AZ-104 Session1 Manage Azure Identities and Governance

Transcript

1. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com AZ-104:

   Microsoft Azure Administrator 1

2. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com AzureTalk

   Core Team 2 https://azureezy.com

3. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 3

   Niraj Kumar AzureTalk Founder Enterprise Architect MCT Lalit Rawat, MVP AzureTalk Co-Founder Cloud Architect MCT Today’s Session Speaker https://azureezy.com Vipin Jha AzureTalk Core Team Member, Consultant, MCT

4. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com AZ-104:

   Skills Measured ❑ Manage Azure identities and governance (15-20%) ❑ Implement and manage storage (10-15%) ❑ Deploy and manage Azure compute resources (25-30%) ❑ Configure and manage virtual networking (30-35%) ❑ Monitor and back up Azure resources (10-15%) 4 https://azureezy.com Reference : Azure Learn

5. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Identities

   & Governance in Azure https://azureezy.com

6. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Agenda

   ❑ Azure Active Directory (AD) ❑ Azure Active Directory Editions ❑ Users and groups management ❑ Azure Multi-Factor Authentication ❑ Self-Service Password Reset ❑ Azure Active Directory B2B/B2C ❑ Azure AD Connect ❑ Azure AD Join ❑ Azure Policy ❑ Azure role-based access control (RBAC) ❑ Azure AD Roles 6 https://azureezy.com

7. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure

   Active Directory 7 ❑ Cloud based identity Provider. ❑ Controls access to azure resources. ❑ Provides Authentication & Authorization services to Azure Portal, O365 & other SaaS services. ❑ Manage devices using Azure AD. ❑ Ability to invite guest users from other Azure AD (B2B) or Public IDP (B2C) ❑ Supports OAuth, OpenID, SAML & WS-federation authentication protocols https://azureezy.com

8. © 2020 AzureEzy and AzureTalk. All rights reserved! “ “

   https://azureezy.com 8 Azure Active Directory Authentication https://azureezy.com Reference : Microsoft Docs

9. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 9

   Core Identity and Access Management Directory Objects Single Sign-On (SSO) (unlimited) Multi-Factor Authentication B2B Collaboration Company branding Premium Features Hybrid Identities Advanced Group Access Management Conditional Access Identity Protection Identity Governance Azure Active Directory Editions Features Available 5,00,000 Object Limit Available Available Available Not available Not available Not available Not available Not available Not available Not available FREE Available No Object Limit Available Available Available Available Not available Not available Not available Not available Not available Not available OFFICE 365 APPS Available No Object Limit Available Available Available Available Available Available Available Available Not available Not available PREMIUM P1 Available No Object Limit Available Available Available Available Available Available Available Available Available Available PREMIUM P2 Reference : Microsoft Docs

10. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure

    Multi-Factor Authentication 10 MFA enables two factor authentication to secure your logins. Supports following authentication methods. ❑ Microsoft Authenticator app ❑ OAuth Hardware token ❑ SMS ❑ Voice call https://azureezy.com

11. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Self-service

    password reset 11 Allows users to reset password without involving helpdesk. ❑ SSPR URL https://aka.ms/sspr ❑ Password change. ❑ Password reset ❑ Account unlock https://azureezy.com

12. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure

    AD B2B 12 Azure B2B is business to business collaboration and help partners collaborate using their identities. https://azureezy.com Reference : Microsoft Docs

13. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure

    AD B2C 13 ❑ Lets you use your own personal email address ❑ Self service User registration ❑ Allows customization of the registration and sign-in experience ❑ Integration with apps and databases Reference : Microsoft Docs

14. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 14

    Azure AD Connect Azure AD connect enables Hybrid Identity. Azure AD features. ❑ Password hash synchronization ❑ Pass-through authentication ❑ Federation integration ❑ Synchronization ❑ Health Monitoring https://azureezy.com Reference : Microsoft Docs

15. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Password

    Hash synchronization 15 https://azureezy.com Reference : Microsoft Docs

16. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 16

    Pass-through Authentication https://azureezy.com Reference : Microsoft Docs

17. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 17

    17 Federation integration Reference : Microsoft Docs

18. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure

    AD vs Azure ADDS vs ADDS 18 https://azureezy.com Azure AD Azure AD DS managed domain On-Prem ADDS Authentication OAuth / OpenID Connect/ WS-Federation Kerberos and NTLM protocols Kerberos and NTLM protocols Object Policy Management Mobile Device Management (MDM) software like Intune Group Policy Group Policy Communication HTTP and HTTPS LDAP LDAP Structure Flat/No Forest-domain Hierarchy/ No OU Single Domain/ OU Structure possible with limitation Forest Multidomain hierarchy/OU Structure possible Schema Schema Modification not possible Schema Modification not possible Schema Modification possible

19. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 19

    Directories, subscriptions, and users https://azureezy.com Reference : Microsoft Docs

20. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure

    AD Join 20 ❑ Windows deployments of work-owned devices ❑ Cloud-based management of work-owned devices ❑ Access to organizational apps and resources from any Windows device ❑ Users can sign in to their devices using Azure AD or synced Active Directory work or school accounts https://azureezy.com Reference : Microsoft Docs

21. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure

    Subscription Types 21 ❑ Pay as you Go subscription. ❑ Microsoft resellers (Cloud Solution Provider -CSP). ❑ Open Volume License. ❑ Enterprise Agreements. ❑ Azure DEV/Test pricing. ❑ Microsoft Azure Hybrid Use benefits. ❑ Azure Government Customers. ❑ Azure Germany Customers. https://azureezy.com

22. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Governance

    in Azure 22 Why Azure Governance ? ❑ Organize and Structure Resources ❑ Standardize and define resources ❑ Transparency of resources ❑ Control Access & Costs ❑ Enforce Policies

23. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure

    Governance 23 Reference : Microsoft Docs

24. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure

    Policy 24 ❑ Allows to create, assign and, manage policies ❑ Runs evaluations and scans for non-compliant resources ❑ Advantages: ❑ Enforcement and compliance ❑ Apply policies at scale ❑ Remediation

25. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure

    Policy 25 ❑ Browse Policy Definitions ❑ Create Initiative Definitions ❑ Scope the Initiative Definition ❑ View Policy evaluation results

26. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Implementing

    Azure Policy 26 ❑ Import policies from GitHub ❑ Policies written in JSON ❑ Create custom policy definition ❑ Includes one or more policies ❑ Requires planning

27. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 27

    Management Groups

28. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 28

    Management Groups Helps in organization alignment of your subscription First management Group creation might take up to 15 minutes. Apply cost management policy Manage Policy, Access & compliance across multiple subscriptions. Up to 10K management Groups can be created in single tenant.

29. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure

    Role-Based Access Control (RBAC) 29 Source: MS-Docs/MS-Learn

30. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Resource

    tags 30

31. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure

    Cost Management 31 Reference : Microsoft Docs

32. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 32

    Azure AD roles ❑ Azure AD Roles works on least privilege principle. ❑ Azure AD Roles work at tenant level. ❑ Global administrator ❑ Service Administrator ❑ Billing Administrator

33. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 33

    Azure RBAC roles vs Azure AD roles RBAC Roles AD Roles Apply To Azure resources Azure AD resources (particularly users, groups, and domains) Scope Management groups, subscriptions, resource groups, and resources. Azure AD has only one scope Custom Role Supported Not Supported Reference : Microsoft Docs

34. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 34

    Break

35. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Demo

    1. Creating Azure AD users, Dynamic Groups and adding user dynamically to those group. 2. Synchronizing On-prem AD with Azure AD. 3. Delegating role assignment to Azure resources using RBAC. 4. Using Azure policies and tags with Azure resources. 5. Managing Azure resource’s cost. 6. Protecting Azure resources using resource locks.

36. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 36

    Q & A

37. © 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 37

    https://bharatguru.in https://azureezy.com https://azure4you.com Thanks! https://azureezy.com/az-104 https://t.me/AzureTalk https://youtube/AzureTalk https://www.linkedin.com/in /nirajkum/ https://www.linkedin.com/in /vipinkumarjha/ https://www.linkedin.com/in /lalit-rawat-53889613/