what is meant by the statement "different versions of the Microsoft Azure AD Connect Agent Updater service"? how is this relevant to the app proxy service?

HOL

• Align with WDS solution – verify that all requirements and objectives in WDS are also covered in HOL
• Explore password-less options with Windows Hello for Business and Windows Authenticator app
• Add resiliency: Fail-over domain and pass-through agents

WDS

• More discussion around Password-less authentication options
• Issue #16 – point out the licensing requirements for Intune and why E5 may be needed
• Issue #14 – more notes/discussion/reference in the WDS student guide on resiliency with Azure AD Connect

https://github.com/microsoft/MCW-Hybrid-identity#workshop
_In this workshop, you will learn to setup and configure a hybrid identity solution that integrates an existing on-premises identity solution with Azure. You will learn how to secure the virtual network by deploying a network virtual appliance and configure firewall rules and route tables. Additionally, you will set up access to the virtual network with a jump box and a site-to-site VPN connection.

At the end of the workshop, you will be better able to plan and design virtual networks in Azure with multiple subnets to filter and control network traffic. In addition, you will learn to create a virtual network and provision subnets, create route tables with required routes, build a management jump box, configure firewalls to control traffic flow, and configure site-to-site connectivity._
Feels like it belongs to some other workshop

1. Exercise 1, Task6 Step 2 For Installing Azure AD Connect, it is mentioned to login to Azure Portal in Internet Explorer inside DC1 Virtual Machine. But Internet Explorer 11 does not support Azure portal and getting an error message as below.

There are few more instructions that suggest to login to azure portal from Internet Explorer inside DC1 Virtual Machine which has to be changed.

2. Exercise 4, Task 4 step 1 For Installing pass through agent inside BDC-1 Virtual Machine, it is mentioned to open Azure Portal inside Internet Explorer and getting same error message as shown above.

ARM Template calls for DNS Label Prefix, can an example be provided?

Here are our suggested updates for the June 2020 update. Please add any other suggestions or feedback to this issue.

• Update diagrams to use new Azure icons
• Re-screenshot the entire lab (much of them are out of date)
• Add in Cloud Provisioning
• Update AAD App Proxy to use myapplications.microsoft.com instead of "myapps"

Hello,

please review this step because it didn't works for me.
The only way is to resend invitation and use the link as you can see here.

After you has accepted the invitation you can switch organization inside https://myapps.microsoft.com

Regards,
Yans

Please review alt-texts and provide more information where necessary.

It would be ideal to mention pre-requisites within the step-by-step - ideally at the beginning.

For example the lab exercises

HOL step-by step - Hybrid identity.html

Should mention that the steps below are to be completed before commencing the lab.

Before the hands-on lab - Hybrid identity.html

Thank you

how do we ensure that the staging AAD connect server has the same configuration settings as the production server?

Hi, as mentioned in title, I can not find the CreateDemoUsers.ps1 and CreateDemoUsers.csv because when I click to https://gallery.technet.microsoft.com/scriptcenter/Create-UsersGroup-for-9ee1de26 it will point to https://docs.microsoft.com/en-us/samples/browse/?redirectedfrom=TechNet-Gallery and I can find them there.

Hi,
Please find the following changes needed to be done in the guide:

1. We see that throughout the guide, domain name is mentioned as Contoso.local whereas it should be corp.contoso.com everywhere in the lab guide. Here are few spots where you can find the domain name:

   • Exercise 1: Task 5: Step 5: In the Active Directory Domains and Trusts console, right-click Active Directory Domains and Trusts [DC1.contoso.local] on the left and select Properties.
   • Exercise 1: Task 6: Step 18: On the Connect your directories page, ensure that the contoso.local entry appears.
   • Exercise 1: Task 8: Step 8: Connected System: contoso.local

2. Exercise 4: Task 3: Step 1: It should be specified which VM user needs to use here - BDC or Dc1.

3. Exercise 4: Task 2: Step 28: In order for clients to fail-over to BDC-1 when DC-1 is off-line, the IP address of BDC-1 will need to be added as the Alternate DNS server within Internet Protocol Version 4 (TCP/IPv4) Properties on all clients. On each client device, repeat steps 10-15 in this task, but enter the internal IP address of BDC-1 as the Alternate DNS server address.

   • Can you please elaborate all clients:

4. Exercise 4: Task 2: Step 11: This step says, Select Ethernet 2 next to Connections.

   • We didn't find Ethernet 2 whereas we got Ethernet.

Please have a look here.

Thanks

Hi Marcin,
I double checked. Correct casing for this workshop title is Hybrid identity (lower case i). When you're finalizing the workshop, please make sure to use that naming conventions for all document titles, folders and inside the documents. Thank you! Dawnmarie

In my lab environment, the IE Enhanced Configuration was not disabled until a reboot was performed (was unable to access the Technet scripts until this took effect).

The lab content appears to have been updated; please update the content.

Seems basic, but I had my window small, so the Chevron for cloud shell did not show at the top. New folks may not even know it is there. I even tried search, and it does not come up. It no longer shows at the bottom, so the newer users need to know how to launch it. Another option could be to have them go to shell.azure.com on a new tab, which would give them a second window

It would be great if the whiteboard slides had speaker notes, reference information on them. For example, slide 14 has a decision tree, and asks a question about signins natively supported by Azure AD. Not everyone knows what is natively supported, so we will have to go do some research when the client asks this question. Including the supporting information on this slide and others would be very helpful

Intune comes with EMS E3, E5 is not required

#1: Exercise-1-> Task-11- Perform Hybrid Azure AD join- > Step-3

Problem: AGAyers does not have remote desktop rights to login to APP1 Server.

Recommendation :
Update AD scripts to add the user to “Remote Desktop Users” AD Group or add instructions in the lab guide to add user the remote desktop users group manually

#2: Exercise-2 - Task-10- Implement Azure AD Privileged Identity Management

Problem: This user(AGAyers) is not a member of the Engineering group. As per documentation, we are allowing access to the “Engineering” group only.

Recommendation.: Please update scripts to include AGAyers to Engineering Group, or update the documentation to use the correct user who is part of Engineering.

#3, Exercise 3:- Configure application access in hybrid scenarios - Task-6:-
Problem: Email-address value highlighted in below screenshot needs to be generalized.

Recommendation:- use jane.doe@< Fabrikam-Domain-name>

Task 6: The script to modify settings of the AD user accounts in Step 9 is not fetching user AGAyers.

Please leave your review comments for our author below.

Task 2 Step #1. The user may not see All Services, as the portal keeps changing. I defaulted to the new view and you don't see that. A better method instead of navigating is to type Subscriptionsin the top Search field......that will always find anything no matter how the portal view is configured.

On the before document when i went there, its a cornucopia. Even though title mentioned, why not link directly to the docs. Also, the link took my out of the doc, versus opening a new tab. Maybe the produced version will fix that?

here
Review online documentation regarding Azure Active Directory at https://docs.microsoft.com/en-us/azure/active-directory/ focusing in particular on its integration with Active Directory and its B2B capabilities.