Azure AD and Subscriptions
- Relation b/w Azure AD and Azure Subscription
- Lets create two users in azure active directory
- Assigning permissions to the user
- When managin access tp Azure Subscriptions & resources, it is recommended to use AZURE RBAC (Role Based Access control) whenever possible
- Azure Adminsitrative Roles
- Account Administrator: Only 1 user per account
- Authorized to access account center (create, cancel subscriptions, change billing, change service administrator and more)
- Service Administrator: Only 1 user per account
- Authorized to access azure management portal for all subscripitons in the account.
- Co-Administrator: 200 per subscription
- Same as Service Administrator but cannot change the association of Subscriptions to Azure Active directory
- Account Administrator: Only 1 user per account
- Roles can be assigned to the user at
- subscription level
- resource group level
- resource level
- Exercise: Create a reader role at subscription and then at the resource group level assign the contributor rule to a user
- We can create users and assign them permissions using Roles
- Groups can be created and permissions can be given to groups rather than users to reduce overhead.
- In Enterprise World,
- Users are already created in Active Directories
- Permissions might need to be customized in some cases
- Next Steps:
- Understanding Azure Active Directory
- Understanding Azure RBAC, Management Groups , Azure Policy
- Exercise:
- Create a Domain Controller with few users and groups in Windows 2016 Server.
