Azure AD
- Azure AD offers identity management solution for cloud
- Azure AD offers the following pricing plans
- Free:
- This offers most basic features, such as support for 500000 objects, single sign on, Azure B2B for external users, support for Azure AD Connect Syncronization, self-service password change, MFA (app authenticator only) and standard security groups
- Basic:
- This offers no object limit, has a SLA of 99.9%, self-service password reset, company branding, and support for the application proxy
- Premium P1:
- This offers advanced reporting, full MFA, conditional access and Azure AD connect
- Premium P2:
- This offers identity protectiona nd privileged identity management
- Free:
- Refer Here for the Azure AD Pricing Plans and Refer Here for the Azure documentation comparing features for Azure AD.
Scenario-1
- Create users dev1,dev2,dev3 and qa1,qa2,qa3 with default roles.
- Navigate to the groups in Azure AD and create two groups developer and qa
- Add dev1, dev2 and dev3 to the developers group
- Add qa1, qa2 and qa3 to the qa group
- Now Navigate to All Services -> Subscriptions and select your subscription
- Now select Access Control
- Now Add the Role Assignments for the QA group
- Storage Account Contributor
- Reader
- Add the the following Role Assignments for the Developers Group
- Contributor
- Now log in to azure portal from a different browser (or inprivate mode) as any developer
- Create a Resource Group
understanding
- Create a Storage Account
- Now check access in Resource group for developer using Access control section
- Also check access for developer in the storage account using Access control section
- Create a Resource Group
- Now login into Azure portal from a different browser as any QA and add tags to the storage account
- Try adding one more tag
released: qa
to the resource group - Add QA users as contributor at the Resource group level
- by loging in as Developer & observe the failure
- by loging in to as the normal user (account which you have created) and try to perform the same
- Now retry adding tags to the resource group.