AZ-303: Microsoft Azure Architect Technologies Certification Video Training Course
AZ-303: Microsoft Azure Architect Technologies Certification Video Training Course includes 93 Lectures which proven in-depth knowledge on all key concepts of the exam. Pass your exam easily and learn everything you need with our AZ-303: Microsoft Azure Architect Technologies Certification Training Video Course.
Curriculum for Microsoft Azure Architect AZ-303 Certification Video Training Course
AZ-303: Microsoft Azure Architect Technologies Certification Video Training Course Info:
The Complete Course from ExamCollection industry leading experts to help you prepare and provides the full 360 solution for self prep including AZ-303: Microsoft Azure Architect Technologies Certification Video Training Course, Practice Test Questions and Answers, Study Guide & Exam Dumps.
Azure Active Directory, or Azure AD, is Microsoft's multitenant cloud-based directory and identity management service. Azure AD provides an affordable, easy-to-use solution to give employees and business partners single-sign access to thousands of cloud SAS applications such as Office 365, Salesforce.com, Dropbox, and more. For app developers, Azure Ad lets you focus on building your application by making it fast and simple to integrate with world-class identity management solutions used by millions of organisations around the world. Jeremy also includes a full suite of identity management capabilities, including multifactor authentication, device registration, self service password management, self service group management, privileged account management, role-based access control, and many more. Additionally, Azure AD can be integrated with an existing Windows Server Active Directory, which gives organisations the ability to leverage their existing on-premises directory to manage their cloud-based SaaS applications. There are a number of benefits to using Azure Active Directory, and these include single sign on. So Azure Active Directory provides secure single-sign-on to cloud and on-premise applications. It works with iOS, MacOS, Android, and Windows devices. You can use it to access your on-premise web applications from everywhere and protect those with multifactor authentication and conditional access policies. You can connect Active Directory to other on-premise directories with just a few clicks and maintain a consistent set of users, groups, and passwords. You can use it to protect sensitive data and applications. And finally, it helps reduce costs and enhance security with your self-service capabilities. An additional component to Azure Directory is Azure Directory Domain Services, or Adds. This is a more traditional deployment of Windows server-based Active Directory and is an alternative to using a physical or virtual server running as a domain controller. Although AD DS is commonly considered to be primarily a directory service, it's actually just one component of the Windows Active Directory suite of technologies. It's important to understand, however, that Azure AD is different from Azure Directory domain services. The easiest way to consider it is that Azure Active Directory is primarily for the cloud and supports cloud technologies, whereas Azure Active Directory Domain Services is your more traditional on-premise solution. An important difference to remember is that with Azure Active Directory, you can't, for example, join services to that domain. If you want to be able to join services to a domain, then you need to leverage Azure Active Directory domain services. Other distinctions between Azure AD and AD DS are as follows: First, Azure Active Directory is an identity solution. It's designed for Internet-based applications, and it uses HTTP and HTTPS for communications. Because it's HTTP and HTTPS-based, it can't be queried in LDAP instead. Azure Active Directory. uses the Rest APIs. This in turn means that AzureRed does not use Kerberos authentication. Again. It uses HTTP and HTTPS protocols such as SAML, WS, Federation, and Open ID Connect for authentication. Azure AD also includes Federation services, and many third-party services can be used to hook into this, for example, by leveraging Facebook authentication systems. Azure Active Directory users and groups are also created in a flat structure, unlike Azure Adds, where you can have organisational units and group policy objects. However, Azure Active Directory is a managed service, which means you only need to manage the users, groups, and policies. Deploying AD DS with virtual machines using Azure means you have to manage the deployment configuration of virtual machines and the patching, etc.
