Google Ads Access And Security

Google ads access and security is essentially going to be your portal for managing the access into your account, and there's some security elements too, which we'll dive into, but I just want to give you a quick overview, walk you through how all this is set up, just make it a little bit easier for you to manage users and Security in your account. so when you have your Google ads account pulled up at the very top, you'll see this tools and settings icon here. your setup might look a little bit different, but there should be a setup column somewhere and if you click on access and security, then it's going to take you to a page that looks like this initially and, depending on how many users you have, you'll have each user listed here as well as their access level, when they last signed in and their authentikation method. so Google ads is starting to require two-step verification and you'll be able to see that as well as who invited them. so if you invite somebody, it'll say that it was invited by you and then you can also remove access and see when users were added and everything here. so this is, you know, the user management. you can click here to add new users. I have a whole video that goes into adding new users, which I'll link in the description below if you want to watch that. but there's also these other options up here that most people are a little confused by, and so we'll take a little further look into these. so this is the users, and users is going to be people within your organization, which it'll make more sense when we get to the last element, the security element here. but, um, if you want to think of it through domain email, like Travis at examplecom, right, um, that would be a domain email that would be like somebody in the organization, and so then you could have Sarah at examplecom and Tom examplecom and all of these different emails within one organization, and that's going to be the users section. typically, if you want to add somebody from outside of your organization, like, say, an agency that runs your PPC ads, then you would actually want to do that from the manager section here. so if you click on managers here, it's going to take you to a page that looks like this, and if you don't have any managers added in, then it's going to be blank, because managers have to request access to your account. so if you have a PPC agency that wants to work with you. they'll most likely request the ad ID- in the top right hand corner of your account looks like a phone number- and then they'll take that, put it into their manager account and then you'll get a pop-up in here that'll say such and such agency is requesting access to your account and then you can approve it or deny it or remove and manage to the ownership or the access just like you would with regular users. the difference is users are, you know, people within your company. typically managers are outside, like companies, ad agencies, stuff like that. and then security. this last section here is is related to this First Column. remember we were saying how you can add a whole bunch of people on One domain. well, it, it's sort of set up that way. it actually has allowed domains right here. so if you click on this you can edit the allowed domains. so you could do you know examplecom and you could add in. let's say you have two or three companies that you're advertising in one Google ads account and you have a manager from each company you know you could add in the different domains and then the team members from that you know those different organizations would be able to log into the account and then, of course, you need to click save here to save that um, and then you've got, you know, identity verification, two-step verification, all that good stuff, some security suggestions, but the main thing when it comes to security is this: allowed domains. in fact, if you try to add a user into your account that's not, uh, part of one of your allowed domains, it's just not going to allow you to do that. it's going to give you an error message and then you actually have to come over here, click in here, add another domain, you know whatever it is- gmailcom or whatever- and then save it and then you'll be able to add that person with that domain. and Google has set that up such that you can't just have random people getting added into the account. right, and it's it's a kind of a second layer of security, because you know, ultimately you don't want random people in your account that don't belong in there. um, I hope this was helpful as a way to understand Google ads access and security on a deeper level. if there's anything you did have questions about, don't hesitate to reach out. you can just drop your questions in the comment section below and I'll be sure to get back to them there. look, if you're the type of person that just doesn't even want to deal with Google ads anymore and you can always reach out to me- my company is Missoula SEO geek. I'll leave a link to my website down below. but we do manage Google ads for different companies and different Industries and you can come learn about what we do, what makes us unique. you can even read some of the testimonials from some businesses that we've taken from zero to over a million in Revenue- like this one here- and really just see that you know this is the type of thing that's going to explode your business growth. so feel free to reach out. you can always give us a call or contact us through our website and look forward to working with you. [Music].

Azure Active Directory (AD, AAD) Tutorial | Identity and Access Management Service

hey guys, this Adam. today I want to tok about other Active Directory, because it doesn't matter what kind of role you are playing in your organization. you should at least cover the basics and understand the basic of either Active Directory today, an introduction into this great service. stay tuned. [Music]. outer Active Directory is your cloud-based identity provider, but also access management service, and if you use any of the services like Skype, onedrive or Outlook, you already are a customer and the user of a direct in directory because it is a centralized service for all of those services. so when you log into your life ID, you are in fact logging to order ID to access any of those services. if you work in an organization and that organization has office 365 and Microsoft 365 services like teams power, bi, sharepoint, onedrive for business or any other service from that package, you again use Azure Active Directory to login to any of those services. and if you use Azure- well, the same applies- you use Azure Active Directory to connect to other to access your subscriptions, research groups and your services that you purchased. it is again a centralized service for your Identity and Access Management. and if you are a web developer, you can use Azure Active Directory to secure the access to your custom web services and applications so that you have unified experience and single sign-on for all your users and your organization. before we move to what is identity provider, let's tok about what is identity itself. an identity is a thing that gets authentikated. an authentikation is simply set a process of verification of the identity in the request. so if you are sending a request as Adam, a service needs to verify whenever this is a proper request actually send by Adam, and the identity itself can be a user with user name and password, but it also can be an application or a service which will authentikate using secret keys and certificates. now that we know what identity is, let's tok about the classic approach of building applications without the use of identity provider. first of all, you usually have a client and that client will connect to the server. in order to authentikate to that server, a set of credentials needs to be sent. if that's a user, this might be a username and password. server at that point needs to verify whenever that user and the credentials provided are correct. this, the classic approach, usually was done through some sort of user database, where application was storing all the users and all the credentials and its own database. once the verification was done, server was returning the result back to the client. this approach was very commonly used about ten years ago, when the desktop and web applications were almost always containing its own user databases, because identity providers didn't exist at that time. so what kind of challenges is architecture poses? first of all, if you need to implement any additional security features, it takes a lot of time and a lot of money to do that. even implementing the simple user database and containing user credentials there is a very time-consuming task. second of all, you introduced a new security risk for your application because of that user database. you need to maintain user information there, usually some personal data and their credentials. I think most of us heard at least once in our lifetime that some application lost its users and their credentials due to security leak or hacking. this is because they were maintaining their own user databases and they did not secure it properly. if you can avoid this, well, why not? one additional challenge that you have by using this classic approach is having client connect to multiple services, as that client will need to remember multiple username and multiple passwords. if it's a client application, you will need to store and maintain all of those again, if your team is managing those virtual machines, SQL databases, they will also need to provision multiple users and maintain all of them and, of course, this ends up being more work for your clients but also your operation teams. now that we have covered classic approach and the challenges, let's tok about identity provider and the benefits. in the same scenario of the client connecting to the server, we introduce either a D as the identity provider for the client and for the server, in which case client, instead of sending its credentials to the server, it sends them to our ad. in exchange from Azure ad, it retrieves a token. token is a small encoded information about the client and its identity. this token is then exchanged with the server in order to perform the request. the instead of credentials, you send a token and the server, based on a trust relationship with Azure ad, connects to it, retrieve some basic information and performs token verification. once the token is verified that the client is the one who it claims to be, a result is returned back to the client. in most cases, this is done automatikally through SDKs. so if you're building web applications or using out-of-the-box features in Azure, this is super easy to set up, while this looks a bit more complicated on a diagram. it is so much easier to set this up versus building your own identity solution for your application. and one additional benefit is that that user database is no longer here, because all the identities, all the users are stored with an azure ad. so the benefits that you get here are, first of all, let's go back to our scenario. if you have mu client connecting to multiple services, it connects to our ad instead and retrieves a token, and then a token is exchanged with all of those services so that those services just need to configure the trust relationship between their services and are ready, and then they don't really have to maintain the users at all. it will only need to maintain the authorization part. another user is allowed to use those services at the account itself. this is outsourced to our ad, and the same goes for client. it will only need to remember a single set of financials and use them with Azure ad. besides this, the obvious benefits here is centralized user management. so for your IT teams, they just go to Azure ad and manage all their clients, their applications, there. second of all, we have top-notch security, as Microsoft was perfect in our ad for many, many years now, the state-of-the-art security that you just get to use or pretty much free. lastly, our ad has a lot of additional security features that you get to use- the spy using Azure ad, like MF a very often we use these days. MFA is a process where, besides sending credentials like username and password, you also need to send additional information, like a text message from your mobile phone or click on the notification on the mobile application. so to summarize, identity provider is a centralized service that allows you to implement identity management for your applications in a single place and reuse them across more plication and services. now that we know what it is, let's tok about. who should learn about our ad? first of all, IT administrators, because they are the ones we'll be configuring the multi-factor authentikation, synchronizing your users with your on-premises, because they are the ones we'll need to protect your users and your organizational assets, and our ID has a lot of features to help with that. second of all, application developers should learn about our Jarecki, because it allows you to provide that identity management service for your web application and services that you create. if users already signed into our ID, you can take advantage of single sign-on, so they will not have to retype their credentials whenever using your application, which is super, super nice when it comes to user experience in your applications. additionally, our ad allows you to create personalized experience with all the additional services, like Microsoft graph, that it provides, and if you're integrating with other services, by they're exposing your API to those services.

