Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AZ-104 Session1 Manage Azure Identities and Gov...

AzureEzy
July 19, 2020
Technology
1
370

AZ-104 Session1 Manage Azure Identities and Governance

AzureEzy

July 19, 2020
Tweet

More Decks by AzureEzy

See All by AzureEzy
AZ-900 Session1 Cloud Concept
azureezy
0
290

Other Decks in Technology

See All in Technology
ノーコードデータ分析ツールで体験する時系列データ分析超入門
negi111111
0
420
Engineer Career Talk
lycorp_recruit_jp
0
190
誰も全体を知らない ~ ロールの垣根を超えて引き上げる開発生産性 / Boosting Development Productivity Across Roles
kakehashi
2
230
Platform Engineering for Software Developers and Architects
syntasso
1
520
Lambdaと地方とコミュニティ
miu_crescent
2
370
FlutterアプリにおけるSLI/SLOを用いたユーザー体験の可視化と計測基盤構築
ostk0069
0
110
AWS Lambdaと歩んだ“サーバーレス”と今後 #lambda_10years
yoshidashingo
1
180
SSMRunbook作成の勘所_20241120
koichiotomo
3
160
Terraform Stacks入門 #HashiTalks
msato
0
360
日経電子版のStoreKit2フルリニューアル
shimastripe
1
150
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
0
110
安心してください、日本語使えますよ―Ubuntu日本語Remix提供休止に寄せて― 2024-11-17
nobutomurata
1
1k

Featured

See All Featured
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.8k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
27
840
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
28
2k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
8
900
Happy Clients
brianwarren
98
6.7k
Fireside Chat
paigeccino
34
3k
Making Projects Easy
brettharned
115
5.9k
5 minutes of I Can Smell Your CMS
philhawksworth
202
19k
Building an army of robots
kneath
302
43k
Designing on Purpose - Digital PM Summit 2013
jponch
115
7k
Intergalactic Javascript Robots from Outer Space
tanoku
269
27k

Transcript

  1. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com AZ-104:

    Microsoft Azure Administrator 1

  2. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com AzureTalk

    Core Team 2 https://azureezy.com

  3. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 3

    Niraj Kumar AzureTalk Founder Enterprise Architect MCT Lalit Rawat, MVP AzureTalk Co-Founder Cloud Architect MCT Today’s Session Speaker https://azureezy.com Vipin Jha AzureTalk Core Team Member, Consultant, MCT

  4. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com AZ-104:

    Skills Measured ❑ Manage Azure identities and governance (15-20%) ❑ Implement and manage storage (10-15%) ❑ Deploy and manage Azure compute resources (25-30%) ❑ Configure and manage virtual networking (30-35%) ❑ Monitor and back up Azure resources (10-15%) 4 https://azureezy.com Reference : Azure Learn

  5. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Identities

    & Governance in Azure https://azureezy.com

  6. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Agenda

    ❑ Azure Active Directory (AD) ❑ Azure Active Directory Editions ❑ Users and groups management ❑ Azure Multi-Factor Authentication ❑ Self-Service Password Reset ❑ Azure Active Directory B2B/B2C ❑ Azure AD Connect ❑ Azure AD Join ❑ Azure Policy ❑ Azure role-based access control (RBAC) ❑ Azure AD Roles 6 https://azureezy.com

  7. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure

    Active Directory 7 ❑ Cloud based identity Provider. ❑ Controls access to azure resources. ❑ Provides Authentication & Authorization services to Azure Portal, O365 & other SaaS services. ❑ Manage devices using Azure AD. ❑ Ability to invite guest users from other Azure AD (B2B) or Public IDP (B2C) ❑ Supports OAuth, OpenID, SAML & WS-federation authentication protocols https://azureezy.com

  8. © 2020 AzureEzy and AzureTalk. All rights reserved! “ “

    https://azureezy.com 8 Azure Active Directory Authentication https://azureezy.com Reference : Microsoft Docs

  9. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 9

    Core Identity and Access Management Directory Objects Single Sign-On (SSO) (unlimited) Multi-Factor Authentication B2B Collaboration Company branding Premium Features Hybrid Identities Advanced Group Access Management Conditional Access Identity Protection Identity Governance Azure Active Directory Editions Features Available 5,00,000 Object Limit Available Available Available Not available Not available Not available Not available Not available Not available Not available FREE Available No Object Limit Available Available Available Available Not available Not available Not available Not available Not available Not available OFFICE 365 APPS Available No Object Limit Available Available Available Available Available Available Available Available Not available Not available PREMIUM P1 Available No Object Limit Available Available Available Available Available Available Available Available Available Available PREMIUM P2 Reference : Microsoft Docs

  10. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure

    Multi-Factor Authentication 10 MFA enables two factor authentication to secure your logins. Supports following authentication methods. ❑ Microsoft Authenticator app ❑ OAuth Hardware token ❑ SMS ❑ Voice call https://azureezy.com

  11. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Self-service

    password reset 11 Allows users to reset password without involving helpdesk. ❑ SSPR URL https://aka.ms/sspr ❑ Password change. ❑ Password reset ❑ Account unlock https://azureezy.com