Azure Active Directory comes in four different editions for free. Basic Premium P One and Premium P Two The Free Edition is really designed as an introduction to Azure Active Directory. However, it does include common features such as directory objects, user and group management, single sign-on, self service, password change, on-premises connectivity, security, and usage reports. The basic version is more for taskworkers with CloudFirst needs, so this addition provides cloud-centric application access and self-service identity management solutions. With the Basic Edition of Azure ActiveDirector, you get productivity-enhancing and cost-reducing features like group-based access management. Premium P One is designed to empower organisations with more demanding identity and access management needs. The Premium Edition adds feature-rich enterprise-level identity management capabilities and enables hybrid users to seamlessly access on-premises and cloud capabilities. This edition includes everything you need for informational work on identity administrators in hybrid environments across application access, self-service identity, and access management. Finally, the P-2 edition includes everything in all the other editions with enhanced identity protection and privilege management capabilities. Because of all the different options involved, it can be difficult to understand which one you need. The following shows a breakdown of the features that are important, especially for the exam. This is made available as part of the downloads. However, the important ones to realise and really look out for are the different capabilities provided by the premium features, especially with P Two.Some of the questions will revolve around which edition you would need in order to support certain feature sets such as identity protection or privileged access management.
Azure Active Directory uses something called ad tenants. A tenant is a dedicated instance of an Azure AD directory, which is created for you when you sign up for the Microsoft Cloud service. It's important to note a "tenant" is not the same as a "subscription." A subscription is typically tied to a credit card for billing, whereas a tenant is an instance of Active Directory. You can have multiple tenants in your organisation, so for example, you would have to have contosoone.com and contoso two.com.Each tenant, or Jura instance, is distinct from other Ages in your company's Did directories. These different tenants could allow for different functions. So for example, you could have a tenant for Office 365, another tenant for a testing environment, and another environment for production. A tenant houses the users in the company and the information about them, i.e. their passwords, user profiles, permissions, and so on. It also contains groups, applications, and other information pertaining to an organisation and its security. Because they are distinct, it is critical to understand that if you create a resource in one tenant, it has no effect on any other tenant. And if you use one of your domains with one of those tenants, it can't be used with another one. An optional feature with the Geo Active Directory is something known as Azure AD Connect. Azure AD Connect will integrate your on-premise directories with Azure Active Directory. This allows you to provide a common identity for users for Office 365, Azure, and SAS applications that integrate with Azure AD. Azure AD provides the following features Passwordhash Synchronization, which is a signing method that synchronises the hashes of users on premise, Ad password within Azure Ads Passthrough authentication is a signing method that allows users to use the same password on premises and in the cloud, but doesn't require the additional infrastructure of a federated environment. Federation integration is an optional part of AdConnect that can be used to configure a hybrid environment using an on-premise ADFS system. It also provides ADFS management capabilities such as certificate renewal and additional ADFS server deployments. Azure Ad Connect Health can provide robust monitoring and provide a central location in the Azure Portal. To view all these activities, let's look in more detail at some of these options. The probability that you're blocked from getting your work done is often due to forgotten passwords and is often related to the fact that you can have so many different passwords that you need to remember. The more passwords you have to remember, the higher the probability that you're going to forget one. Questions and calls about password resets and other password-related issues demand the most helpdesk resources in most organizations.
Therefore, Azure ads offer password synchronisation between your on-premises ads and Azure. It's a hash synchronisation feature that synchronizes the password from the two different directories, and you can use this feature to sign into Azure AD services like Office 365 and Azure Ad. You can sign into the service using the same username and password as you use to sign into your on-premises Active Directory instance. In the background, the Password Synchronization component takes the user's password hash from an on-premise directory, encrypts it, and then passes it as a string into Azure. Azure decrypts the encrypted hash and stores the password hash as a user attribute in AD. So then, when a user signs into an Azure service, the Signing Challenge dialogue box generates a hash of your password as they enter it and passes that back to Azure. Azure then compares the hash with the one in the user's account. If the two hashes match, then the passwords also match and the user receives access. It's important to understand that this is the same sign-in and not a single sign-on. The user is still authenticating against two separate directories, it's just that the details are in sync. An alternative solution is pass-through authentication. This provides the same benefit of cloud authentication to organizations, except it allows users to assign to both on-premises and cloud-based apps using the same account and passwords. In this scenario, when a user signs into Azure AD, the details are actually passed through to the organization's on-premise Active Directory.
