Realdolmen Education


Microsoft Identity solutions with Azure Active Directory, on-premises AD FS and AD

This course is currently not scheduled on the open calendar, but can be organized on request.

Request Course


5 day(s)


The class is primarily aimed at IT professionals. Application developers tasked with integrating authentication and authorisation with Microsoft Azure and/or on-premises AD FS will greatly benefit from the detailed coverage.


Code development is not included in the class, but you will learn about all of the configuration requirements.


Learn how to integrate authentication and authorisation with MS Azure and/or on premises AD FS


The Masterclass is a high-energy, action packed event, crammed with solid information and tips. During the 5-days John Craddock will help build your knowledge and consolidate your new skills with over 35 hands-on labs.


Day 1 After a comprehensive introduction to today’s identity challenges and solutions you will learn the details of the authentication protocols. This in-depth coverage of the protocols will allow you troubleshoot any problems you may encounter when deploying solutions. Day 2 After completing our investigation of the protocols, you will learn how to configure the Azure Active Directory to meet your needs. You’ll discover how Azure AD Identity Protection and Privileged Identity Management enhances security for your Azure AD tenant. Through synchronizing users from an on-premises AD, you will discover how SaaS applications can be made available to on-premises and cloud users. You will see the options for configuring password synchronization and Pass-through authentication. Day 3 You will start the day deploying a SaaS app to your users and configuring groups, self-service group management, and self-service application management. You will then deploy your own applications into Azure AD using both WS-Federation and OpenID Connect / Oauth2.0. You will then learn about managing permissions, roles, groups, delegation and consent. Day 4 The day starts with you working with the Azure AD Application Proxy to publish applications to the Internet. After installing/configuring AD FS and the Web Application Proxy on Server 2016, you will then learn the options for enabling federated SSO with the on-premises AD. After configuring Federated SSO, you will install and configure an OpenID Connect / OAuth 2.0 application to work with AD FS. Day 5 The day starts looking at device registration and conditional access for both Azure AD and AD FS. We will look at the elimination of passwords using Windows Hello. We will then stretch our boundaries and see how Azure AD can open access to consumers (B2C) and businesses (B2B).

You will receive a hard copy of the hands-on manual. Both the hands-on manual and slides will be available in pdf format. At the end of the course, after completing an evaluation, you will receive a link to a build guide, which details how to setup the hands-on virtual environments, and copies of all the scripts and demo websites.


  • Day 1 - Labs
    • Creating an Azure Active Directory
    • Installing and using Fiddler
    • Enabling Kerberos on a website
    • Tracing the WS-federation protocol
    • Investigating OpenID Connect
  • Day 2 - Labs
    • Adding custom domains to Azure AD
    • Self-service password resets
    • Enabling Multi-Factor Authentication
    • Role based access control
    • Branding your portal
    • Managing Azure AD with PowerShell
    • Install and configure synchronization with Azure AD Connect
    • Investigating pass-through authentication
  • Day 3 - Labs
    • Working with SaaS applications
    • Groups and self-service group management
    • Self-service application access and delegation
    • Configuring a WS-Federation App with Azure AD
    • Managing permission roles and groups
    • Defining WebAPI permissions
    • Investigating consent
    • Multi-tenant applications
  • Day 4 - Labs
    • Publishing a claims-aware application with the Azure AD application proxy
    • Publishing an application using Windows Authentication via Kerberos Constrained Delegation
    • Installing AD FS and the WAP
    • Enabling Federated SSO
    • Installing and configuring an OpenID Connect app on AD FS
    • Managing claims AD FS claims rules
  • Day 5 - Labs
    • Installing AD FS and the WAP
    • Enabling Federated SSO
    • Installing and configuring an OpenID Connect app on AD FS
    • Creating a B2C directory
    • Multi-tenant versus federated applications