This project was completed as part of the Secure Access with Azure Active Directory course on Coursera. It simulates real-world tasks performed by Azure Security Engineers, focusing on identity management, user access configuration, and securing accounts using Azure Active Directory (Azure AD).
As part of the final project, the following tasks were completed in a live Azure environment:
- Task 1: Add new users in Azure AD
- Task 2: Create a group and add members
- Task 3: Enable self-service password reset (SSPR) for a group
- Task 4: Test password reset flow as a standard user
- Task 5: Enable and configure multi-factor authentication (MFA) for a user
- Sign in to the Azure portal with your login credentials. Navigate to Azure Active Directory. Select Roles and administrators under the Manage blade.
- To create a user, check your role. If your role is listed as Global Administrator, you can manage all aspects of Azure AD:
- As Global Admin
- New User (John, Dave, Jeff)
- Navigated to Azure Active Directory → Groups → + New group.
- Filled group details:
- Group type: Security
- Name: DevSupport
- Description: Development Support
- Chose Assigned membership type and created group.
- Opened the group → Members → + Add members.
- Navigated to Azure Active Directory → Password Reset → Properties.
- Chose Selected under “Self-service password reset enabled”.
- Selected the group DevSupport for SSPR.
- Clicked Save to apply changes.
- Opened browser in incognito mode, went to:
https://passwordreset.microsoftonline.com - Entered user email, verified identity (via email/SMS).
- Reset the password successfully.
- Logged in using new password at https://portal.office.com.
- Navigated to Azure Active Directory → Users → Per-user MFA.
- Opened the legacy MFA portal and searched for the user.
- Clicked Enable to turn on MFA.
- Upon next login, user was prompted to register:
- Microsoft Authenticator
- SMS
- Phone call
