Book Image

Exam Ref AZ-104 Microsoft Azure Administrator Certification and Beyond - Second Edition

By : Riaan Lowe, Donovan Kelly
4.5 (2)
Book Image

Exam Ref AZ-104 Microsoft Azure Administrator Certification and Beyond - Second Edition

4.5 (2)
By: Riaan Lowe, Donovan Kelly

Overview of this book

Exam Ref AZ-104 Microsoft Azure Administrator Certification and Beyond covers all the exam objectives and will help you to earn the Microsoft Azure Administrator certification with ease. Whether you’re studying to pass the AZ-104 exam or just want hands-on experience in administering Azure, this AZ-104 study guide will help you to achieve your objectives. This book covers the latest Azure features and capabilities around configuring, managing, and securing Azure resources. Adhering to Microsoft's AZ-104 exam syllabus, this guide is divided into five modules. The first module will show you how to manage Azure identities and governance. You'll find out how to configure Azure subscription policies at the Azure subscription level and use Azure policies for resource groups. After that, the book covers techniques related to implementing and managing storage in Azure, enabling you to create and manage Azure Storage, including File and Blob storage. In the second module, you’ll learn how to deploy and manage Azure compute resources. The third and fourth modules will teach you about configuring and managing virtual networks and monitoring and backing up Azure resources. Finally, you'll work through mock tests, with answers provided, to prepare for this exam. By the end of this book, you'll have the skills needed to pass the AZ-104 exam and be able to expertly manage Azure.
Table of Contents (30 chapters)
1
Part 1: Managing Azure Identities and Governance
7
Part 2: Implementing and Managing Storage
11
Part 3: Deploying and Managing Azure Compute Resources
17
Part 4: Configuring and Managing Virtual Networking
24
Part 5: Monitoring and Backing Up Azure Resources

Creating Azure AD users and groups

Azure AD offers a directory and identity management solution within the cloud. It offers traditional username and password identity management, alongside roles and permissions management. On top of that, it offers more enterprise-grade solutions, such as Multi-Factor Authentication (MFA) and application monitoring, solution monitoring, and alerting.

Azure AD can easily be integrated with your on-premises Active Directory to create a hybrid infrastructure.

Azure AD offers the following pricing plans:

  • Free: This offers the most basic features, such as support for single sign-on (SSO) across Azure, Microsoft 365, and other popular SaaS applications, Azure Business-to-Business (B2B) for external users, support for Azure AD Connect synchronization, self-service password change, user and group management, and standard security reports.
  • Office 365 Apps: Specific Office 365 subscriptions also provide some functionality such as user and group management, cloud authentication, including pass-through authentication, password hash synchronization, seamless SSO, and more.
  • Premium P1: This offers advanced reporting, MFA, Conditional Access, Mobile Device Management (MDM) auto-enrollment, Azure AD Connect Health, advanced administration such as dynamic groups, self-service group management, and Microsoft Identity Manager.
  • Premium P2: In addition to the Free and Premium P1 features, the Premium P2 license includes Azure AD Identity Protection, Privileged Identity Management, access reviews, and entitlement management.

    Note

    For a detailed overview of the different Azure AD licenses and all the features that are offered in each plan, you can refer to https://www.microsoft.com/nl-nl/security/business/identity-access-management/azure-ad-pricing?rtc=1&market=nl.

Creating users in Azure AD

We will begin by creating a couple of users in our Azure AD tenant from the Azure portal. To do this, perform the following steps:

  1. Navigate to the Azure portal by opening a web browser and browsing to https://portal.azure.com.
  2. In the left-hand menu, select Azure Active Directory.
  3. Under the Manage blade of Azure AD in the left-hand menu, select Users | All users. Then, select the + New user option from the top-level menu, as follows:
Figure 1.1 – The Azure AD Users blade

