The IT Melting Pot!

Here you can find a ton of great guidance material for Azure operations by mzbowe! Really good summary!

This is a collection of Azure Infrastructure installation and operational guidance resources I provide to my customers.  By keeping these links up to date with each engagement, all of my customers may benefit.  Hopefully you can too!  The latest Azure updates will always be at Azure service updates.  Make it part of your operational procedure to review that monthly, if not weekly!  In 2015, there were over 500 updates. Wow!

The goal of this guide to highlight core installation and operational procedures for an Azure IaaS deployment which predominantly will consist of Compute, Network and Storage resources.  This article Azure Infrastructure Services Implementation Guidelines, gives a pretty good run down of what needs to be created and in what order. The resources I will keep updated below pretty much follow most of those resources in the last link. But for now, there is a very important piece of that puzzle missing.  For the newer Azure Resource Manager (ARM) model of deployment, we need to plan, design and create Azure Resource Groups. Once we have Resource Groups, we can delegate administration with Role Based Access Control (RBAC).

Besides all this, if you just need to ramp up and learn more on Azure, go to the Azure Learning Paths page.  Check it out and learn something new! I also have my Azure Certification resources (Slides and Videos) from MS Ignite 2015, to get you certified and ready to go!

• aka.ma/Certification/70-533 |  Microsoft Azure Infrastructure Certification Prep
• aka.ma/Certification/70-534 | Microsoft Azure Architecture Certification Prep

Azure Active Directory

• How Azure subscriptions are associated with Azure Active Directory
  • This is an important link to read and understand.  Microsoft Azure does not equal Azure Active Directory. If you create a brand new Azure subscription, you will have an Azure Active Directory tenant by default. But, sometimes companies have Office 365 first, without an Azure Subscription. With Office 365, you get an Azure Active Directory tenant for free. That is your cloud directory.  It can be standalone. Or many companies will synchronize or federate with their on-premises identities.  But, an Azure AD tenant for Office 265 is not necessarily tied to an Azure Subscription.  An Azure subscription is just another service like Office 365.  If your company is going to have both, then the KEY goal is that both of those connect to the same Azure Active Directory tenant. So if you started Office 365 and made the primary domain name contoso.com, then when you login to create an Azure subscription, make sure to do so with a Global Admin account in the contoso.com Azure AD tenant that you use to administer Office 365. See Manage the directory for your Office 365 subscription in Azure.
• Azure Active Directory editions
  • Before you get too excited about everything you discover on the azure website, make sure you know what version you have.  There are many flavors and enterprise agreements. Depending on the version you have, you may have more or less services available to you. Azure Active Directory Premium will get you the whole kitchen sink.  But there are different ways to get that as well e.g. an Enterprise Mobility Suite license.
• Hybrid Identity Design Considerations
• The Four Pillars of Identity – Identity Management in the Age of Hybrid IT
• Azure Active Directory Authentication Protocols
• Authentication Scenarios for Azure AD
• Azure Active Directory federation compatibility list: third-party identity providers that can be used to implement single sign-on
• Azure AD terminology
• Getting started with Azure Multi-Factor Authentication in the cloud
• Azure AD Privileged Identity Management

Azure AD Operational Guidance

• Administer your Azure AD directory
• Assigning administrator roles in Azure Active Directory (Azure AD)
• Create or edit users in Azure Active Directory
• Azure AD Password Reset for Users and Admins
• Managing access to resources with Azure Active Directory groups
• View your access and usage reports which is part of
  • Azure Active Directory Reporting Guide

In the original Azure Portal, http://manage.windowsazure.com, the primary control of overall administration was at the subscription level. Now, in the new Azure Resource Manager (ARM) mode, there are fewer justifications for multiple subscriptions as there were before in the Azure Service Management (ASM) model e.g. administration only at the top level.  Now in ARM, you can control administration at the subscription level, Resource Groups, and at the Azure Resources contained within. For more on those differences, see Understanding Resource Manager deployment and classic deployment. You can only create Azure Resources to leverage ARM deployments and RBAC by using http://portal.azure.com.  So stop using that old portal; unless you just have to.  For more on that, read Azure portal availability chart.

Subscription

Before you can do anything, you not only need an Azure subscription, but you also need to know how many, if more than one, and what the limits are. Simpler is always the best. In the ARM deployment model now, things like separation of billing and delegation of administration no longer require separate subscriptions.  Billing can be even more with tagging and RBAC gives even more flexibility to control administration across your portal.

• How to sign up for, purchase, upgrade or activate an Azure subscription
  • If you don’t have an Azure subscription, this is where to start before anything else below.
• Subscription Service Limits
• How Azure subscriptions are associated with Azure Active Directory
• Move resources to new resource group or subscription
• Transferring an Azure subscription

Read more here!

//Richard