More:How To POST On Pinterest TUTORIAL (2022) - How To Use Pinterest For Beginners

Google Ads Manager Accounts - How to Connect and Manage Your Clients Accounts With Google Ads

what's up everyone, welcome to the surfside ppc youtube channel. today i'm going to be going over google ads manager accounts. so if you're trying to start a ppc agency or you want to run ads for clients, the way to do that with google ads is creating a manager account. it used to be known as my client center mcc because it was a place to manage your clients accounts. now it's just called a manager account. you can see, here can help you manage multiple accounts with a single login and dashboard, so you don't need to log in separately to every single account that you're managing. you have it all in one place. now, in order to get started, what you want to do first is create a google account that you're going to use as your manager account. so, for this example, what i'm going to do is, since i already have a manager account through surfside ppc, i'm going to actually just create a new manager account using my beachfront decor google ads account. i don't really run google ads for beachfrontdecorcom, so what i'm gonna do is create one using this account and then i'm gonna add my farmhouse goals google ads account into this manager account. so i'm going to show you how to do that today. so what you want to do is you want to start at this url right here, and i'll put this url in the video description so you can easily find it. you could also just do a quick google search for google ads manager accounts and it's going to be the first link that pops up. now what you want to do is, after you create your google account- if you don't have one already- you want to click on create a manager account. so what it's going to say is: confirm your business information. you want to start with an account display name. then it's going to say: primary use of the account: manage other people's accounts or manage my accounts. so this can also be useful if you have multiple accounts for your business. so, for example, with surfside ppc, if i'm running ads for beachfront decor, for surfside ppc, for farmhouse goals, i can manage all that in one place. so there's different reasons you might want to create a manager account, but what i'm gonna do here is just do: okay, so i have beachfront decor manager account. i'm just gonna do: manage other people's accounts, building country: united states time zone, new york time and currency: us dollar, and we're gonna click on submit and that's pretty much it. now it's saying congrats, you're all done. we're gonna click on explore your account. so what you're gonna see- that's a little bit different- is you can see google ads beachfront to core manager account. so from here we have overview and you're also gonna see accounts here. so any of the accounts that i'm managing are going to show up here in account. so if i click on performance, you're going to see here it's going to show level directly linked and saying: nothing matches your filters. try changing level filter from directly linked to all. so i haven't actually linked any accounts to my manager account. so if we click on all here, you can see nothing matches my filters. so i have no accounts in here. so what i want to do first is add my own accounts, my manager account, so you can see here- here's my beachfront decor- google ads account and if we come over here and we click on the plus sign, so we're in accounts, we clicked on performance. there's nothing showing up here because we have no accounts here yet. we want to click on the plus sign. you can create a new account here or link an existing account. so this is usually what you're going to do, especially if you're taking over a client that already had campaigns running. you want to click on link existing account and what it's going to say is: link existing accounts, enter the customer ids you want to link to your manager account. so what i need to do is come back over here and take my id. that's right at the top here. so again, it's going to look like a phone number. it's 550-970-9685. so we're going to copy that. i'm going to delete the email when i click on paste, so we'll get rid of the email here. so all we have to do is send. enter this customer id for our existing account and we can click on send request. now you can see here pending link requests: customer id: 550-970-9685. the expiration date is one month from today. okay, so in order to add an account into my manager account, it's going to send an email to the email for my existing account here. so this is my google ads account for beachfront decor. now over here is my beachfront decor manager account. so what i want to do is add this account into my manager account. so what's going to happen is it's going to send an email to mybeachfrontacoregmailcom email and it's saying: you have an account access request saying beachfront to court. gmailcom wants to link your google ads account to their manager account. beachfront to core manager account. if you accept, the users of the manager account can view, edit and manage your account and its campaigns to grant access. accept the request. so when you're sending this to a client, they're gonna have to go in their email and accept this request. so you're going to have to communicate that with your client in order to get access to manage their account. so i'm going to click on accept request here and what you're going to see is it's going to bring me to this access and security page. so in access and security you can see users manager security. so it's saying link requests from the manager account. so again, your client's gonna have to come in here and accept this. grant access. okay, so now it's link request is accepted. so now if i come back over to my manager account and i refresh this page, you can see now that i'm in accounts and performance, it's showing my actual account here. so if i click on this, it's going to open up this google ads account and you can see here now, through my manager account, i have access to my google ads account for beachfront decor. when you click on the drop down, you're going to see something that looks like this: all beach run to core manager account accounts. so right here, you can see. if i click on this id, it's going to open up beachfront to core. now, the other thing that you can tell a client is if they don't want to go into their email or something like that, if they go to tools and settings and then under setup, you're going to see access and security. so if they go to their google ads account and click on access and security, you can see the users for an account, you can see the managers for an account. so, right here, the beachfront decor manager account. in order to remove access, all you need to do is click remove access and that link that we just created is going to be gone. so, coming back over here and we're back into our manager account. i can manage all these any way i want to, so i can create a brand new campaign. i can edit existing campaigns. now, let's say, i want to add my farmhouse goals account into my beachfront decor manager account. what, what i would do is come back over here and we're gonna have to go back to our beachfront decor manager account. come back to the account level. so what we're gonna do is click on the plus sign again. again, we can create a new account or link an existing account. so you're going to have to have your client send you the customer id, like we went over before. but if i open up my farmhouse goals account, what i can do is again take this my account id here. we're going to copy it, we'll come back over to our manager account and we're going to enter the customer id here again and click on send request. so that'll send that request. you can see we have a pending link request here. so now what i need to do is come back over to my google ads account tools and settings, go to setup, access and security, and what we're going to do is click on this managers tab here and you're going to see we have a pending link request here from the beachfront to core manager account. so what i can do is click on accept, grant beachfront to core manager account access. yes, we're going to grant access. and now you can see here i

