Archive
Microsoft Azure IaaS Operations Guidance – #AAD, #RBAC, #ARM, #Microsoft, #Azure
Here you can find a ton of great guidance material for Azure operations by mzbowe! Really good summary!
This is a collection of Azure Infrastructure installation and operational guidance resources I provide to my customers. By keeping these links up to date with each engagement, all of my customers may benefit. Hopefully you can too! The latest Azure updates will always be at Azure service updates. Make it part of your operational procedure to review that monthly, if not weekly! In 2015, there were over 500 updates. Wow!
The goal of this guide to highlight core installation and operational procedures for an Azure IaaS deployment which predominantly will consist of Compute, Network and Storage resources. This article Azure Infrastructure Services Implementation Guidelines, gives a pretty good run down of what needs to be created and in what order. The resources I will keep updated below pretty much follow most of those resources in the last link. But for now, there is a very important piece of that puzzle missing. For the newer Azure Resource Manager (ARM) model of deployment, we need to plan, design and create Azure Resource Groups. Once we have Resource Groups, we can delegate administration with Role Based Access Control (RBAC).
Besides all this, if you just need to ramp up and learn more on Azure, go to the Azure Learning Paths page. Check it out and learn something new! I also have my Azure Certification resources (Slides and Videos) from MS Ignite 2015, to get you certified and ready to go!
- aka.ma/Certification/70-533 | Microsoft Azure Infrastructure Certification Prep
- aka.ma/Certification/70-534 | Microsoft Azure Architecture Certification Prep
Azure Active Directory
- How Azure subscriptions are associated with Azure Active Directory
- This is an important link to read and understand. Microsoft Azure does not equal Azure Active Directory. If you create a brand new Azure subscription, you will have an Azure Active Directory tenant by default. But, sometimes companies have Office 365 first, without an Azure Subscription. With Office 365, you get an Azure Active Directory tenant for free. That is your cloud directory. It can be standalone. Or many companies will synchronize or federate with their on-premises identities. But, an Azure AD tenant for Office 265 is not necessarily tied to an Azure Subscription. An Azure subscription is just another service like Office 365. If your company is going to have both, then the KEY goal is that both of those connect to the same Azure Active Directory tenant. So if you started Office 365 and made the primary domain name contoso.com, then when you login to create an Azure subscription, make sure to do so with a Global Admin account in the contoso.com Azure AD tenant that you use to administer Office 365. See Manage the directory for your Office 365 subscription in Azure.
- Azure Active Directory editions
- Before you get too excited about everything you discover on the azure website, make sure you know what version you have. There are many flavors and enterprise agreements. Depending on the version you have, you may have more or less services available to you. Azure Active Directory Premium will get you the whole kitchen sink. But there are different ways to get that as well e.g. an Enterprise Mobility Suite license.
- Hybrid Identity Design Considerations
- The Four Pillars of Identity – Identity Management in the Age of Hybrid IT
- Azure Active Directory Authentication Protocols
- Authentication Scenarios for Azure AD
- Azure Active Directory federation compatibility list: third-party identity providers that can be used to implement single sign-on
- Azure AD terminology
- Getting started with Azure Multi-Factor Authentication in the cloud
- Azure AD Privileged Identity Management
Azure AD Operational Guidance
- Administer your Azure AD directory
- Assigning administrator roles in Azure Active Directory (Azure AD)
- Create or edit users in Azure Active Directory
- Azure AD Password Reset for Users and Admins
- Managing access to resources with Azure Active Directory groups
- View your access and usage reports which is part of
Azure AD Premium a visionary in Gartner IDaaS Magic Quadrant! I love it! – #Azure, #AzureAD, #IDaaS
This is awesome! I just love what Microsoft is doing with all the cool Azure offerings! That’s also why I’ve been digging deeper into this area lately and also took the Microsoft Specialist – Architecting Microsoft Azure Solutions exam and been playing around with Azure AD, DirSync and ADFS a lot.
Now with the whole release of Windows 10, Azure AD, Intune, ADFS and System Center we’re going to have a lovely story going forward with how to do client management going forward, just take a Windows 1o device, join it through Azure AD, Intune and federation and then sign in using your on-premise AD credentials. On top of that you can also then leverage Azure AD or federation with it for your SaaS apps as well and with SSO, and why not use the Azure connector to make your on-premise web apps available on the Internet with authentication as well!
Microsoft and Azure rocks!
Now also with the magic quadrant from Gartner that shows how well Microsoft is doing! It look very promissing, and just think about combingin all this also with Citrix Workspace cloud going forward! So great! 🙂
Gartner just released their Magic Quadrant for Identity Management as a Service (IDaaS) and after only ~10 months in market, Azure AD premium was placed in the “Visionary” quadrant, far to the right of our competitors for our completeness of vision and our ability to execute, only slightly below companies with established, multi-year track records.
If you are a Gartner client, you can find the report here. We will have a complimentary copy to share soon, so please check back.
We’re really pleased with this result. We believe it validates our vision of providing of a complete solution for hybrid identity management, a solution that includes not just a directory and employee identity management, but full suite of identity capabilities, an integrated device management offering (Microsoft Intune), leading edge information protection (Azure RMS) and a robust set monitoring and security capabilities.
I am especially delighted by this validation because it says a lot about our customers, implementation partners and ISV partners who have worked together with us. They have been awesome about sharing their time and energy every day, to make sure that the products and services we build meet their needs and are helping them position their companies to thrive in the emerging world of cloud and devices.
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft.
Gartner does not endorse any vendor, product…
Continue reading here!
//Richard
Windows Azure Active Directory (AD) has reached General Availability!
This is cool! And I think that it’s a great step in the right direction for many companies! 🙂
Windows Azure Active Directory
Windows Azure Active Directory (Windows Azure AD) is a modern, REST-based service that provides identity management and access control capabilities for your cloud applications. Now you have one identity service across Windows Azure, Microsoft Office 365, Dynamics CRM Online, Windows Intune and other 3rd party cloud services. Windows Azure Active Directory provides a cloud-based identity provider that easily integrates with your on-premises AD deployments and full support of third party identity providers.
Use Windows Azure AD to:
Integrate with your on-premises active directory
Quickly extend your existing on-premises Active Directory to apply policy and control and authenticate users with their existing corporate credentials to Windows Azure and other cloud services.
Offer access control for you applications
Easily manage access to your applications based on centralized policy and rules. Ensure consistent and appropriate access to your organizations applications is maintained to meet critical internal security and compliance needs. Windows Azure AD Access Control provides developers centralized authentication and authorization for applications in Windows Azure using either consumer identity providers or your on-premises Windows Server Active Directory
Build social connections across the enterprise
Windows Azure AD Graph is an innovative social enterprise graph providing an easy RESTful interface for accessing objects such as Users, Groups, and Roles with an explorer view for easily discovering information and relationships.
Provide single sign-on across your cloud applications
Provide your users with a seamless, single sign-on experience across Microsoft Online Services, third party cloud services and applications built on Windows Azure with popular web identity providers like Microsoft Account, Google, Yahoo!, and Facebook.
Read more about the service here!
Pricing
Access Control
Access Control is available at no charge. Historically, we have charged for Access Control based on the number of transactions. We are now making it a free benefit of using Windows Azure.
Directory
The base directory, Tenant, User & Group Management, Single Sign On, Graph API, Cloud application provisioning, Directory Synchronization and Directory Federation, is available at no charge. Certain additional capabilities such as Azure AD Rights Management will be available as a separately priced option.
Read more about pricing here!
//Richard
The IT Melting Pot! 