microsoft
/
MCW-Hybrid-identity
зеркало из https://github.com/microsoft/MCW-Hybrid-identity.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

review in browser for images, formatting, spacing

This commit is contained in:
Ben Stegink 2022-06-01 07:10:28 -04:00
Родитель 542a89611d
Коммит e711df9551
3 изменённых файлов: 11 добавлений и 11 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

8
Hands-on lab/Before the hands-on lab - Hybrid identity.md
Просмотреть файл

@ -86,7 +86,7 @@ Timeframe: 150 minutes
2. On the **TLG (Test Lab Guide) - 3 VM Base Configuration (v1.0)** page, select **Deploy to Azure**.
> **Note**: The 3 VM Base Configuration provisions a Windows Server 2016 Active Directory domain controller named DC1 using the domain name you specify and a domain member server named APP1 running Windows Server 2016. It also offers an option to provision a client VM running Windows 10; however, we will not be using it in our lab (primarily due to licensing requirements applicable when running Windows 10 VMs in Azure). The domain member server (APP1) has automatically installed .NET 4.5 and IIS.
> **Note**: The 3 VM Base Configuration provisions a Windows Server 2016 Active Directory domain controller named DC1 using the domain name you specify and a domain member server named APP1 running Windows Server 2016. It also offers an option to provision a client VM running Windows 10; however, we will not be using it in our lab (primarily due to licensing requirements applicable when running Windows 10 VMs in Azure). The domain member server (APP1) has automatically installed .NET 4.5 and IIS.
3. On the **Custom deployment** blade, specify the following settings, select **Review + Create**, then **Create**.
@ -112,7 +112,7 @@ Timeframe: 150 minutes
- VM Size: **Standard_D2ads_v5**
**Note**: Use a similar VM size if your subscription does not support the listed size. Documentation is linked here: <https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes>.
> **Note**: Use a similar VM size if your subscription does not support the listed size. Documentation is linked here: <https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes>.
- DNS Label Prefix: **Any valid, globally unique DNS name - a unique string consisting of letters, digits, and hyphens; starting with a letter and up to 47 characters long.**
@ -140,7 +140,7 @@ Timeframe: 150 minutes
- Password: **demo\@pass123**
> Note: If you get a prompt asking if you want your device to be discoverable on the network, click No.
> **Note:** If you get a prompt asking if you want your device to be discoverable on the network, click No.
2. Within the Remote Desktop session to **DC1**, start **Windows PowerShell** and run the following script to disable Internet Explorer enhanced security configuration and User Access Control on both **DC1** and **APP1** Azure VMs:
@ -152,7 +152,7 @@ Timeframe: 150 minutes
Invoke-Command -ComputerName $vmNames {Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ConsentPromptBehaviorAdmin" -Value 00000000}
```
**Note:** To run multiple PowerShell scripts in the same file, you can highlight a specific portion of the script and select **Run Selection** next to the green play button.
> **Note:** To run multiple PowerShell scripts in the same file, you can highlight a specific portion of the script and select **Run Selection** next to the green play button.
![In this screenshot, the PowerShell is depicted with the script listed above pasted in.](images/Hands-onlabstep-bystep-HybridIdentityImages/media/PSScript.png "PowerShell with the script pasted into it")

10
Hands-on lab/HOL step-by step - Hybrid identity.md
Просмотреть файл

@ -779,9 +779,9 @@ In this task, you will configure Azure AD Connect device synchronization options
10. Switch back to the Remote Desktop session to **DC1**, in the Edge browser window displaying the Azure portal, navigate to the **Devices - All devices** blade of the Contoso Azure AD tenant and verify that there is an entry representing the APP1 server, with the **Join Type** set to **Hybrid Azure AD joined**.
> **Note**: You might need to wait until the Azure AD registration status is correctly reported and its Azure AD object appears in the Azure portal.
> **Note**: You might need to wait until the Azure AD registration status is correctly reported and its Azure AD object appears in the Azure portal.
