Microsoft Azure | Lab 01 – Manage Azure Active Directory Identities




View Post: 709 người truy cập bài viết
Tags :

In order to allow Contoso users to authenticate by using Azure AD, you have been tasked with provisioning users and group accounts. Membership of the groups should be updated automatically based on the user job titles.

You also need to create a test Azure AD tenant with a test user account and grant that account limited permissions to resources in the Contoso Azure subscription.

Lab1: Manage Azure Active Directory Identities

Objectives

In this lab, you will:

    • Task 1: Create and configure Azure AD users
    • Task 2: Create Azure AD groups with assigned and dynamic membership
    • Task 3: Create an Azure Active Directory (AD) tenant
    • Task 4: Manage Azure AD guest users

Architecture diagram

Exercise 1

Task 1: Create and configure Azure AD users

    1. Sign in to the Azure portal.
    2. In the Azure portal, search for and select Azure Active Directory.
    3. On the Azure Active Directory blade, scroll down to the Manage section, click User settings, and review available configuration options.
    4. On the Azure Active Directory blade, in the Manage section, click Users, and then click your user account to display its Profile settings.
    5. Click edit, in the Settings section, set Usage location to United States and click save to apply the change.
    6. Navigate back to the Users – All users blade, and then click + New user.
    7. Create a new user with the following settings (leave others with their defaults):

8. In the list of users, click the newly created user account to display its blade.

9. Review the options available in the Manage section and note that you can identify the Azure AD roles assigned to the user account as well as the user account’s permissions to Azure resources.

10 . In the Manage section, click Assigned roles, then click + Add assignment button and assign the User administrator role to az104-01a-aaduser1.

11. Open an InPrivate browser window and sign in to the Azure portal using the newly created user account. When prompted to update the password, change the password for the user.

12. In the InPrivate browser window, in the Azure portal, search for and select Azure Active Directory.

13. In the InPrivate browser window, on the Azure AD blade, scroll down to the Manage section, click User settings, and note that you do not have permissions to modify any configuration options.

14. In the InPrivate browser window, on the Azure AD blade, in the Manage section, click Users, and then click + New user.

15. Create a new user with the following settings (leave others with their defaults):

16. Sign out as the az104-01a-aaduser1 user from the Azure portal and close the InPrivate browser window.


 

Task 2: Create Azure AD groups with assigned and dynamic membership

In this task, you will create Azure Active Directory groups with assigned and dynamic membership.

    1. Back in the Azure portal where you are signed in with your user account, navigate back to the Overview blade of the Azure AD tenant and, in the Manage section, click Licenses.
    2. In the Manage section, click All products.
    3. Click + Try/Buy and activate the free trial of Azure AD Premium P2.
    4. Refresh the browser window to verify that the activation was successful.
    5. From the Licenses – All products blade, select the Azure Active Directory Premium P2 entry, and assign all license options of Azure AD Premium P2 to your user account and the two newly created user accounts.
    6. In the Azure portal, navigate back to the Azure AD tenant blade and click Groups.
    7. Use the + New group button to create a new group with the following settings:

8. Click Add dynamic query.

9. On the Configure Rules tab of the Dynamic membership rules blade, create a new rule with the following settings:

9. Save the rule and, back on the New Group blade, click Create.

10. Back on the Groups – All groups blade of the Azure AD tenant, click the + New group button and create a new group with the following settings:

12.Click Add dynamic query.

13.On the Configure Rules tab of the Dynamic membership rules blade, create a new rule with the following settings:

14. Save the rule and, back on the New Group blade, click Create.

15. Back on the Groups – All groups blade of the Azure AD tenant, click the + New group button, and create a new group with the following settings:

16. Click No members selected.

17. From the Add members blade, search and select the IT Cloud Administrators and IT System Administrators groups and, back on the New Group blade, click Create.

18. Back on the Groups – All groups blade, click the entry representing the IT Cloud Administrators group and, on then display its Members blade. Verify that the az104-01a-aaduser1 appears in the list of group members.

19. Navigate back to the Groups – All groups blade, click the entry representing the IT System Administrators group and, on then display its Members blade. Verify that the az104-01a-aaduser2 appears in the list of group members.


Task 3: Create an Azure Active Directory (AD) tenant

    1. In the Azure portal, search for and select Azure Active Directory.
    2. Click Manage tenant, and then on the next screen, click + Create, and specify the following setting:

3. Click Next : Configuration

4. Click Review + create and then click Create.

5. Display the blade of the newly created Azure AD tenant by using the Click here to navigate to your new tenant: Contoso Lab link or the Directory + Subscription button (directly to the right of the Cloud Shell button) in the Azure portal toolbar.


Task 4: Manage Azure AD guest users.

    1. In the Azure portal displaying the Contoso Lab Azure AD tenant, in the Manage section, click Users, and then click + New user.
    2. Create a new user with the following settings (leave others with their defaults):

3. Click on the newly created profile.

4. Switch back to your default Azure AD tenant by using the Directory + Subscription button (directly to the right of the Cloud Shell button) in the Azure portal toolbar.

5. Navigate back to the Users – All users blade, and then click + New guest user.

6. Create a new guest user with the following settings (leave others with their defaults):

7. Click Invite.

8. Back on the Users – All users blade, click the entry representing the newly created guest user account.

9. On the az104-01b-aaduser1 – Profile blade, click Groups.

10. Click + Add membership and add the guest user account to the IT Lab Administrators group.


Clean up resources:

    1. In the Azure Portal search for Azure Active Directory in the search bar. Within Azure Active Directory under Manage select Licenses. Once at Licenses under Manage select All Products and then select Azure Active Directory Premium P2 item in the list. Proceed by then selecting Licensed Users. Select the user accounts az104-01a-aaduser1 and az104-01a-aaduser2 to which you assigned licenses in this lab, click Remove license, and, when prompted to confirm, click OK.
    2. In the Azure portal, navigate to the Users – All users blade, click the entry representing the az104-01b-aaduser1 guest user account, on the az104-01b-aaduser1 – Profile blade click Delete, and, when prompted to confirm, click OK.
    3. Repeat the same sequence of steps to delete the remaining user accounts you created in this lab.
    4. Navigate to the Groups – All groups blade, select the groups you created in this lab, click Delete, and, when prompted to confirm, click OK.
    5. In the Azure portal, display the blade of the Contoso Lab Azure AD tenant by using the Directory + Subscription button (directly to the right of the Cloud Shell button) in the Azure portal toolbar.
    6. Navigate to the Users – All users blade, click the entry representing the az104-01b-aaduser1 user account, on the az104-01b-aaduser1 – Profile blade click Delete, and, when prompted to confirm, click OK.
    7. Navigate to the Contoso Lab – Overview blade of the Contoso Lab Azure AD tenant, click Manage tenant and then on the next screen, click Delete tenant, click the Get permission to delete Azure resources link, on the Properties blade of Azure Active Directory, set Access management for Azure resources to Yes and click Save.
    8. Sign out from the Azure portal and sign in back.
    9. Navigate back to the Delete tenant ‘Contoso Lab’ blade and click Delete.
5 1 vote
Article Rating
Subscribe
Notify of
guest
1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments