Scribd Logo
Upload

Welcome to Scribd!

  • Az 104t00a Enu Powerpoint 01

    Uploaded by

    Alejandro Galiana
    82 views24 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    82 views24 pages

    Az 104t00a Enu Powerpoint 01

    Uploaded by

    Alejandro Galiana

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 24

    AZ-104T00A

    Microsoft
    Azure Administrator

    © Copyright Microsoft Corporation. All rights reserved.


    Julio Alcalde - MCT

    © Copyright Microsoft Corporation. All rights reserved.


    About this course: Prerequisites
    Successful Azure Administrators start this role with experience on operating systems, virtualization,
    cloud infrastructure, storage structures, and networking

    Understanding of on-premises virtualization technologies, including: VMs, virtual networking, and


    virtual hard disks

    Understanding of network configuration, including TCP/IP, Domain Name System (DNS), virtual private
    networks (VPNs), firewalls, and encryption technologies

    Understanding of Active Directory concepts, such as users, groups, and role-based access control

    Understanding of resilience and disaster recovery, including backup and restore operations

    © Copyright Microsoft Corporation. All rights reserved.


    About this course: Course Outline

    Module 01: Identity Module 07: Azure Storage

    Module 02: Governance and Compliance Module 08: Azure Virtual Machines

    Module 03: Azure Administration Module 09: Serverless Computing

    Module 04: Virtual Networking Module 10: Data Protection

    Module 05: Intersite Connectivity Module 11: Monitoring

    Module 06: Network Traffic Management

    © Copyright Microsoft Corporation. All rights reserved.


    Hands-on Labs

    You will use a Microsoft Learning Azure Pass to provide access to Microsoft Azure

    Check the dollar balance of you Azure Pass within Microsoft Azure once you have set up your
    subscription

    Be aware of how much you are consuming and do not allow Microsoft Azure components to
    run overnight or for extended periods

    Lab instructions are in a GitHub repository. 

    Each lab creates a new resource group. To minimize costs, remove the resource group at the
    end of the lab

    © Copyright Microsoft Corporation. All rights reserved.


    Module Overview

    Lesson 01: Azure Active Directory

    Lesson 02: Users and Groups

    Lesson 03: Module 01 Lab

    © Copyright Microsoft Corporation. All rights reserved.


    AZ-104T00A
    Module 01: Identity

    © Copyright Microsoft Corporation. All rights reserved.


    Lesson 01: Azure Active Directory

    © Copyright Microsoft Corporation. All rights reserved.


    Azure Active Directory

    Azure AD Concepts

    AD DS vs. Azure Active Directory


    Azure Active
    Directory Azure Active Directory Editions
    Overview
    Azure AD Join

    Self-Service Password Reset

    Review
    © Copyright Microsoft Corporation. All rights reserved.
    Azure Active Directory

    A cloud-based suite of
    identity management
    capabilities that enables you
    to securely manage access to
    Azure services and resources
    for your users

    Provides application
    management, authentication,
    device management, and
    hybrid identity

    © Copyright Microsoft Corporation. All rights reserved.


    Azure AD Concepts
    Concept Description

    Identity An object that can be authenticated

    Account An identity that has data associated with it

    Azure AD account An identity created through Azure AD or another Microsoft cloud service

    A dedicated and trusted instance of Azure AD, a Tenant is automatically created when
    your organization signs up for a Microsoft cloud service subscription​
     ​
    Azure AD • Additional instances of Azure AD can be created​
    tenant/directory • Azure AD is the underlying product providing the identity service​
    • The term Tenant means a single instance of Azure AD representing a single
    organization​
    • The terms Tenant and Directory are often used interchangeably​

    Azure subscription Used to pay for Azure cloud services


    © Copyright Microsoft Corporation. All rights reserved.
    AD DS vs Azure Active Directory

    Azure AD is primarily an identity solution, and designed for HTTP and HTTPS communications

    Queried using the REST API over HTTP and HTTPS. Instead of LDAP

    Uses HTTP and HTTPS protocols such as SAML, WS-Federation, and OpenID Connect for
    authentication (and OAuth for authorization). Instead of Kerberos

    Includes federation services, and many third-party services (such as Facebook)