![In this screenshot, the 'Devices - All devices' blade of the Azure portal is depicted with an entry representing the APP1 server with the 'Join Type' set to 'Hybrid Azure AD joined'](images/Hands-onlabstep-bystep-HybridIdentityImages/media/APP1_HybridAzureADjoined.png "APP1 server entry is shown")
![In this screenshot, the 'Devices - All devices' blade of the Azure portal is depicted with an entry representing the APP1 server with the 'Join Type' set to 'Hybrid Azure AD joined'](images/Hands-onlabstep-bystep-HybridIdentityImages/media/APP1_HybridAzureADjoined.png "APP1 server entry is shown")
**Summary**
@ -1250,7 +1250,7 @@ In this task, you will implement Azure AD Privileged Identity Management.
8. Switch to the Remote Desktop session to **APP1**, start the Edge browser, and browse to the Azure portal at [**http://portal.azure.com**](http://portal.azure.com). From here, sign in as Ann G. Ayers. The username can be found on the **Users - All users** page in the Azure portal window on the lab computer. The password will be **demo@pass123**.
> Note: If prompted that you have 14 days to add additional information, you can still choose to skip. Even if you decide to skip here, on the next screen, you'll be required to enter additional MFA information.
> **Note:** If prompted that you have 14 days to add additional information, you can still choose to skip. Even if you decide to skip here, on the next screen, you'll be required to enter additional MFA information.
9. When prompted to provide additional information, select **Next**on the **Keep your account secure** page, and select **I want to set up a different method**. At the **Choose a different method** dialog, select **Phone** on the dropdown, then select **Confirm**.
@ -1720,7 +1720,7 @@ In this task, you will configure an Azure AD Application Proxy application for B
31. Within the Remote Desktop session to **DC1**, in Visual Studio Code, open the newly extracted PowerShell script **AppProxy-GuestAccountCreation-v1.0.3.ps1** and modify its content by updating it to match the following:
> Note: If you can't open the file for some reason, you can use the **Open folder** option in Visual Studio Code to open the folder containing the script.
> **Note:** If you can't open the file for some reason, you can use the **Open folder** option in Visual Studio Code to open the folder containing the script.
```pwsh
$B2BGroupSid = "TODO" #Fabrikam B2B users Azure AD group's ObjectID that you identified earlier in this exercise.
@ -1924,7 +1924,7 @@ In this task, you will install and configure Azure AD Connect in standby mode. T
1. Since **Azure AD Connect** has already been downloaded and installed from the portal, on **BDC-1**, you need to navigate to the **Microsoft Download Center** to download **Azure AD Connect** for **BDC-1**.
> Note: You may want to turn off Internet Explorer Enhanced Security Configuration and install Edge first. The URL to download and install Edge for Business is https://www.microsoft.com/en-us/edge/business/download.
> **Note:** You may want to turn off Internet Explorer Enhanced Security Configuration and install Edge first. The URL to download and install Edge for Business is https://www.microsoft.com/en-us/edge/business/download.
```txt
https://www.microsoft.com/en-us/download/confirmation.aspx?id=47594

4
README.md
Просмотреть файл

@ -54,8 +54,8 @@ In this hands-on lab you will setup and configure a number of different hybrid i
- [What is Conditional Access?](https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview)
- [What is guest user access in Azure Active Directory B2B?](https://docs.microsoft.com/en-us/azure/active-directory/b2b/what-is-b2b)
- [What is Azure Active Directory B2C?](https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-overview)
- [What is Azure AD Connect cloud sync?](https://docs.microsoft.com/en-us/azure/active-directory/cloud-sync/what-is-cloud-sync>)
- [Plan a passwordless authentication deployment in Azure Active Directory](https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-deployment>)
- [What is Azure AD Connect cloud sync?](https://docs.microsoft.com/en-us/azure/active-directory/cloud-sync/what-is-cloud-sync)
- [Plan a passwordless authentication deployment in Azure Active Directory](https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-deployment)
## Help & Support