The main benefit of this is that it supports signing in all web browser applications and in office client applications. Signing usernames can be either the on-premises default username or another attribute configured in Azure AD Connect. Known as the Alternate ID, it works seamlessly with conditional access features such as multifactor authentication, and it integrates with cloud-based service password management, including password writebacks to on-premise Active Directory and password protection by banning commonly used passwords. So having a cloud-based password reset utility is great, but most companies still have on-premises directories where they exist. So password writeback is a feature that enables Azure AdConnect to send password changes from the cloud to be written back to the on-premises directory in real time. Finally, another alternative is federation with Azure AD. A federation is a collection of domains that have established trusts. The level of trust may vary, but typically includes authentication and almost always includes authorization. A typical federation might include a number of organisations that have established trust for shared access to a set of resources. You can federate your on-premise environment with Azure AD and use this federation for authentication and authorization. This sign-in method ensures that all user authentication occurs on premises. This method allows administrators to implement more rigorous levels of access control. When you integrate your on-premises directories with AzureAD, regardless of the method you use, your users are more productive because there's a common identity to access both cloud and on-premises resources. However, this integration creates the challenge of ensuring that this environment is healthy so that users can reliably access resources both on premise and in the cloud from any device. With this in mind, Azure AD Connect Health helps you monitor and gain insights into ADFS servers. Azure Ad Connect and Ad Domain controllers. Monitor and gain insights into the synchronizations that occur between your on-premise ad and Azure ad, and monitor and gain insights into your on-premise identity infrastructure that is used to access Office 365 and other Azure ad connections. Azure Ad Connect Health works by installing an agent on each of your on-premise sync servers. In the next lecture, we'll have a rundown of some of these options and how we actually set them up within the portal.
Okay, let's have a walkthrough of the Azure Active Directory. We can either select the link from here or, if we're not on this home page, go to the menu and Azure Active Directory. You can see some basic information here. The first is that we are currently on the free Azure AD tier, which, as we discussed earlier, limits certain functionality that we can achieve. So we'll shortly upgrade this to a premium tier. First of all, we go to the list of users. We can see that we have a single use here. We can actually add additional users through this panel. And there are two ways we can do this. The first is that we can create a new user. This will actually create a new user within our Active Directory. However, sometimes you might want to invite external users or guest users.
So in that way you would invite guestusers so that won't create them an accountand an email address and so on. As a result, it would be possible to create users with Gmail email addresses or even users with an external directory. Either way, to invite a user, you would click the "new guest user" button, fill in some basic details, and enter the email address. You can block the initial signup and give them a usage location. This will be important, which we will see later. and then the details. And then we were clicking the Buy button. That will then send them an email asking them to click a link that will give them access to your domain. Individual users can all be managed in different ways. So for example, we can find different roles. By default, your initial user will be a global administrator. But we can add different directory roles from a range of built-in ones, or you can even create custom roles. We can also use groups to group people, which again helps manage users rather than doing them individually. If we're using mobile device management, we can see their list of devices, and we can see their sign-in activity. So one of the things you might want to do is create a custom domain name. So when you sign up for Azure, it will create a directory with a URL that is something like marksoft.com if you have your own domain you want to use. With azure. It's quite straightforward. We would click Add Custom Domain, type in the domain name, then click Add. Then, what you have to do to make that work is use your DNS registrar. You need to create a special kind of record called a TXT record. The hostname must be at, and you must then paste in those details to point to a specific address.