More:10 Perennially Hot-selling Products for Dropshipping Starters in 2020

Adding A Custom Member Login and Page Restrictions in Wix | A COMPLETE Guide 2021 - Wix.com

what's going on? wix nation mps here from wix training academy, and today i've got a special video for you. i'm going to show you how to add a member login and a custom member login, as well as how to add member page restrictions on your which website. it's no doubt that this has been a very clear winner of what is needed from the wix community, what you guys would like to learn, because so many of you in 2020 shifted to producing online content, online courses that require membership or membership restrictions and things of that nature, and due to that, i'm going to be making my update video right here, right now. about a year ago, i made a video on this, but a few things have changed, and i'm also going to be showing you how to do the custom member login as well. i'm sure you guys are so ready to jump into today's content, as am i, but if you haven't already, i would love to have you join our wix nation community, and that all starts by smashing that subscribe button and turning those bell notifications on, so you don't miss any content here on the channel, oh, and you'll also plug into the largest wix training community on the internet. it's a phenomenal place to be. we're only continuing to grow, thanks to you guys, and we've got some incredible content on the way and also smash that like button for youtube's algorithm. alright, let's go ahead and jump into today's video. okay, guys, so we are here in our wix editor. now i'm going to start this video showing you the traditional way to set up your member login- the traditional universal wix member login- and then i'm going to show you the custom member login and what that process looks like, and then we'll conclude the video by going through the page restrictions and showing you how to add that. so, to start, you're here in your editor and, in order to even enable membership functionality on your website, what you're going to want to do is go over here to this add button and then you're going to want to scroll down to members. when you click that, you're going to want to click add to site. so when you do this, which is actually going to work its magic and it's going to add a members area to your website- and you'll notike something happens here, and this is how easy it is to add the wix universal member login. so what you'll notike is up here at the top: there is a login bar added. so i just showed you step one of adding a member login to your wix website and actually this login bar acts as a couple things. so if we go up here and we click it, we press setup login bar. we can choose a couple of things here. so first, what is shown on this bar? is it the profile pic and the members name which would come in this format? is it just the profile picture in the drop down or is it just the member's name in a drop down? you can choose what that looks like and customize the feel of that. you can also choose what does the bar say before someone logs in. is it login? is it enter? whatever you want the verbage of your website to be? that's what you would write here, and then, obviously, you would say: what's the log out message? is it log out? is it sign off? is it sign out? you can choose that as well, because that will also show up there, and then you could even show a little greeting before the name and choose what that is as well if you'd like to. um, i'm a fan of the profile pic and members name, and then you could even, uh, extend it out a little bit if you want to make your bar bigger so that way it shows more complete names. that's up to you. you choose how big you want your member login bar to be. you obviously don't want it to interrupt your menu or anything else on your heading. but a couple of things right off the bat with the membership login. uh, you'll see the members sign up settings here at the bottom of this. you're going to want to click this and then this gives you some general member signup settings as a universal look at your entire website and the entire membership scope of your website. so first off, you can choose who can become members of your website, because obviously you're gonna have to create a registration process for people to register as members too. right in today's video i'm showing you the login setup and how to get people to log in and then the page restrictions after they've logged in. but if you'd like to see another portion of this where i show the registration segment and a custom registration and the registration portion of members, let me know in the comments below and i'll also make one of that. so that way you guys have like the full scope of it, but you get the log inside of it today. so when this says who can be a member. if you choose everyone, that means no matter what, whoever goes through your registration process can become a member and will be instantly approved as a member. if you choose people, i approve, this means you'll actually have to go into your wix crm in the dashboard and actually physically approve each member that comes through. typically, you're going to do this if it's more of like a paid membership or you're only allowing in like a private community of clients and you want it to be people you approve to ensure that they're already paid up or they're actually part of your client community. that's when you'll use more of that people i approve methodology. otherwise you're usually going to be using everyone. and then as far as which option shows first, so that means on this login bar which shows first a new member sign up, which is obviously favored towards. that means your website is geared towards people that have never signed up before or an existing member login. this means your website is geared to, maybe, clients, where they're going to just log in every time. they're not going to create an account every time. they're just going to log in, and so you have to determine which way yours is geared toward. then you've got social and community. you can enable google and facebook login if you want. if you don't want that ability, you can disable it just by clicking the little check boxes here. and then policies- these are your site's terms of use, privacy policies- and then you can link to these pages that you've created on your website and then you would just press done and again, that gets you going with your wix universal member login. that's the traditional way to do it and there's no customization here. it's just strictly that login bar. so when they log in, it's not going to be branded at all, it's just going to be the bar. personally, i have no problem with that. however, if you'd like a more crafted experience, i'm going to show you the custom login route. so now, if you would like to create a custom login, you first have to choose one of two things: do you want to use a login page or do you want to use a login lite box? and the reason i ask that is because when someone goes and clicks on your menu. so if we go back here and let's just say we add a link, we'll do that afterward, but we'll just say we'll add a link in our menu, pretending like we never had the universal wix login here, because i'm showing you one of two ways. we would add a link to log in. so when someone clicks that, are they going to be taken to a page where they log in, or a light box for the purpose of today's video, i'm actually going to create a login page. previously, in all of my other videos that i've ever shown about creating custom logins, which i've got a few, it's just. this is the most up to date- i did light boxes. i actually just prefer to work with pages over light boxes, although for login and registration purposes, light boxes make a lot of sense. i just want to change the vibe a little bit. if you'd like to see how i did it with a light box, it's the exact same way, but if you'd still like to see it, just to see the difference, i'll link it up in the cards. so now we'll just name this login right and for the purpose of this, i'm going to hide this page for the time being. um, and then what we're going to do is we need to activate our cool- uh, excuse me, it's now velo, velo- by wix developer tools, so you'll go up here.

Import Azure Active Directory Users into Power BI An Step toward Dynamic Row Level Security

