Azure Active Directory Contd…..
- Default Directory
- When the account is created we get an azure active directory instance with a primary domain name
*.onmicrosoft.com
- Azure Active Directory has multiple Editions
- The core of Azure AD is a directory of users. Each User has an identity thats comprised of
- User ID
- password
- Other Properties
- The UserID and Password are used to authenticate the user and roles are used for authorization to perform certain activities on Azure AD
- Lets create a user called as
ironman
- Now since we have created a user, lets login and check what is accessible
- Now lets see the resoucre groups for the ironman
- Now lets give read permissions for ironman
- From the above exercise, to manage users effectively, We need to
- Create/Update/Delete Users in Active Directory
- To Set necessary permissions at necessary levels we need to understand the concept of roles and RBAC (Role Based Access Control)
- Exercise:
- Create a user called as thor in your account and give the access to the thor at subscription level as a Reader.
- In Azure if you assign a Role at a parent level by default it will be inherited to the children (Which we can change) i.e. the Role given at subscription level will be inherited to Resource Group Level and Resources Level