Figure 1.1 – The Azure AD Users blade

  1. We are going to create three users. Add these values that are shown in the following screenshot:
    • Name: PacktUser1.
    • User name: The username is the identifier that the user enters to sign in to Azure AD. Select your domain name, which has been configured, and add this to the end of the username. The default is usually an onmicrosoft.com domain, but in my case, I have assigned a custom domain name, called safezone.fun. In the First name section, I have chosen Packt, and in the Last name section, I have added User1. Therefore, the User name value, in my case, will be [email protected]:
Figure 1.2 – The Azure AD user creation page part 1

Figure 1.2 – The Azure AD user creation page part 1

  1. Leave the sections under Groups and Roles in their default settings for now.
  2. Next, we need to fill in information regarding the following:
    • Block sign in: No
    • Usage location: South Africa
    • Job title: Azure administrator
    • Department: IT
    • Company name: Packt1
    • Manager: No manager selected:
Figure 1.3 – The Azure AD user creation page part 2

Figure 1.3 – The Azure AD user creation page part 2

  1. Click on Create.
  2. Repeat these steps to create two more users: PacktUser2 and PacktUser3.

Now that we have created users in our Azure AD tenant, we can add them to a group in Azure AD.

Creating groups in Azure AD

There are two main group types, as follows:

  • Security groups: These groups serve the same function as traditional on-premises groups, which is to secure objects within a directory. In this case, it is to secure objects within Azure AD.
  • Microsoft 365 groups: These groups are used to provide a group of people access to a collection of shared resources that is not just limited to Azure AD but also includes shared mailboxes, calendars, SharePoint libraries, and other Microsoft 365-related services.

Security groups are used as container units to group users or devices together. There are three main membership types for security groups:

  • Assigned: This is where you manually assign users to a group.
  • Dynamic user: This is where you can specify parameters to automatically group users, for example, grouping all users who have the same job title.
  • Dynamic device: This is where you can specify parameters to automatically group devices, for example, grouping all devices that have the same operating system version.

To create and manage groups from the Azure AD tenant in the Azure portal, you have to perform the following steps:

  1. Navigate to the Azure portal by opening a web browser and browsing to https://portal.azure.com.
  2. In the left-hand menu, select Azure Active Directory.
  3. Under the Manage blade of Azure AD in the left-hand menu, select Groups | All groups. Then, select the + New group option from the top-level menu, as follows:
Figure 1.4 – The Azure AD group creation page part 1

Figure 1.4 – The Azure AD group creation page part 1

  1. Add the following values to create the new group:
    • Group type: Security
    • Group name: Azure Admins
    • Group description: Dynamic group for all Azure Admins
    • Azure AD roles can be assigned to the group: No
    • Membership type: Dynamic User
    • Owners: No owners selected:
Figure 1.5 – The Azure AD group creation page part 2

Figure 1.5 – The Azure AD group creation page part 2

  1. Refer to the following screenshot to add a dynamic query.

For the Dynamic Query rule, the property is jobTitle, the operator is Equals, and the value is Azure administrator, as shown in the following screenshot:

Figure 1.6 – The Azure AD group dynamic query

Figure 1.6 – The Azure AD group dynamic query

  1. Click on Create.

    Tip

    Remember that when using dynamic groups, a Premium P1 license needs to be assigned to the user.

Now that we have created the group, replication takes around 5 minutes. Refresh the Azure web page, and the users will appear as members of the Azure admins group that we just created:

Figure 1.7 – The Azure AD group's dynamic group users added automatically 
based on the membership rules

Figure 1.7 – The Azure AD group's dynamic group users added automatically based on the membership rules

In this section, we took a look at Azure AD users and groups and created a few accounts. We also created a dynamic membership group to include users via dynamic membership rules.

We encourage students to read up further by using the following links, which are based on Azure AD fundamentals such as adding users in Azure AD, assigning RBAC roles, creating Azure AD groups, and also creating dynamic groups in Azure AD:

Next, we are going to look at Azure AUs, specifically where they can be used and how to create an AU.