hello, this is rezarat from radacad. in this video i'm going to tok about how to import azure active directory users list into power bi. if you worked with power bi, you know that there is no default connector for power bi to get data from azure active directory. uh, there is one for active directory on premises, but not for azure active directory. so i'm going to explain how this is possible and how you can fetch that information. if you are, for example, implementing a row-level security in a dynamic way, you need a table with list of users, and that is one of the reasons that getting data from azure active directory can be quite useful, because if you have that type of data source, then you don't really need to maintain it much. you just import it into power bi desktop and schedule it to refresh. now in power bi, there are a couple of ways you can get data from azure active directory. one of them is using microsoft graph, which i'll explain that separately. it's quite extensive subject by itself. another is a set of powershell commandlets that we can use to export data from azure active directory. in this video i'm going to tok about the command let's uh aspect of azure active directory- how we can import that. so to use that, first you need to run powershell and uh. first of all, i should say special thanks to aaron nelson, who helped me a lot in building the demos of powershells, for this, say, is the expert on powershell. use the links down in the description below in my blog artikle to connect to iron. if you have any powershell questions is here's your guide to answer all of those. so first you need to run powershell, which you can just simply search for powershell, and make sure that you run it as administrator, because some of the functionalities we are going to use requires administrative privilege. once you've done that, then in the windows powershell window, use this script, which is install module az resources. that would basically install all the azure resources that we can then use in in powershell. i already did that, but i just press okay to press enter, just to show you what would happen when you press enter on on this. then what would happen is that it is asking that: do you want to install it or not? uh, which you should answer yes, and then press enter. i already done that, so i'm not going to do it again. after doing this, first you need to connect to your azure account, and there are a number of scripts you can use for that. one of them is this: connect a z account. if you use it without any parameters, that will pop up the um, the login, authentikation of the um of the azure, and. and then you log in with the account that you have, uh, and then follow through again. i've done that already, so i'm not going to do it. uh, if you have, if your account has access to multiple tenants, then in that case you will. one of those tenants will be picked here, unless you use the other parameters for connect dash az account and then specify which tenant, which environment, you are going to connect to. more details of that, again, is down in the description below. there's a link to my blog artikle which explains that. so, after installing the module, after connecting, then the last step is really simple. you just import those users. now you can call it in multiple different ways. uh, the command itself is called get dash az ad user. uh. now, because this will populate all the users, which might be quite extensive, i'll just put a hyphen first, first thing, saying that i just want the first 10 users. now, um, make sure that uh, take a look at documentation for this as well, because it has some other parameters which you can use. so this basically will give me the list of first 10 users and some log information about their login and all those other information which might be helpful. so this would be including guest users and users inside your organization, actually everything. now this in this format wouldn't be really that much useful for you. you preferably- preferably- want this to be stored in csv file, excel file or even a sql server database so that power bi can use it. now there are multiple ways to do it. this command which i'm going to show you is using get azad user again and use convert to csv so that the export is converted to csv and finally, the output file set whatever path you want. this will store that information as a csv file. it might take longer if you have so many users, so you might need to play with some other parameters and after you've done that, it just run fairly fast. again, depends on your list of users. then you would be able to connect from power bi using get data to text and csv and get that information. that information should look like this: this is a sample csv file exported which has all of those fields in it and in power bi, when you import those information, you can apply a couple of steps saying that remove the first row which is a header row, then use first row as header so that will bring these columns types as a header and this will give you all of your users with the user principal name, which is quite important column for relevant security, especially dynamic relevant security, and there is also a column specifically here mentioning that what type of user it is is like guest user or member. guest users are users outside of your organization. so quite simple method to use um. but the consideration here in this video is that the method i showed you here is manual. you have to manually do that, but there is a way that you can schedule it. use a scheduled process to run that powershell script and then power bi refresh automatikally picks it from whatever it stores. i might explain that in another video and, as i mentioned, microsoft graph method is another method to populate that information. i would explain that also in another video. i hope this helps you in your implementation, especially in dynamic role security when your user's base is in azure active directory. if you like this video, go ahead and subscribe into our youtube channel. we have weekly videos on power bi. thank you [Music].

