Azure Classroom Series – 17/Sept/2021

Azure AD

  • Azure AD offers identity management solution for cloud
  • Azure AD offers the following pricing plans
    • Free:
      • This offers most basic features, such as support for 500000 objects, single sign on, Azure B2B for external users, support for Azure AD Connect Syncronization, self-service password change, MFA (app authenticator only) and standard security groups
    • Basic:
      • This offers no object limit, has a SLA of 99.9%, self-service password reset, company branding, and support for the application proxy
    • Premium P1:
      • This offers advanced reporting, full MFA, conditional access and Azure AD connect
    • Premium P2:
      • This offers identity protectiona nd privileged identity management
  • Refer Here for the Azure AD Pricing Plans and Refer Here for the Azure documentation comparing features for Azure AD.

Scenario-1

  • Create users dev1,dev2,dev3 and qa1,qa2,qa3 with default roles.
  • Navigate to the groups in Azure AD and create two groups developer and qa Preview
  • Add dev1, dev2 and dev3 to the developers group
  • Add qa1, qa2 and qa3 to the qa group
  • Now Navigate to All Services -> Subscriptions and select your subscription Preview
  • Now select Access Control Preview
  • Now Add the Role Assignments for the QA group
    • Storage Account Contributor
    • Reader Preview
  • Add the the following Role Assignments for the Developers Group
    • Contributor Preview
  • Now log in to azure portal from a different browser (or inprivate mode) as any developer
    • Create a Resource Group understanding Preview
    • Create a Storage Account Preview Preview
    • Now check access in Resource group for developer using Access control section Preview
    • Also check access for developer in the storage account using Access control section
  • Now login into Azure portal from a different browser as any QA and add tags to the storage account
  • Try adding one more tag released: qa to the resource group Preview
  • Add QA users as contributor at the Resource group level
    • by loging in as Developer & observe the failure
    • by loging in to as the normal user (account which you have created) and try to perform the same
    • Now retry adding tags to the resource group.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin