Identity Labs
Source: Azure Master Class v3 - Part 2 - Identity (John Savill)
Prerequisites: Entra ID P1/P2 licenses for certain features
Labs Overview
These hands-on labs cover identity management concepts from the Azure Master Class. Each lab includes:
- README.md - Lab objectives and tasks (pure lab, no solutions)
- solution.md - Step-by-step portal walkthrough
- solution-cli.md - CLI/PowerShell alternatives
- questions.md - Exam-style questions and scenarios
Lab List
| # | Lab | Topics | License Required | Difficulty |
|---|---|---|---|---|
| 01 | Users and Groups | Create users, groups, dynamic groups, licenses | Free/P1 | Beginner |
| 02 | RBAC | Azure RBAC roles, custom roles, scope | Free | Beginner |
| 03 | Conditional Access | CA policies, MFA, device compliance | P1 | Intermediate |
| 04 | Managed Identities | System/user-assigned MI, Key Vault | Free | Intermediate |
| 05 | B2B Guests | External identities, invitations, cross-tenant | Free/P1 | Intermediate |
| 06 | SSPR | Self-service password reset, registration | P1 | Intermediate |
| 07 | PIM | Just-in-time access, eligible roles, approval | P2 | Advanced |
Extras (Reference Material)
| Topic | Description |
|---|---|
| Administrative Units | Delegation with AUs |
| Bulk Operations | Bulk user management |
| PIM Deep Dive | Additional PIM scenarios |
Suggested Learning Path
Lab Environment Requirements
Minimum Requirements
- Azure subscription (free tier works for most labs)
- Entra ID tenant
- Global Administrator or appropriate admin roles
Recommended for Full Experience
- Entra ID P2 trial (for PIM, Identity Protection labs)
- At least 3 test user accounts
- A test resource group
Getting P2 Trial
- Go to Entra admin center
- Navigate to Billing → Licenses
- Click "Try/Buy"
- Select "Entra ID P2" - 30 day free trial
Quick Reference
Key URLs
| Purpose | URL |
|---|---|
| Entra Admin Center | https://entra.microsoft.com |
| Azure Portal | https://portal.azure.com |
| SSPR Registration | https://aka.ms/ssprsetup |
| Password Reset | https://aka.ms/sspr |
| My Account | https://myaccount.microsoft.com |
| PIM | https://entra.microsoft.com/#view/Microsoft_Azure_PIMCommon |
PowerShell Modules
powershell
# Microsoft Graph (recommended)
Install-Module Microsoft.Graph -Scope CurrentUser
# Azure PowerShell
Install-Module Az -Scope CurrentUser
# Connect to Graph with needed scopes
Connect-MgGraph -Scopes "User.ReadWrite.All", "Group.ReadWrite.All", "RoleManagement.ReadWrite.Directory"Azure CLI
bash
# Login
az login
# Set subscription
az account set --subscription "Your-Subscription-Name"Back to Main Content
- Identity Guide - Full identity concepts documentation
- Identity Governance Index - Main AZ-104 identity section