© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com AZ-104: Microsoft Azure Administrator 1 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com AzureTalk Core Team 2 https://azureezy.com 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 3 Niraj Kumar AzureTalk Founder Enterprise Architect MCT Lalit Rawat, MVP AzureTalk Co-Founder Cloud Architect MCT Today’s Session Speaker https://azureezy.com Vipin Jha AzureTalk Core Team Member, Consultant, MCT 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com AZ-104: Skills Measured ❑ Manage Azure identities and governance (15-20%) ❑ Implement and manage storage (10-15%) ❑ Deploy and manage Azure compute resources (25-30%) ❑ Configure and manage virtual networking (30-35%) ❑ Monitor and back up Azure resources (10-15%) 4 https://azureezy.com Reference : Azure Learn 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Identities & Governance in Azure https://azureezy.com 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Agenda ❑ Azure Active Directory (AD) ❑ Azure Active Directory Editions ❑ Users and groups management ❑ Azure Multi-Factor Authentication ❑ Self-Service Password Reset ❑ Azure Active Directory B2B/B2C ❑ Azure AD Connect ❑ Azure AD Join ❑ Azure Policy ❑ Azure role-based access control (RBAC) ❑ Azure AD Roles 6 https://azureezy.com 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure Active Directory 7 ❑ Cloud based identity Provider. ❑ Controls access to azure resources. ❑ Provides Authentication & Authorization services to Azure Portal, O365 & other SaaS services. ❑ Manage devices using Azure AD. ❑ Ability to invite guest users from other Azure AD (B2B) or Public IDP (B2C) ❑ Supports OAuth, OpenID, SAML & WS-federation authentication protocols https://azureezy.com 

© 2020 AzureEzy and AzureTalk. All rights reserved! “ “ https://azureezy.com 8 Azure Active Directory Authentication https://azureezy.com Reference : Microsoft Docs 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 9 Core Identity and Access Management Directory Objects Single Sign-On (SSO) (unlimited) Multi-Factor Authentication B2B Collaboration Company branding Premium Features Hybrid Identities Advanced Group Access Management Conditional Access Identity Protection Identity Governance Azure Active Directory Editions Features Available 5,00,000 Object Limit Available Available Available Not available Not available Not available Not available Not available Not available Not available FREE Available No Object Limit Available Available Available Available Not available Not available Not available Not available Not available Not available OFFICE 365 APPS Available No Object Limit Available Available Available Available Available Available Available Available Not available Not available PREMIUM P1 Available No Object Limit Available Available Available Available Available Available Available Available Available Available PREMIUM P2 Reference : Microsoft Docs 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure Multi-Factor Authentication 10 MFA enables two factor authentication to secure your logins. Supports following authentication methods. ❑ Microsoft Authenticator app ❑ OAuth Hardware token ❑ SMS ❑ Voice call https://azureezy.com 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Self-service password reset 11 Allows users to reset password without involving helpdesk. ❑ SSPR URL https://aka.ms/sspr ❑ Password change. ❑ Password reset ❑ Account unlock https://azureezy.com 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure AD B2B 12 Azure B2B is business to business collaboration and help partners collaborate using their identities. https://azureezy.com Reference : Microsoft Docs 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure AD B2C 13 ❑ Lets you use your own personal email address ❑ Self service User registration ❑ Allows customization of the registration and sign-in experience ❑ Integration with apps and databases Reference : Microsoft Docs 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 14 Azure AD Connect Azure AD connect enables Hybrid Identity. Azure AD features. ❑ Password hash synchronization ❑ Pass-through authentication ❑ Federation integration ❑ Synchronization ❑ Health Monitoring https://azureezy.com Reference : Microsoft Docs 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Password Hash synchronization 15 https://azureezy.com Reference : Microsoft Docs 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 16 Pass-through Authentication https://azureezy.com Reference : Microsoft Docs 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 17 17 Federation integration Reference : Microsoft Docs 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure AD vs Azure ADDS vs ADDS 18 https://azureezy.com Azure AD Azure AD DS managed domain On-Prem ADDS Authentication OAuth / OpenID Connect/ WS-Federation Kerberos and NTLM protocols Kerberos and NTLM protocols Object Policy Management Mobile Device Management (MDM) software like Intune Group Policy Group Policy Communication HTTP and HTTPS LDAP LDAP Structure Flat/No Forest-domain Hierarchy/ No OU Single Domain/ OU Structure possible with limitation Forest Multidomain hierarchy/OU Structure possible Schema Schema Modification not possible Schema Modification not possible Schema Modification possible 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 19 Directories, subscriptions, and users https://azureezy.com Reference : Microsoft Docs 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure AD Join 20 ❑ Windows deployments of work-owned devices ❑ Cloud-based management of work-owned devices ❑ Access to organizational apps and resources from any Windows device ❑ Users can sign in to their devices using Azure AD or synced Active Directory work or school accounts https://azureezy.com Reference : Microsoft Docs 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure Subscription Types 21 ❑ Pay as you Go subscription. ❑ Microsoft resellers (Cloud Solution Provider -CSP). ❑ Open Volume License. ❑ Enterprise Agreements. ❑ Azure DEV/Test pricing. ❑ Microsoft Azure Hybrid Use benefits. ❑ Azure Government Customers. ❑ Azure Germany Customers. https://azureezy.com 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Governance in Azure 22 Why Azure Governance ? ❑ Organize and Structure Resources ❑ Standardize and define resources ❑ Transparency of resources ❑ Control Access & Costs ❑ Enforce Policies 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure Governance 23 Reference : Microsoft Docs 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure Policy 24 ❑ Allows to create, assign and, manage policies ❑ Runs evaluations and scans for non-compliant resources ❑ Advantages: ❑ Enforcement and compliance ❑ Apply policies at scale ❑ Remediation 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure Policy 25 ❑ Browse Policy Definitions ❑ Create Initiative Definitions ❑ Scope the Initiative Definition ❑ View Policy evaluation results 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Implementing Azure Policy 26 ❑ Import policies from GitHub ❑ Policies written in JSON ❑ Create custom policy definition ❑ Includes one or more policies ❑ Requires planning 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 27 Management Groups 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 28 Management Groups Helps in organization alignment of your subscription First management Group creation might take up to 15 minutes. Apply cost management policy Manage Policy, Access & compliance across multiple subscriptions. Up to 10K management Groups can be created in single tenant. 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure Role-Based Access Control (RBAC) 29 Source: MS-Docs/MS-Learn 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Resource tags 30 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Azure Cost Management 31 Reference : Microsoft Docs 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 32 Azure AD roles ❑ Azure AD Roles works on least privilege principle. ❑ Azure AD Roles work at tenant level. ❑ Global administrator ❑ Service Administrator ❑ Billing Administrator 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 33 Azure RBAC roles vs Azure AD roles RBAC Roles AD Roles Apply To Azure resources Azure AD resources (particularly users, groups, and domains) Scope Management groups, subscriptions, resource groups, and resources. Azure AD has only one scope Custom Role Supported Not Supported Reference : Microsoft Docs 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 34 Break 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com Demo 1. Creating Azure AD users, Dynamic Groups and adding user dynamically to those group. 2. Synchronizing On-prem AD with Azure AD. 3. Delegating role assignment to Azure resources using RBAC. 4. Using Azure policies and tags with Azure resources. 5. Managing Azure resource’s cost. 6. Protecting Azure resources using resource locks. 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 36 Q & A 

© 2020 AzureEzy and AzureTalk. All rights reserved! https://azureezy.com 37 https://bharatguru.in https://azureezy.com https://azure4you.com Thanks! https://azureezy.com/az-104 https://t.me/AzureTalk https://youtube/AzureTalk https://www.linkedin.com/in /nirajkum/ https://www.linkedin.com/in /vipinkumarjha/ https://www.linkedin.com/in /lalit-rawat-53889613/