Azure Classroom Series – 18/Nov/2020

Azure AD and Subscriptions

  • Relation b/w Azure AD and Azure Subscription Preview
  • Lets create two users in azure active directory Preview Preview Preview
  • Assigning permissions to the user
    • When managin access tp Azure Subscriptions & resources, it is recommended to use AZURE RBAC (Role Based Access control) whenever possible
    • Azure Adminsitrative Roles
      • Account Administrator: Only 1 user per account
        • Authorized to access account center (create, cancel subscriptions, change billing, change service administrator and more)
      • Service Administrator: Only 1 user per account
        • Authorized to access azure management portal for all subscripitons in the account.
      • Co-Administrator: 200 per subscription
        • Same as Service Administrator but cannot change the association of Subscriptions to Azure Active directory
    • Roles can be assigned to the user at
      • subscription level
      • resource group level
      • resource level
    • Exercise: Create a reader role at subscription and then at the resource group level assign the contributor rule to a user
  • We can create users and assign them permissions using Roles
  • Groups can be created and permissions can be given to groups rather than users to reduce overhead.
  • In Enterprise World,
    • Users are already created in Active Directories
    • Permissions might need to be customized in some cases
  • Next Steps:
    • Understanding Azure Active Directory
    • Understanding Azure RBAC, Management Groups , Azure Policy
  • Exercise:
    • Create a Domain Controller with few users and groups in Windows 2016 Server.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin