Studying for the SC-300 (part 2)

Hi!

I hope you’re all enjoying this beautiful Monday. It’s summer!

Some days ago I started this series of articles in which I’ll share some of my study notes for the SC-300. This is the Microsoft Identity and Access Administrator certification exam. Securing the identities is of the utmost importance. Some time ago I read this article that poses this question: is Azure Active Directory the weakest link in the chain? If malicious people manage to get hold of an identity, then they can do a lot of damage. Moreover, we want to make sure the members in our organization get the proper access to the resources they need to get their job done. While maintaining everything secure! What a challenge!

This is part 1 of the series, where I write about the very first topic covered in the exam: configuring and managing Azure AD roles.

Just to remind you what the first domain, Implement initial configuration of Azure AD, covers:

  • configure and manage Azure Active Directory roles
  • configure and manage custom domains
  • configure and manage device registration options
  • configure delegation by using administrative units
  • configure tenant-wide settings

In this article I’d like to share my notes on the second skill, configure and manage custom domains.

Configure and manage custom domains

When you first create your organization in Azure AD, the system sets an initial domain name with the following format: organization.onmicrosoft.com. This will be your primary domain name for the time being. The initial domain name can’t be changed or deleted. A user in this organization would have an email address like this: user@organization.onmicrosoft.com.

You can, however, add your own domain name to Azure AD, and set it as the primary one. The primary domain name is the default domain name for new users.

Only a Global Administrator can manage domains in Azure AD.

One thing to have in mind is that changing the primary domain to a new custom domain won’t change the user name of the existing users.

Adding a new custom domain

  1. Sign in to the Azure portal using a Global Administrator account.
  2. Navigate to Azure Active Directory and select Custom domain names from the menu on the left.
  3. Click on + Add custom domain on the top menu, and type the domain name you want to include. Don’t forget to include .com, .net, or any other top-level extension.
  4. The TXT record for the new domain will be displayed. You’ll use this information to configure the domain in your DNS provider. This is to verify the ownership of the domain.
Copy the data in these fields to use them later in your DNS provider’s management page.

I have my own domain registered in Azure AD, one I bought from Namecheap. I’m very happy with their services.

This is how it looks like there.

Every DNS provider is more or less the same. You have to click on Add new record, and choose TXT record. The @ under hostname means it’s the root domain. TTL means time to live, and it’s the time it takes for the cache of the DNS record to be refreshed. By default, Azure gives us one hour. This avoids too many queries to our domain name.

You can register subdomain names, such as europe.organization.com, but you have to first register the root domain (the @).These subdomains are verified automatically.

I hope you can see the importance of having your own domain registered in Azure AD. Your domain is your brand, it’s your name and how you want to be recognized.

If you want to read more about DNS, check my article Creating DNS Records for a Web App. Let me know what you think.

This is it for now. I want to keep it short and steady. If you’re also studying for the SC-300, please raise your hand and reach out. Let’s tackle this together!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s