Microsoft Entra ID Lab

Cloud & Hybrid Identity Provisioning | Conditional Access | Automation

โฌ… Back to Enterprise IAM Lab Overview

๐Ÿ“– Overview

This module simulates cloud identity provisioning and access management using Microsoft Entra ID (formerly Azure AD). It includes hands-on demonstrations of cloud-only user creation, hybrid sync from on-prem Active Directory, group-based license assignment, and Conditional Access policies.

๐Ÿ“š What This Covers

Tenant Configuration & Delegation

Roles, custom roles, and delegated administration.

User & Group Provisioning

Manual, bulk, PowerShell, and dynamic group automation.

External Identities

B2B/B2C configuration and guest lifecycle management.

Hybrid Identity

Azure AD Connect sync, PHS/PTA, SSO, password writeback, monitoring.

Authentication & MFA

MFA, Windows Hello, self-service password reset.

Conditional Access

Device compliance, session controls, risk-based conditions.

Identity Protection

User & sign-in risk detection with automated remediation.

Azure RBAC & Resource Access

Managed identities, Key Vault, role assignments.

Enterprise App Integrations

App registrations, SSO, permissions, SCIM provisioning.

Identity Governance

PIM, access packages, reviews, and break-glass accounts.

Monitoring & Reporting

Sentinel, logs, workbooks, and security analytics.

Global Secure Access

Internet Access, Private Access, and network-level CA.

๐Ÿ“ Lab Sections

Initial Tenant Configuration & Roles

Configure custom domains, assign built-in & custom roles, delegate admins, and manage tenant-wide settings.

View Walkthrough

User & Group Provisioning

Create users and groups manually, via CSV, or PowerShell. Assign licenses and configure dynamic groups.

View Walkthrough

External Identities (B2B/B2C)

Invite external users, configure collaboration, social & SAML identity providers, and manage guest lifecycle.

View Walkthrough

Hybrid Identity with Entra Connect

Plan, install, and manage Entra Connect. Configure PHS/PTA, seamless SSO, password writeback, and monitoring.

View Walkthrough

Authentication Methods & SSPR

Enable MFA, FIDO2, Windows Hello, self-service password reset, and tenant restrictions.

View Walkthrough

Conditional Access

Plan and implement security defaults and Conditional Access policies with MFA, device compliance, and session management.

View Walkthrough

Identity Protection

Configure user & sign-in risk policies, monitor risky users, and integrate Microsoft Defender for Identity.

View Walkthrough

Enterprise App Integrations & Registration

Configure gallery apps, custom apps, app proxy, token customization, SCIM provisioning, and monitoring.

View Walkthrough

Identity Governance

Implement access packages, terms of use, access reviews, PIM, and emergency access accounts.

View Walkthrough

Monitoring & Reporting

Review sign-in and audit logs, diagnostic logs, and use workbooks/Sentinel dashboards.

View Walkthrough

Global Secure Access

Configure Internet & Private Access, remote networks, and Conditional Access for network resources.

View Walkthrough

๐Ÿ›  Tools Used

Admin Portals: Microsoft Entra Admin Center, Microsoft 365 Admin Center
Command-line & Scripting: PowerShell (AzureAD & MSOnline modules)
Infrastructure: Azure AD Connect, On-Prem Windows Server (Hyper-V or VirtualBox)

๐Ÿ”— Related Labs

This lab assumes the on-prem AD forest and OU structure covered in the Active Directory Lab.