Exit

Azure Sas

posted on May 27, 2024, last updated on Saturday, November 23, 2024 at 10:51 AM

Features of Entra ID

SSO access

Ubiquitous device support

Secure remote access

Cloud extensibility

Sensitive data protection

Self-service support

Concepts

Identity

Account

MS Entra account

Azure tenant (directory) - a single organization

Azure subscription

Create user accounts

Lab scenario

Your organization will be using Microsoft Entra authentication. You’ve been tasked with provisioning the required user and group accounts. Membership of the groups should be updated automatically based on the user job titles. You also need to invite guest users from another tenant. These guest users should have only limited permissions to resources in your subscription.

Your organization has these specific requirements:

  • Any user with the Cloud Administrator job title should be assigned to the IT Cloud Administrator group.
  • Any user with the System Administrator job title should be assigned to the IT System Administrator group.
  • Any user that is a member of the IT Cloud Administrator group or the IT System Administrator group should be assigned to the IT Lab Administrator group.
  • A System Administrator in another Active Directory tenant should be invited as guest user with limited permissions.

Architecture diagram

Architecture diagram as explained in the text.

Objectives

  • Task 1: Create and configure Microsoft Entra users.
    • User AZ104-01a-aaduser1 will be a Cloud Administrator assigned the User Administrator role.
    • User AZ104-01a-aaduser2 will be a System Administrator.
  • Task 2: Create AD groups with assigned and dynamic membership.
    • The IT Cloud Administrator group should include any user with the Cloud Administrator job title.
    • The IT System Administrator group should include any user with the System Administrator job title.
    • The IT Lab Administrator group should include any user in the IT Cloud Administrator group or the IT System Administrator group.
  • Task 3: Create a Microsoft Entra tenant. This tenant will be used to demonstrate guest users.
  • Task 4: Manage Microsoft Entra guest users.
    • In the new Microsoft Entra tenant create a System Administrator user, az104-01b-aaduser1.
    • Invite the new user as a guest user to your subscription.

Task 1:

image-20240527213104416

image-20240527213308016

image-20240527213632925

image-20240527213658796

image-20240527213718690

image-20240527213820915

image-20240527213907247

image-20240527213949729

image-20240527214041178

(Requires MFA)

image-20240527214227141

image-20240527214313747 (Able to create new users)

image-20240527214826343

Change the name of the current directory

image-20240527215354687

Dynamic Group Assignment requires P2 license

image-20240527220024294

Create new tenant

image-20240527220359922

Paid license needed if you want to create new MS Entra ID tenant

image-20240527220541905

Invite external users

image-20240527221910165

Recent posts