines of defense against internal and external cyber-attacks. The workshop covers the most common attacks against Active Directory and countermeasures reducing the attack surface. It also contains recommendations for recovery in the event of a complete compromise. You will explore in more detail the functionality of Active Directory, focusing in particular on Kerberos-based authentication, including the Windows components that play an essential role in the authentication process. The workshop covers the underlying technology which will help you with identifying the most effective approach to protecting your Active Directory environment. In addition, the workshop provides an overview of Privileged Access Management, in which sample implementation is the subject of the lab of this course. The workshop will also provide an overview of Azure Active Directory (Azure AD) and illustrates how to leverage its capabilities in order to enhance identity protection and to consolidate identity management in hybrid scenarios.


This workshop is part of a larger series of Workshops offered by Microsoft on the practice of Security. While it is not required that you have completed any of the other courses in the Security Workshop series before taking this workshop, it is highly recommended that you start with the first course in the series, Microsoft Security Workshop: Enterprise Security Fundamentals.
This workshop requires that you meet the following prerequisites:

In addition to their professional experience, students who take this training should already have the following technical knowledge:

  • Experience with Windows Client administration, maintenance, and troubleshooting.
  • Basic experience and understanding of Windows networking technologies, including Windows Firewall network setting, DNS, DHCP, WiFi, and cloud services concepts.
  • Basic experience and understanding of Active Directory, including functions of a domain controller, sign-on services, and an understanding of group policy.
  • Knowledge of and relevant experience in systems administration, using Windows Server 2012 R2 and 2016.

Learners who take this training can meet the prerequisites by obtaining equivalent knowledge and skills through practical experience as a Security Administrator, System Administrator, or Network Administrator.
Windows PowerShell will be the tool of choice when implementing features in this course. Learners should have a good foundation in accessing and using simple Windows PowerShell commands. This knowledge can be obtained in INF210x, Windows PowerShell Basics on

Who Can Benefit

This course is intended for IT Professionals that require a deeper understanding of Windows Security that wish to increase their knowledge level through a predominately hands-on experience with Active Directory DS & Azure Active Directory.

Session Outline

Class Outline

Module 1: Managing Identity

  • Lesson 1: Identity Management, the new Control Plane
  • Lesson 2: Securing Privileged Access (SPA)

After completing this module, students will be able to:

  • Explain the concept of Identity as a control plane
  • Describe the basic characteristics of Identity Management
  • Explain the premise of Securing Privileged Access (SPA)
  • Identify three stages of the SPA roadmap

Module 2: Securing Active Directory

  • Lesson 1: Introduction to Active Directory Domain Services (AD DS)
  • Lesson 2: Protecting AD DS

After completing this module, students will be able to:

  • Identify primary reasons for using an up-to-date operating system and antimalware software
  • Recommend approach to fixing misconfigured infrastructure components
  • Describe factors that contribute to reducing the attack surface of Active Directory
  • Advise the proper approach to auditing and monitoring Active Directory
  • Explain the premise of planning for compromise
  • List the best practices for maintaining a more secure environment.

Module 3: Active Directory and Privileged Access Management

  • Lesson 1: Authentication and authorization in Active Directory Domain Services (AD DS)
  • Lesson 2: Privileged Access Management

After completing this module, you will be able to:

  • Describe Kerberos-based authentication and authorization
  • Explain the architecture and the role of the Security Support Provider Interface
  • Describe the sign-on sequence for domain-joined clients
  • Identify user login steps
  • Provide characteristics of local and domain logons
  • Provide characteristics of smart card logons
  • Provide characteristics of biometrics logons
  • Describe ESEA characteristics
  • Provide an overview of MIM
  • Explain the benefits of JIT administration and PAM

Module 4: Azure Active Directory

  • Lesson 1: Introduction to Azure AD
  • Lesson 2: Microsoft cloud security components


After completing this module, students will be able to:

  • Describe features of Azure AD editions
  • List the benefits of Azure AD Identity Protection
  • Describe core Microsoft cloud security features
  • Explain the primary characteristics of SSO
  • Explain the SSO mechanism when authenticating to cloud-based applications
  • Explain the SSO mechanism when authenticating to on-premises applications
  • Describe the features of Azure MFA
  • Provide use cases for Azure Key Vault
  • Describe the principles of RBAC
  • Describe the role and components of Azure AD Connect
  • Choose an Azure AD integration option most suitable in a given scenario

Need to train your team?

All of our sessions can be customized to meet your team’s specific need. Build the perfect program by picking and choosing topics from any of the courses in our catalog. A personalized private session gives you the ultimate flexibility and helps maximize your team’s valuable time!

Requesting Team Training
DateTimeTypePriceAdd To Cart

Managing Identity

1 Day


Chat with a Coach

Chat with a Coach

Have a more immediate need? Why spend the next hour searching online for answers when you can spend just 15 minutes with one of our experts and get accurate and personalized answers to all of your questions. 

$9.99 | 15 Minutes

Book Now