Once that's been done, you'll be able to click Verify, and that is just so that Microsoft can confirm that you own that domain name. Until you do that, the status will be unverified and you won't actually be able to use it. Once verified, you can then switchthat to your primary domain. And that means all accounts that you create within this Active Directory tenant will be created under the custom domain name that you already created. You need to be careful how you do this because obviously you might have an external email system or an existing internal domain that you're already using. So you need to give some thoughts on how that's going to work. You can also set up some basic company branding. However, to use that, we need to enable the premium features. And again, you can set things like self-service password reset, but, again, you need the premium features to use that. Let's go ahead and actually use the Premium Trial. So that will give us 30 days of the premium features for free. So we're going to go ahead and choose that. So I'll go with a shorter Adpremium pin two; let's do the pretrial. So that gives you 100 licences for 30 days. After that's expired, you then need to sign up again for the Premium Directory listing, which costs around $6 per user per month. We'll just go for the free trial for now, and we'll go in and activate that. Once the licence has been assigned, you can then start to enable some of the more advanced features in Adobe. So for example, the first one we'll look at is the password reset functionality. If you go down to Manage and go to Password Reset, we get to see the different options that we have available to us. If you don't get this screen and you're still being told that the premium licences or the premium functionality hasn't been enabled, try logging out and then back in again, because sometimes it takes a while for the token to update itself. So by default, self-service password reset is set to none. You can either set it to select groups or enable it for all users once it's been activated. You then define how you want users to be able to perform password resets, and you can choose between one or two methods.
So, for example, you can enable users to reset their password via email, via SMS security questions, or you can enable it to require two of those. You can also set options for when users are first signing in, which forces them to register certain details. We can set notifications so that we notify users or admins on password resets, and you can provide a unique email or URL that your customers can visit. Finally, if you've installed and configured your AdConnect, you can set right back passwords, which means that whenever they reset their password, it will write back and update the on premises directory, or you can allow users to unlock accounts without resetting their passwords. Another area available to us when we're using the Premium Active Directory is the company branding. So in here, we can actually configure various settings to do with company branding. We can set logos, banner logos, usernames and hashes, text, and so on. So this will at least be a password reset. And the Ajax trick makes people signing on and using single sign-on look a little bit more seamless within your organization. We also get more advanced features under "security." So one of the things we can do is set name and location. We can also set authentication methods for people signing in. So, for example, we can set lockout thresholds and lockout durations here; we can also configure MFA, and within MFA setup, there are additional suboptions we can configure, such as account lockouts for MFA denials. We can block and unblock users, we can set up fraud alerts so we can allow users to submit fraud alerts, and we can automatically block users who report frauds.
So if a user were to receive a fashion email and they thought their account may have been compromised by them submitting a fraud alert, it would automatically disconnect their account. When setting up MFA, you can also configure a trusted IPS. So trusted IPS means you can define a range of IP addresses, which would normally be your company's IP range. And if a user is coming from that IP range, you can tell it to skip multifactor authentication for them. So this is useful when connecting it to your internal users, so that if they're signing in from an on-premises network, it wouldn't ask for MFA. It would only then request MFA if they were trying to access your system from outside the corporate network. Finally, conditional access to identity protection is a feature that is only available with P2. So again, conditional access allows you to define more policies around how users can access information and what sort of end-user protection they have. Identity protection also informs you of the users it considers. Risk care increases because of various policies you can set, and again, you can actually define these policies within these settings and, more importantly, who those policies apply to. One of the most important bits to understand for the exam is that a lot of these options, especially around security, are only available when you upgrade to Azure AD Premium 2. And again, refer to the chart for the differences between the different options that you can choose from.
Okay, in this video, we're going to install and configure Azure AD Connect and sync it up to our tenant. So the first thing I want to dois I'm on my serve at the moment. It's an Active Directory server or a domain controller. And so the first thing I want to do is search for Ad Connect. We want the option to download it, and then just go ahead and click Download. Once that's downloaded, go ahead and run it. And once it's installed, the wizard should automatically start. So we'll just go through the motions of selecting and seeing what options you have. We can have a have a customised or an Express settings. We'll go for the Express settings. And the first thing, of course, it wants is our credentials for logging into Azure Ad Connect. So we'll type in our details. Next, we need to enter a username for ourenterprise administrator in our Active Directory Domain services. And then once it's happy with our details, go ahead and click Install.