Sign In To Azure Virtual Desktop ONCE

single sign-on, or sso, adds security and convenience for your users so they can sign into their applications, and the public preview is now open for azure's windows virtual desktop to take full advantage of sso. so let's get it set up. [Applause]. i'm dean safola and this is the azure academy. here's our list of prerequisites. we're going to need some certificates from your own active directory certificate authority and before you ask, no, you cannot use an online certificate authority for this. the ca needs to be a member of your active directory and you need to have enterprise admin rights in order to get that working, which means no azure active directory domain services. second, you're going to need active directory federation services, also known as adfs. now, unlike the certificate authority and the templates that we're going to issue from it, adfs should be set up from a certificate that's given to you from an online, publicly trusted certificate authority, because what's going to happen under the covers is this service communication cert is going to be taken by adfs and create an ssl cert that wvd requires to be publicly trusted, or else this isn't going to work. another adfs- best practike is to use group policies in your environment to push out your adfs servers into your security zone that's trusted. that way, your authentikation and logon options will just pass your logon username and password directly to adfs, and your adfs servers are going to need those wvd powershell modules installed on them, and it is recommended to secure your adfs environment with a web app proxy, although i won't be covering that deployment in this partikular episode. if you're interested in a video on web app proxies with adfs, give me a comment down below. next we're going to need to configure azure ad connect to use your adfs farm. and then, finally, the clients. as of this recording, only the windows desktop client and the html5 web client are supported. so step one: let's build our certificate authority. now, if you've already got a certificate authority in your environment, that's the one you should use, and you can just skip ahead in the youtube timeline to the next chapter. for the rest of you. log on to the server that you're going to make your certificate authority and open up the windows server manager at the top. here you want to click on manage and then add roles and features. this will be a role based installation, so click next. the server that you're on will be the one that's selected first, so click next again and in the roles check box. go ahead and select active directory certificate services and be sure that you have the included management tools box checked- you're going to need those as well- then click the add features button and now click next. and then next. one more time and here's all the different roles for your certificate authority. so we want the top one for sure- certificate authority- and then, optionally, you can add the certificate authority web enrollment. this will give your users a web page where they can request new certs from, and if you choose not to do that, that's okay. so i'm going to show you another way to request certs later on. once all that's done, you'll have this little link here you can click to configure your new ca. now our partikular ca in this use case needs to be an enterprise ca, which simply means that it's attached to your domain and you're going to need enterprise admin credentials in order to set that up. so go ahead and put that in and click next. and then you want to select the roles that you picked earlier- in my case certificate authority and web enrollment- and then click next- this does need to be an enterprise ca, not a standalone- and then click next again, and since this is your first certificate authority. this will need to be a root ca and then you will need to add a new private key here on the cryptography page i'm going to set the key length here for 4096 and i'm going to use shock 256 as my hash algorithm and then click next. on the ca name page, i'm just going to take all of the defaults here and click next, and the default of 5 years is just fine for me. click next and then i'm also going to take the defaults on all the database settings and then just review everything and make sure it's right for you and click configure. once all of that's done under the tools menu in your server manager, you'll have certificate authority. now we're gonna have some more certificate templates and things we have to do on our ca. but now let's set up adfs. now, if you already have adfs set up in your environment, just like with the ca stuff earlier, you can skip ahead in the youtube chapter to the next part. but for the rest of you there's a few prerequisites. one is we're going to need a pfx file in order to set up adfs. now. this should come from an online certificate authority. okay, this goes beyond necessarily a wvd setup, like is the focus of today's video. other prerequisites that you're going to need are dns records. so in my active directories, dns, i want to right click on my domains forward lookup zone and select add new host, and adfs is going to be the name for that, and i'll give it my internal private ip address and that'll take care of all the requests inside my network. but wvd is also accessible from the internet, so you're going to need to add a record for adfs in your public dns. mine is hosted in azure and here is my azure dns zone, so i'll click to add a new record at the top. give it a name over here of adfs. this type is going to be an a record, and for this i'm going to use an alias record set. this allows me to tie this record to the public ip address of this azure resource. the nice thing about this is, if my public ip address ever changes, the record will be updated automatikally. so go ahead and select the correct ip address for that and then hit ok at the bottom. so with that we're ready to set up adfs and, just like we did with our certificate authority, you want to click the manage at the top and then add role and feature, select active directory- federation services and click all the ads and nexts. once that's all set up, now we need to configure the role. on the welcome screen. the first option that should be selected is to create your first federation server and then click next. add the appropriate credentials in your environment and click next. click the import button and grab your pfx file that we created earlier. give it your password so you can unlock that private key and then provide a name for your federation server. i'll call mine azure academy and click next. now the recommended way to set up adfs is with a group managed service account. this is a special account that gets created in your active directory and is registered with a service principal name or spn. i'll call mine adfs and click next. and when setting up adfs you have two options for your database: the wid or windows internal database, which is what i'll use today and that's okay in your lab environments. or you can use a sql server database, and that's generally more recommended in your production environment. so you have some high availability in the database and it also gives you a higher user count. so read the documentation and figure out which one you should be using and then click next. and on the review screen, not only make sure everything looks good, but you can also click this button to view the powershell script that's going to create all of this, so you can save it for future reference and automate yourself. click next when you're ready- and that's going to go through a final prerequisite check- and just make sure that everything is good to go, and you should end up with a screen that looks like this: when you're ready, click configure and in the server manager you'll find the adfs console. now that that's done, we need to set up the powershell modules for windows virtual desktop, and i've already got the command written out here, just pulled from the azure documentation. so it's: install dash module, space, dash name and then the name o.