  12. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure

    AD B2B 12 Azure B2B is business to business collaboration and help partners collaborate using their identities. https://azureezy.com Reference : Microsoft Docs

  13. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure

    AD B2C 13 ❑ Lets you use your own personal email address ❑ Self service User registration ❑ Allows customization of the registration and sign-in experience ❑ Integration with apps and databases Reference : Microsoft Docs

  14. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 14

    Azure AD Connect Azure AD connect enables Hybrid Identity. Azure AD features. ❑ Password hash synchronization ❑ Pass-through authentication ❑ Federation integration ❑ Synchronization ❑ Health Monitoring https://azureezy.com Reference : Microsoft Docs

  15. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Password

    Hash synchronization 15 https://azureezy.com Reference : Microsoft Docs

  16. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 16

    Pass-through Authentication https://azureezy.com Reference : Microsoft Docs

  17. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 17

    17 Federation integration Reference : Microsoft Docs

  18. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure

    AD vs Azure ADDS vs ADDS 18 https://azureezy.com Azure AD Azure AD DS managed domain On-Prem ADDS Authentication OAuth / OpenID Connect/ WS-Federation Kerberos and NTLM protocols Kerberos and NTLM protocols Object Policy Management Mobile Device Management (MDM) software like Intune Group Policy Group Policy Communication HTTP and HTTPS LDAP LDAP Structure Flat/No Forest-domain Hierarchy/ No OU Single Domain/ OU Structure possible with limitation Forest Multidomain hierarchy/OU Structure possible Schema Schema Modification not possible Schema Modification not possible Schema Modification possible

  19. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 19

    Directories, subscriptions, and users https://azureezy.com Reference : Microsoft Docs

  20. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure

    AD Join 20 ❑ Windows deployments of work-owned devices ❑ Cloud-based management of work-owned devices ❑ Access to organizational apps and resources from any Windows device ❑ Users can sign in to their devices using Azure AD or synced Active Directory work or school accounts https://azureezy.com Reference : Microsoft Docs

  21. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure

    Subscription Types 21 ❑ Pay as you Go subscription. ❑ Microsoft resellers (Cloud Solution Provider -CSP). ❑ Open Volume License. ❑ Enterprise Agreements. ❑ Azure DEV/Test pricing. ❑ Microsoft Azure Hybrid Use benefits. ❑ Azure Government Customers. ❑ Azure Germany Customers. https://azureezy.com

  22. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Governance

    in Azure 22 Why Azure Governance ? ❑ Organize and Structure Resources ❑ Standardize and define resources ❑ Transparency of resources ❑ Control Access & Costs ❑ Enforce Policies

  23. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure

    Governance 23 Reference : Microsoft Docs

  24. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure

    Policy 24 ❑ Allows to create, assign and, manage policies ❑ Runs evaluations and scans for non-compliant resources ❑ Advantages: ❑ Enforcement and compliance ❑ Apply policies at scale ❑ Remediation

  25. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure

    Policy 25 ❑ Browse Policy Definitions ❑ Create Initiative Definitions ❑ Scope the Initiative Definition ❑ View Policy evaluation results

  26. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Implementing

    Azure Policy 26 ❑ Import policies from GitHub ❑ Policies written in JSON ❑ Create custom policy definition ❑ Includes one or more policies ❑ Requires planning

  27. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 27

    Management Groups

  28. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 28

    Management Groups Helps in organization alignment of your subscription First management Group creation might take up to 15 minutes. Apply cost management policy Manage Policy, Access & compliance across multiple subscriptions. Up to 10K management Groups can be created in single tenant.

  29. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure

    Role-Based Access Control (RBAC) 29 Source: MS-Docs/MS-Learn

  30. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Resource

    tags 30

  31. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure

    Cost Management 31 Reference : Microsoft Docs

  32. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 32

    Azure AD roles ❑ Azure AD Roles works on least privilege principle. ❑ Azure AD Roles work at tenant level. ❑ Global administrator ❑ Service Administrator ❑ Billing Administrator

  33. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 33

    Azure RBAC roles vs Azure AD roles RBAC Roles AD Roles Apply To Azure resources Azure AD resources (particularly users, groups, and domains) Scope Management groups, subscriptions, resource groups, and resources. Azure AD has only one scope Custom Role Supported Not Supported Reference : Microsoft Docs

  34. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 34

    Break

  35. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Demo

    1. Creating Azure AD users, Dynamic Groups and adding user dynamically to those group. 2. Synchronizing On-prem AD with Azure AD. 3. Delegating role assignment to Azure resources using RBAC. 4. Using Azure policies and tags with Azure resources. 5. Managing Azure resource’s cost. 6. Protecting Azure resources using resource locks.

  36. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 36

    Q & A

  37. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 37

    https://bharatguru.in https://azureezy.com https://azure4you.com Thanks! https://azureezy.com/az-104 https://t.me/AzureTalk https://youtube/AzureTalk https://www.linkedin.com/in /nirajkum/ https://www.linkedin.com/in /vipinkumarjha/ https://www.linkedin.com/in /lalit-rawat-53889613/