    Azure AD users and groups are created in a flat structure, and there are no Organizational
    Units (OUs) or Group Policy Objects (GPOs)
    © Copyright Microsoft Corporation. All rights reserved.
    Azure Active Directory Editions
    Feature Free Microsoft 365 Apps Premium P1 Premium P2
    Directory Objects 500,000 objects No object limit No object limit No object limit
    Single Sign-On Unlimited Unlimited Unlimited Unlimited
    Core Identity and Access X X X X
    B2B Collaboration X X X X

    Identity & Access for O365 X X X

    Premium Features X X
    Hybrid Identities X X
    Advanced Group Access X X
    Conditional Access X X
    Identity Protection X
    Identity Governance X
    © Copyright Microsoft Corporation. All rights reserved.
    Azure AD Join

    Single-Sign-On to your Enterprise state


    Azure managed SaaS roaming of user settings
    apps and services across joined devices

    Access to Microsoft
    Windows Hello support
    Store for Business 

    Restriction of access
    Seamless access to
    to apps from only
    on-premises resources 
    compliant devices

    © Copyright Microsoft Corporation. All rights reserved.


    Self-Service Password Reset

    1. Determine who can use self-service


    password reset
    1
    2
    3

    2. Choose the number of authentication


    methods required and the methods
    available (email, phone, questions)

    3. You can require users to register for


    SSPR (same process as MFA)

    © Copyright Microsoft Corporation. All rights reserved.


    Lesson 02: Users and groups

    © Copyright Microsoft Corporation. All rights reserved.


    User Accounts

    Managing User Accounts

    Bulk User Accounts


    Users and
    Groups Group Accounts
    Overview
    Managing Multiple Directories

    Demonstration – Users and Groups

    Review
    © Copyright Microsoft Corporation. All rights reserved.
    User Accounts

    All users must The account is used for Each user account has additional
    have an account authentication and authorization properties

    © Copyright Microsoft Corporation. All rights reserved.


    Managing User Accounts

    Must be Global
    User profile Deleted users Sign in and audit
    Administrator or User
    (picture, job, contact can be restored log information
    Administrator to
    info) is optional for 30 days is available
    manage users
    © Copyright Microsoft Corporation. All rights reserved.
    Bulk User Accounts

    Create the comma-separated Must be signed in as a Global


    Azure AD supports bulk user
    values (CSV) template you administrator or User
    create, delete, and list
    can download from the Portal administrator

    © Copyright Microsoft Corporation. All rights reserved.


    Group Accounts

    Group Types Assignment Types


    • Security groups • Assigned
    • Microsoft 365 groups • Dynamic User
    • Dynamic Device (Security groups only)
    © Copyright Microsoft Corporation. All rights reserved.
    Users and Groups - Review

    Knowledge Check Microsoft Learn Modules (docs.microsoft.com/Learn)

    Create Azure users and groups in Azure Active Directory

    Manage users and groups in Azure Active Directory

    © Copyright Microsoft Corporation. All rights reserved.


    Lab 01 – Manage Azure Active Directory identities

    Lab scenario
    In order to allow Contoso users to authenticate by using Azure AD, you have been tasked with
    provisioning users and group accounts. Membership of the groups should be updated automatically
    based on the user job titles. You also need to create a test Azure AD tenant with a test user account
    and grant that account limited permissions to resources in the Contoso Azure subscription.

    Objectives

    Task 1: Task 2: Task 3: Task 4:


    Create and configure Create Azure AD Create an Azure Manage Azure AD
    Azure AD users groups with assigned Active Directory (AD) guest users
    and dynamic tenant
    membership

    Next slide for an architecture diagram


    © Copyright Microsoft Corporation. All rights reserved.
    Lab 01 – Architecture diagram
    Task 1, Task 2 Task 3

    Default Azure AD tenant


    IT Cloud Administrators IT System Administrators
    Membership type: Dynamic User Membership type: Dynamic User New Azure AD tenant
    Contoso Lab
    Cloud user Cloud user

    az104-01a-aaduser1 az104-01a-aaduser2 Cloud user


    Role: User administrator Job title: System Administrator az104-01b-aaduser1
    Job title: Cloud Administrator Department: IT
    Department: IT
    Job title: System Administrator
    Department: IT
    IT Lab Administrators
    Membership type: Assigned

    Task 4 Guest user

    az104-01b-aaduser1

    Job title: Lab Administrator


    Department: IT

    © Copyright Microsoft Corporation. All rights reserved.

    You might also like