top of page

A John Craddock 5-day Hands-on Masterclass:

Microsoft Identity

Microsoft Identity solutions with Azure Active Directory and on-premises AD

Come to this Masterclass written and delivered by John Craddock. Discover how the identity solutions offered by Azure Active Directory and on-premises AD will help you build identity systems for the future using protocols that include OpenID Connect and OAuth 2.0. In the Masterclass you will learn how to authenticate and provide authorization factors to applications that can be located on-premises or in the cloud. The source of identity of the users could be from you own corporate network, your Azure AD domain, a partner organization and/or a social identity provider such as Facebook or Google.

The class provides detailed learning through the extensive use of hands-on labs. Attendees will not only learn the fundamentals and principles, but also learn how-to deploy and troubleshoot the solutions. In-depth learning will be gained through the use tools, such as Fiddler, to analyse and understand the protocol flows.

Just see what attendees have said:
"I believe this is the most useful course I have ever attended! John is very good at conveying the concepts, and it is easy to see that he has solid knowledge and experience. He is also really taking the time to explain, not just rushing through hundreds of slides. Also, very many hands-on labs which were very good."

"Best training class ever!...I'm VERY satisfied."

"Fantastic training, better structure and execution than any training I have attended in years."

"Excellent class; fully packed with information that is spot on and very useful hands-on labs. We are amazed!
John is easy to listen to and has lots of knowledge on the subject! This is probably the best course I’ve had. Time well spent!"

"John is very knowledgeable and makes the course easy to follow.  After completing the class, I really feel I have in-depth knowledge about how these aspects of Azure really work and operate. Having Limited experience working With Azure, I already feel that my knowledge now exceeds what more experienced consultants claim to know."

"I really appreciate John as a trainee. He really manages the area fully. The course really opened my eyes, and we will make changes in our company environment."


See more reviews here

Who is it for?

The class is primarily aimed at IT professionals. However, application developers who are tasked with integrating authentication and authorization with Microsoft Azure AD and/or on-premises AD will significantly benefit from the detailed coverage. Code development is not included in the class, but you will learn about all of the configuration requirements. 

The Masterclass is designed to teach you how to solve all the challenging aspects of securing apps in Azure AD and providing an optimal SSO experience for your users.

What to expect

The Masterclass is a high-energy, action packed event, crammed with solid information and tips. During the
5-days John Craddock will help build your knowledge and consolidate your new skills with over 37 hands-on labs.


To attend the Masterclass, you need to be a confident IT administrator with a thirst for knowledge. The Masterclass doesn’t teach basic Azure AD administration, but because of the extensive hands-on, you can come to this class with no prior knowledge of Azure AD. You will pick up the basics as we focus on the more challenging topics.

To gain the maximum from this class and the hands-on labs, you will need hands-on system administrator’s skills. For example, you will need to know how to:

  • Create and manage groups, OUs and group policies in an on-premises AD

  • Perform basic server/DC troubleshooting (for example check if a service is running, and restart it)

  • Add a DNS record

  • Add a URL to a browser’s Intranet zone


Day 1

After a comprehensive introduction to today’s identity challenges and solutions, you will learn the details of the authentication protocols. This in-depth coverage of the protocols will allow you to troubleshoot any problems you may encounter when deploying solutions. As we go through the hands-on labs, you will be expected to troubleshoot any issues you may encounter during the Masterclass. Of course, John will be there if you need help.


Day 1 hands-on labs include:

  • Creating an Azure Active Directory

  • Capturing and analysing HTTP/HTTPS sessions using Fiddler

  • Enabling Kerberos on a website

  • Troubleshooting Kerberos network traffic using Wireshark

  • Tracing the WS-federation protocol


Day 2

After completing our investigation of the protocols, you will learn how to configure the Azure Active Directory to meet your requirements. You'll discover how to manage the Azure AD through the Azure Portal, using PowerShell and the GraphAPIs. After adding custom domains and branding to your Azure AD, you will see how to enhance security and the user experience using self-service password resets, and MFA 


Day 2 hands-on labs include:

  • Investigating OpenID Connect

  • Adding custom domains to Azure AD

  • Managing Azure AD with PowerShell

  • Using Graph Explorer

  • Self-service password resets

  • Enabling Multi-Factor Authentication


Day 3

You will start the day by deploying Azure AD Connect to synchronize on-premises AD users to Azure AD. We will then investigate pass-through authentication and the new SSO capabilities provided by Azure AD Connect. You will learn about the SSO capabilities of Windows 10 when it is joined to Azure AD and how Windows Hello, the authenticator app and FIDO 2 keys can eliminate the need for passwords.

At this stage, you will have created a reliable identity infrastructure, and now it's time to make applications available to our users.

You will start by deploying a SaaS app to your users; configuring groups, assignments and self-service application management. You will then learn how to register your own applications into Azure AD.


Day 3 hands-on labs include: 

  • Installing and configuring synchronization with Azure AD Connect

  • Investigating pass-through authentication and SSO

  • Working with SaaS applications

  • Self-service application management

  • Configuring a WS-Federation App with Azure AD


Day 4

The day starts with configuring an Open ID Connect / OAuth 2.0 app. We then dive deeper into the application model and learning about managing permissions, roles, groups, delegation, APIs and consent. You will discover how to turn your application into a multi-tenant app and make it available to all users from all Azure AD tenants. 


Day 4 hands-on labs include: 

  • Configuring an Open ID Connect / OAuth 2.0 app with Azure AD

  • Managing permission roles and groups

  • Defining WebAPI permissions

  • Investigating consent

  • Deploying a V2 app and testing consent

  • Multi-tenant applications

Day 5


The day starts with configuring the Azure AD application proxy to publish both claims and Windows auth applications using Kerberos constrained delegation. We will then look at the features offered by on-premises AD FS and how they can integrate with Azure AD. The labs support three optional hands-on with AD FS, however due to time constraints these will need to be done outside of class hours. We will stretch our boundaries and see how Azure AD can open access to consumers (B2C) and businesses (B2B).


Day 5 hands-on labs include: 

  • Publishing an applications using the Azure AD Application Proxy

  • Enabling Windows Authentication via Kerberos Constrained Delegation

  • Optional to be done outside class hours

    • Configuring AD FS

    • Enabling Federated SSO

    • Installing and configuring an OpenID Connect app on AD FS

  • Multi-tenant versus federated applications

  • Managing B2B invitations and guest users

  • Taking over an unmanaged tenant

Masterclass materials

Both the hands-on manual and slides will be available in pdf format. You will also receive a copy build guide, which details how to set up the hands-on virtual environments, and copies of all the scripts and demo websites.

Masterclass lab environment

The hands-on labs are all run in a cloud-based virtual environment that will be available to you after the course is completed. The labs are available for 60 days from the course start date. This will allow you to do the labs again and test out other ideas.

Although the Masterclass is priced slightly higher than the average 5-day training class. The premium price reflects the high-quality, in-depth technical content and of course, having John Craddock with you all week to teach you the topics and answer your questions. The class is exceptional and unique. Everyone who has attended the Masterclass has been highly satisfied and had nothing to say but praise for the content, the hands-on labs and the instructor.


How to book

For the latest updates follow on Twitter or contact us and we will keep you updated.

bottom of page