The course is in 6 sections, so I'll separate them by parts. I do have Windows Server experience, and 2019 is new to me, though the general idea is the same.
👋🏾AD Certificate Services can be used to verify user identity and encrypt data with certificates
👋🏾 Install the role on a member server to make it easier. The root Certificate Authority is the most important.
👋🏾 You can make your own certificates with your PKI (private key infrastructure)
👋🏾 The subject name is how someone will be recognized, and for more security, you can specify who can enroll. Can they request certificates, or automatically receive them?
👋🏾 AD Federation Services form trusts across organizational lines to claim the identity of someone in your network as someone who can get resources and permissions. Sort of like the guest accounts in your AD in Azure.
👋🏾 Rights Management Services secures content within files, and even emails. REMINDS ME OF...Azure Information Protection.