Your guided journey through Azure Active Directory mastery
0%
๐0/5 quests completed
โก0/100 XP earned
โก
Before You Start: Get Your Azure Environment Ready
Setup Guide
๐ฏ Why This Matters
To get the FULL hands-on experience with this companion, you'll want access to Azure AD Premium P2 features. The good news? Microsoft offers a FREE 30-day trial with 100 user licenses - perfect for learning!
๐ What You'll Unlock with P2 Trial
โข Self-Service Password Reset (SSPR) - Actually configure it, not just read about it
โข Conditional Access - Create real policies based on location, device, risk
โข Dynamic Groups - Build rule-based automatic group membership
โข Privileged Identity Management (PIM) - Time-based admin access
โข Identity Protection - Risk detection and automated responses
Without P2, you can only VIEW these features. With P2, you can BUILD with them! ๐
๐ Setup Steps (15 minutes)
Create Free Azure Account
Go to azure.microsoft.com/free โ Sign up with your personal email โ You'll get $200 credit (30 days) PLUS 12 months of free services
Verify Your Account
Microsoft will ask for a phone number and credit card (for verification only - you won't be charged during the trial)
Access Azure Portal
Once verified, go to portal.azure.com and sign in
Navigate to Azure Active Directory
Search for "Azure Active Directory" in the top search bar โ Click to open
Activate P2 Trial
In Azure AD, click "Licenses" in the left menu โ Click "All products" โ Click "Try/Buy" โ Find "Microsoft Entra ID P2" โ Click "Activate" on the Free Trial
Assign License to Yourself
Go to Azure AD โ "Users" โ Click on your user โ Click "Licenses" โ Click "+ Assignments" โ Select "Microsoft Entra ID P2" โ Click "Save"
โ ๏ธ Important Trial Info
โข Trial lasts 30 days from activation
โข You get 100 licenses (way more than you need!)
โข No automatic charges - premium features just stop working after 30 days
โข Your free tier features and $200 credit are separate and stay active
โข Plan to spend your 30 days wisely - focus on identity/security topics first!
๐ก Can I Skip the P2 Trial?
Yes! You can still learn from this companion without P2. The guide explains what each feature DOES and WHY it matters. However, you'll only be able to VIEW settings instead of actually configuring them.
With Free Tier Only:
โข Quest 1 (Create Users/Groups): โ Full hands-on
โข Quest 2 (Guest Access): โ Full hands-on
โข Quest 3 (SSPR): โ ๏ธ Conceptual learning only
โข Quest 4 (MFA): โ ๏ธ Security Defaults only (no Conditional Access)
โข Quest 5 (Dynamic Groups): โ ๏ธ Conceptual learning only
With P2 Trial:
All quests: โ Full hands-on experience!
For AZ-104 exam prep, understanding the concepts is sufficient. But hands-on is always better! ๐ช
๐ Study Timeline Suggestion
If you activate the P2 trial, here's how to maximize your 30 days:
In this quest, you'll learn how to create and manage users and groups in Azure AD. This is the foundation of identity management in Azure!
๐ก Where to Start
Navigate to the Azure Portal (portal.azure.com) โ Search for "Azure Active Directory" in the top search bar โ Click on it to open the Azure AD blade.
๐ Step-by-Step Guide
In Azure AD, click on "Users" in the left menu
Click "+ New user" โ Choose "Create new user"
Fill in User Principal Name and Display Name (e.g., john.doe@yourdomain.onmicrosoft.com)
Set a temporary password (or use auto-generate)
Click "Create" - congrats, you created your first user! ๐
โ ๏ธ Free Tier Note
Your free Azure account gives you Azure AD Free tier. This is perfect for learning the basics! Some advanced features (like dynamic groups) require Azure AD P1, but don't worry - you'll learn about those in the "Understand & Explain" section.
๐ก Now Try Groups
Creating a Security Group:
1. Go back to Azure AD โ Click "Groups"
2. Click "+ New group"
3. Choose Group type: "Security"
4. Enter a name like "IT-Admins"
5. Membership type: "Assigned" (Dynamic requires P1)
6. Click "Create"
Add your user to the group:
1. Click on your new group
2. Click "Members" โ "+ Add members"
3. Select the user you created
4. Click "Select"
๐ช Pro Tip
Try creating 2-3 users and organizing them into different groups (like "Marketing", "Engineering", "Finance"). This mimics real-world scenarios and helps you understand group-based management!
โ Completion Checklist
2
Configure Guest User Access
+20 XP
๐ฏ What You'll Learn
Guest users let you collaborate with external partners while keeping your tenant secure. This is called B2B (Business-to-Business) collaboration!
๐ก Understanding Guest vs Member Users
Member Users: Internal employees with full access to your Azure AD
Guest Users: External collaborators with limited access by default
Think of it like: Members have keys to all the rooms, Guests only get keys to the meeting rooms!
๐ Step-by-Step Guide
Go to Azure AD โ "Users"
Click "+ New user" โ Choose "Invite external user"
Enter an email address (can be any personal email like Gmail)
Add a personal message (optional but nice!)
Click "Invite" - the guest will receive an email invitation
๐งช Testing Tip
Use your personal email address as the guest! This lets you see both sides of the experience - as the admin and as the guest user. Check your personal email for the invitation!
๐ก Guest Settings Configuration
Explore External Collaboration Settings:
1. Azure AD โ "External Identities"
2. Click "External collaboration settings"
3. Notice the different permission levels for guests
4. See who can invite guests (important for security!)
Don't change anything yet - just observe what options are available!