Now I'm stalling Azure Active Directory. Connect to the domain controller. What you would normally do is install it on a separate server, rather than a domain controller. And as mentioned, for resiliency purposes, you should install at least three throughout your domain. Once the process is finished, we'll get the configuration completed. And that's pretty much it. If you ever wanted to go in later and change the configuration, we just need to rerun the AZ Connect program. I'm going to configure. Then, through this, we can go through the various different tasks. So for example, we can view the current configuration, which tells us how it's being configured. So for example, we can see groupwriteback and password writeback are currently disabled. And if we wanted to change anything, we could go in and customise the various options such as the synchronisation options, which would allow us to change things such as our directory. If we wanted to change the actual directory, we could filter the OUS. So by default, it will synchronise all your OUs. But if you want to only synchronise certain OUs, you can do that. So a typical use case here is you mightcreate an organisational unit called Cloud or Azure. And in there, put users and groups that you want synchronised across.Other optional features would be disabled for any users with whom you did not want to synchronize. So we said that write back" wasn't enabled, and instead we are using password hash synchronization.
So again, if you want to use any of these, you can tick those checkboxes, and then once you're happy, you finish the configuration. So another important aspect of the configuration is the staging mode. Staging mode stops actual replication from happening to the node that Active Directory is installed on. The first question would be, why would you want to enable this? So we said earlier that we should have at least three copies of the Active Directory Connection running somewhere for resiliency purposes. However, you cannot actually have the adsync running on all three nodes. So what you would normally do is install Ad Connect on all three nodes, but you would put two of them in staging mode and only have one with staging mode disabled. Then, if the primary server ever goes down, you would go to one of your other nodes and disable staging mode on those other nodes. Once you're happy with the AZ settings we've set for your domain, we can go back into our Azure Portal and go to our Active Directory configuration. And the first thing we can see on the overview page is that under Ad Connect, the status is enabled and that the last sync was less than an hour ago. We can then go check to see what has been replicated. If we go to our Users tab, we can see all of our users that have been replicated across all of our servers. So we have our original admin account that we created in Azure Active Directory, and then these additional user accounts that we've brought in, and note that the source of them is set as Windows Server AD as opposed to Azure Active Directory. We will have also brought in any additional groups that we might have set up. And again, we can see from the source whether this group was created either within the Azure Active Directory or on the actual Windows Server.
Student Feedback
Download Free Microsoft Azure Architect AZ-303 Practice Test Questions, Microsoft Azure Architect AZ-303 Exam Dumps
File | Votes | Size | Last Comment |
---|---|---|---|
Microsoft.test4prep.AZ-303.v2024-10-26.by.zhangqiang.126q.vce | 1 | 4.38 MB | |
Microsoft.pass4sure.AZ-303.v2021-12-08.by.stanley.121q.vce | 1 | 4.32 MB | |
Microsoft.selftestengine.AZ-303.v2021-10-20.by.harry.113q.vce | 1 | 3.88 MB | |
Microsoft.pass4sureexam.AZ-303.v2021-08-19.by.oscar.106q.vce | 1 | 3.15 MB | |
Microsoft.pass4sure.AZ-303.v2021-04-04.by.zara.97q.vce | 1 | 2.19 MB | |
Microsoft.pass4sure.AZ-303.v2020-10-19.by.lucy.30q.vce | 2 | 558.58 KB | |
Microsoft.selftestengine.AZ-303.v2020-07-28.by.ryan.25q.vce | 2 | 436.6 KB |
Similar Microsoft Video Courses
Only Registered Members Can Download VCE Files or View Training Courses
Please fill out your email address below in order to Download VCE files or view Training Courses. Registration is Free and Easy - you simply need to provide an email address.
Log into your ExamCollection Account
Please Log In to download VCE file or view Training Course
Only registered Examcollection.com members can download vce files or view training courses.
SPECIAL OFFER: GET 10% OFF
Pass your Exam with ExamCollection's PREMIUM files!
SPECIAL OFFER: GET 10% OFF
Use Discount Code:
MIN10OFF
A confirmation link was sent to your e-mail.
Please check your mailbox for a message from support@examcollection.com and follow the directions.
Download Free Demo of VCE Exam Simulator
Experience Avanset VCE Exam Simulator for yourself.
Simply submit your e-mail address below to get started with our interactive software demo of your free trial.
Add Comments
Feel Free to Post Your Comments About EamCollection's Microsoft Azure Architect AZ-303 Certification Video Training Course which Include Microsoft AZ-303 Exam Dumps, Practice Test Questions & Answers.