Manage Azure identities and governance – AZ-104 Study Guide

Microsoft has long been a leader in the identity space. This leadership goes back to the intro- duction of Active Directory (AD) with Windows 2000 before the cloud even existed. Microsoft moved into cloud identity with the introduction of Azure Active Directory (Azure AD), now Microsoft Entra ID, which is used by more than 5 million companies around the world. The adoption of Microsoft 365 led to this extended use of Entra ID. These two technologies, how- ever, have very different purposes, with AD primarily used on-premises and Entra ID primarily used for the cloud.

Microsoft has poured resources into making on-premises AD and Entra ID work together. The concept is to extend the identity that lives on-premises to the cloud by synchronizing the identi- ties. This ability is provided by Microsoft Entra Connect and Microsoft Entra Connect Sync. Micro- soft has also invested in extending those identities to enable scenarios such as single sign-on by using Active Directory Federation Services (ADFS), which is deployed in many large enterprises. (Note that Entra Connect and Entra Connect Sync are not covered on the AZ-104 exam.)

Microsoft has continued pushing forward by developing options for developers to lever- age Entra ID for their applications. Microsoft provides the ability for developers to extend a company’s identity provider to users outside of the organization. The first option is known as Microsoft Entra External ID. This allows customers to sign in to applications using their social media accounts, such as a Facebook ID. A complementary technology—Entra ID B2B (Busi- ness to Business)—extends Entra ID to business partners.

This area of the AZ-104 exam is focused on the management of identities using Entra ID.

In the latter part of this chapter, you will also learn how to manage role-based access control (RBAC) for Azure resources, including the following topics:

  • Understand how RBAC works
  • Create a custom role assignment
  • Provide access to Azure resources using different roles
  • Interpret access assignment
  • Manage multiple directories

Finally, you will learn how to manage Azure subscriptions and other resources. This includes how to

  • Configure Azure Policy to ensure your Azure environment is governed in an effective

way while maintaining the agility of the cloud

  • Apply governance to Azure resource groups and their child resources through Azure Policy
  • Create and manage resource locks
  • Apply tags to Azure resources
  • Manage the lifecycle of the resources that reside in resource groups
  • Manage Azure subscriptions
  • Configure management groups
  • Govern cost management through quotas and resource tags

By understanding the controls that are available in Azure for subscription and resource management, you enable your organization for success across your Azure estate.

Skills covered in this chapter:

  • Skill 1.1: Manage Microsoft Entra users and groups
  • Skill 1.2: Manage access to Azure resources
  • Skill 1.3: Manage Azure subscriptions and governance