๐ง Knowledge Check: What user type designation does an invited external collaborator get?
A) External
B) Guest
C) Partner
D) Visitor
โ Completion Checklist
3
Set Up Self-Service Password Reset (SSPR)
+20 XP
๐ฏ What You'll Learn
SSPR lets users reset their own passwords without calling IT. This saves time and empowers users!
โ ๏ธ Free Tier Limitation
SSPR is a Premium P1 feature. With the free tier, you can EXPLORE the settings but can't fully enable it. That's okay - understanding the configuration is what matters for the exam!
๐ Exploration Guide
Azure AD โ Search for "Password reset" in left menu
Click "Properties" - see that it's disabled (needs Premium)
Check "Registration" settings - see how users would enroll
Review "Notifications" - understand alert options
๐ก Understanding SSPR Concepts
Key Concepts to Know:
โข Gates: Number of authentication methods required (usually 1 or 2)
โข Methods: Mobile app, phone, email, security questions
โข Registration: Users must register before they can use SSPR
โข Writeback: Syncs password changes back to on-premises AD (hybrid scenarios)
Even if you can't enable it now, understanding these concepts is crucial!
๐ Exam Focus
For AZ-104, know: SSPR requires Azure AD Premium P1 or P2, supports multiple authentication methods, and can integrate with on-premises Active Directory through password writeback.
๐ง Knowledge Check: What Azure AD license tier is required for SSPR?
A) Azure AD Free
B) Azure AD Premium P1
C) Azure AD Premium P2
D) Microsoft 365 E3
โ Completion Checklist
4
Configure Multi-Factor Authentication (MFA)
+20 XP
๐ฏ What You'll Learn
MFA adds an extra layer of security by requiring two forms of verification. This is CRITICAL for protecting accounts!
๐ Good News!
Security defaults include MFA and are available in the free tier! Let's explore them.
๐ Step-by-Step Guide
Azure AD โ "Properties" โ Scroll to bottom
Click "Manage security defaults"
Notice it can be Enabled or Disabled
If disabled, consider enabling it (protects your account!)
Security defaults automatically enable MFA for all users
๐ก Understanding Security Defaults vs Conditional Access
Security Defaults (Free):
โข Basic MFA for all users
โข All-or-nothing approach
โข Great for small organizations
โข Can't customize when MFA is required
Conditional Access (Premium P1):
โข Granular control over MFA policies
โข Can require MFA based on location, device, risk level
โข Can exclude specific users or groups
โข Way more flexible!
If you enable security defaults, you'll need to set up MFA on your own account next time you sign in. Have your phone ready with the Microsoft Authenticator app!
Even though you can't create Conditional Access policies with the free tier, you can still explore the interface:
1. Azure AD โ Search for "Conditional Access"
2. Click "Policies" - see the interface
3. Notice the structure: Assignments (who/what) โ Conditions (when) โ Access controls (what happens)
4. This is the "pro version" of MFA control you'll use in enterprise environments!
๐ง Knowledge Check: What's the main difference between Security Defaults and Conditional Access?
A) Security Defaults is more secure
B) Conditional Access offers granular policy control
C) They're the same thing
D) Security Defaults requires Premium P2
โ Completion Checklist
5
Understand Dynamic Group Membership
+20 XP
๐ฏ What You'll Learn
Dynamic groups automatically add/remove members based on user attributes. Super powerful for automation!
โ ๏ธ Premium Feature Alert
Dynamic groups require Azure AD Premium P1. You can't create them with the free tier, BUT you can still learn how they work - which is the key exam knowledge!
๐ Conceptual Learning
Go to Azure AD โ "Groups" โ Try "+ New group"
Notice the "Membership type" dropdown
See "Dynamic User" and "Dynamic Device" (greyed out)
Click the "Learn more" link to read Microsoft docs
Understand: these use rules like "department equals Marketing"
๐ก How Dynamic Groups Work
Example Scenarios:
All Marketing users:
Rule: (user.department -eq "Marketing")
All users in Chicago:
Rule: (user.city -eq "Chicago")
The group membership updates automatically as user attributes change!
๐ช Exam Tip
Key things to remember: Dynamic groups require Azure AD P1, they use rule-based expressions, membership updates automatically, and there's a processing time (not instant!). Also know: you can have dynamic USER groups and dynamic DEVICE groups.
๐ก Comparison: Assigned vs Dynamic
Assigned Groups (Free tier):
โข Manual membership management
โข You add/remove members one by one
โข Full control, but time-consuming
โข Best for small, static groups
Dynamic Groups (Premium P1):
โข Automatic membership based on rules
โข Updates as user attributes change
โข Requires P1 license
โข Perfect for large, changing organizations
Real-world example: A company has 500 employees. When someone joins the Marketing dept, they're automatically added to "Marketing-Team" group, get access to marketing resources, and receive marketing emails. When they transfer to Sales, they're automatically moved! No admin work needed.
๐ง Knowledge Check: What Azure AD license is required for dynamic group membership?
A) Azure AD Free
B) Azure AD Premium P1
C) Office 365 E3
D) It's available in all tiers
โ Completion Checklist
๐ Congratulations! ๐
You've mastered Azure AD fundamentals!
You earned 100 XP and unlocked the next skill in your tree!
Ready to level up? Check out RBAC (Role-Based Access Control) next! ๐ญ